According to a complaint filed with the US Department of Justice.
The allegation, which dates back to 2017 and was made by a former mobile security official named Gary Miller, was leaked to federal authorities and US Congressman Ted Lieu, who said he conducted his own due diligence on the complaint and found it “very disturbing”.
Details of Miller’s allegation were later sent in a letter from Lieu to the Justice Department.
“The privacy implications for Americans and the national security implications for America of NSO Group’s access to mobile carrier signaling networks are sweeping and alarming,” Lieu wrote in his letter.
The letter was shared with the Guardian and other media partners of Project Pegasus, a media consortium led by Paris-based Forbidden Stories, which investigated NSO and published a series of articles on how governments around the world worldwide have used the company’s spyware to target activists, journalists and lawyers, among others.
NSO said it had nothing to do with the mobile security company.
The Guardian and its media partners have separately learned that NSO is the subject of an active criminal investigation by the Department of Justice, according to four people familiar with the investigation. The investigation, they say, is focused on allegations of unauthorized intrusions into networks and mobile devices.
A US citizen whose cellphone was hacked by a customer of the spyware maker – and who asked not to be identified – said he was questioned at length about the 2021 hacking incident by US authorities. Security researchers had discovered that the individual had been hacked while living outside the United States and using a non-US mobile phone number. The Justice Department also interviewed Mexican journalist Carmen Aristegui, whose iPhone was hacked using NSO technology, according to security researchers who analyzed her cellphone.
According to another person familiar with the criminal investigation, the Department of Justice has also been in contact with a company whose users were allegedly targeted by NSO clients using Pegasus spyware.