By Joseph Menn and Jack Stubbs
(Reuters) - The FBI is investigating the role of Israeli spyware vendor NSO Group Technologies in possible hacks on American residents and companies as well as suspected intelligence gathering on governments, according to four people familiar with the inquiry.
The probe was underway by 2017, when Federal Bureau of Investigation officials were trying to learn whether NSO obtained from American hackers any of the code it needed to infect smartphones, said one person interviewed by the FBI then and again last year.
NSO said it sells its spy software and technical support exclusively to governments and that those tools are to be used in pursuing suspected terrorists and other criminals. NSO has long maintained that its products cannot target U.S. phone numbers, though some cybersecurity experts have disputed that.
The FBI conducted more interviews with technology industry experts after Facebook filed a lawsuit in October accusing NSO itself of exploiting a flaw in Facebook's WhatsApp messaging service to hack 1,400 users, according to two people who spoke with agents or Justice Department officials.
NSO said it was not aware of any inquiry.
"We have not been contacted by any U.S. law enforcement at all about any such matters," NSO said in a statement provided by Mercury Public Affairs strategy firm. NSO did not answer additional questions about its employees conduct but previously said government customers are the ones who do the hacking.
A spokeswoman for the FBI said the agency "adheres to DOJ's policy of neither confirming nor denying the existence of any investigation, so we wouldn't be able to provide any further comment."
Reuters could not determine which suspected hacking targets are the top concerns for investigators or what phase the probe is in. But the company is a focus, and a key issue is how involved it has been in specific hacks, the sources said.
Part of the FBI probe has been aimed at understanding NSO's business operations and the technical assistance it offers customers, according to two sources familiar with the inquiry.
Suppliers of hacking tools could be prosecuted under the Computer Fraud and Abuse Act (CFAA) or the Wiretap Act, if they had enough knowledge of or involvement in improper use, said James Baker, general counsel at the FBI until January 2018.
The CFAA criminalizes unauthorized access to a computer or computer network, and the Wiretap Act prohibits use of a tool to intercept calls, texts or emails.
NSO is known in the cybersecurity world for its "Pegasus" software other tools that can be delivered in several ways. The software can capture everything on a phone, including the plain text of encrypted messages, and commandeer it to record audio.
A business strategy firm retained on behalf of Amazon.com Inc Chief Executive Jeff Bezos, FTI Consulting, said this month that NSO could have supplied the software it said Saudi Arabia used to hack Bezos' iPhone.
The phone began sending out more data hours after it received a video from a WhatsApp account associated with Crown Prince Mohammed bin Salman, FTI said. Saudi Arabia called the FTI allegation "absurd," and NSO said it was not involved. Other security experts said the data was inconclusive.
The FBI is investigating and has met with Bezos, a member of his team told Reuters. A Bezos spokesman did not respond to a request for comment.
FBI leaders have indicated that they are taking a hard line on spyware vendors.
At a briefing at FBI Washington headquarters in November, a senior cybersecurity official said that if Americans were being hacked, investigators would not distinguish between criminals and security companies working on behalf of government clients.
"Whether you do that as a company or you do that as an individual, it's an illegal activity," the official said.
In the counterintelligence aspect of the probe, the FBI is trying to learn if any U.S. or allied government officials have been hacked with NSO tools and which nations were behind those attacks, according to a Western official briefed on the investigation.
Outside of government, journalists, human rights activists and dissidents in several countries have been victims of attacks using NSO spyware, according to the University of Toronto's Citizen Lab researchers.
In the past, NSO has denied involvement in some of those instances and declined to discuss others, citing client confidentiality requirements.
(Reporting by Joseph Menn in San Francisco and Jack Stubbs in London; additional reporting by Raphael Satter and Chris Bing in Washington; editing by Greg Mitchell and Grant McCool)