Earlier this year, the New York Times reported that an unknown federal agency had breached official White House policy and used secretive methods to conduct a business deal with the NSO Group, a blacklisted spyware vendor known for selling powerful surveillance tools. The agency in question not only brazenly disobeyed the government’s official policy, but had also used a front company to facilitate the deal, suggesting that it knew what was happening was not exactly kosher.
After the Times’ story was published, the FBI was ordered by the Biden administration to investigate. Now, several months later, the bureau’s investigation is complete, and it turns out that the agency that disobeyed the White House and purchased the creepy NSO tool was…the FBI.
Yes, the New York Times now reports that the bureau has admitted that it was the mystery agency at the center of the controversy several months back. However, America’s top law enforcement agency is also trying to explain away its involvement, claiming that it was somehow duped into the deal without any knowledge of what was going on.
For years, the NSO Group has been tied to spying scandals all over the world. In November of 2021, the company was blacklisted by the U.S. government and placed on the Commerce Department’s Entity List, a roster of foreign firms that have been deemed as working contrary to American interests. Being placed on this list effectively ends most investment opportunities involving U.S. businesses or government agencies. The government officially announced that NSO’s blacklisting was part of “the Biden-Harris administration’s efforts to… stem the proliferation of digital tools used for repression.”
However, five days after the White House announced this policy change, a secretive federal contractor called Riva Networks finalized a deal with NSO to acquire a geolocation tool known as “Landmark.” The tool was supposed to help federal law enforcement triangulate the locations of specific mobile users. Riva had previously worked with the FBI to acquire a spying cool called “Phantom” that could reportedly hack any phone in the U.S. (At the time of this prior deal, the Times reported that the bureau had been considering using “Phantom” for domestic spying but the FBI claimed it was just doing “counterintelligence” work on foreign surveillance tools.) In the contracts for both deals, the FBI used a cover name for Riva, dubbed “Cleopatra Holdings,” while Riva’s CEO, Robin Gamble, used a pseudonym, going by “William Malone.”
If all this cloak and dagger stuff would seem to suggest that the FBI knew what it was doing, bureau officials are now saying that they were somehow tricked by Riva into the “Landmark” deal and that the tool was used on its behalf without them knowing about it. Indeed, the government claims that the tool was used by the U.S. “unwittingly” and that Riva “misled the bureau,” goading them into believing it was an “in-house” tool rather than NSO’s product. Somewhat comically, the FBI also seems to be claiming that it did not find out that Riva had procured the NSO tool until it read about it in the New York Times back in April. After the agency discovered that Riva was using “the spying tool on its behalf,” the contract with the company was terminated by FBI Director Christopher Wray, U.S. officials recently told the newspaper.
Why was the FBI interested in geolocation at all? According to FBI officials who spoke with the Times, they were looking for “fugitives.” They also claim that the government merely gave Riva phone numbers to chase down and that the contractor did all the actual NSO-aided spying itself. A statement provided to the newspaper reads partially:
“As part of our mission, the FBI is tasked with locating fugitives around the world who are charged in U.S. courts, including for violent crimes and drug trafficking. To accomplish this, the FBI regularly contracts with companies who can provide technological assistance to locate these fugitives who are hiding abroad…The FBI has not employed foreign commercial spyware in these or any other operational endeavors. This geolocation tool did not provide the FBI access to an actual device, phone or computer. We will continue to lawfully utilize authorized tools to protect Americans and bring criminals to justice.”
Even if the FBI’s story is to be believed, it still leaves a whole lot of questions. Why is it that the bureau was so unaware of what was happening with this particular deal? Why would Riva Networks blatantly mislead the government as it is alleged? Is it typical for the FBI to farm out surveillance work to contractors like this? You’d think that America’s top police agency would be a little bit more on top of its own operations than this.