When The New York Times reported in April that a contractor had purchased and deployed a spying tool made by the NSO, the contentious Israeli hacking firm, for use by the US government, White House officials said they were unaware of the contract and put the FBI in charge of figuring out who might have been using the technology.
After an investigation, the FBI uncovered at least part of the answer: It was the FBI.
The deal for the surveillance tool between the contractor, Riva Networks, and NSO was completed in November 2021. Only days before, the Biden administration had put NSO on a Commerce Department blacklist, which effectively banned US firms from doing business with the company. For years, NSO’s spyware had been abused by governments around the world.
This particular tool, known as Landmark, allowed government officials to track people in Mexico without their knowledge or consent. The FBI now says that it used the tool unwittingly and that Riva Networks misled the bureau. Once the agency discovered in late April that Riva had used the spying tool on its behalf, Christopher A. Wray, the FBI director, terminated the contract, according to US officials.
But many questions remain. Why did the FBI hire this contractor — which the bureau had previously authorised to purchase a different NSO tool under a cover name — for sensitive information-gathering operations outside the US? And why was there apparently so little oversight?
It is also unclear which, if any, government agencies besides the FBI might have worked with Riva Networks to deploy the spying tool in Mexico. Two people with direct knowledge of the contract said cellphone numbers in Mexico were targeted throughout 2021, 2022 and into this year — far longer than the FBI says the tool was used.
Riva Networks and its chief executive, Robin Gamble, did not respond to several requests for comment on the FBI’s accusations. When a Times reporter went to an address the company lists in some public records, a person who answered said he had never heard of Gamble. He refused to provide his name before closing the door.
The FBI, according to several US officials, had hired the New Jersey-based Riva Networks to help track suspected drug smugglers and fugitives in Mexico because the company was able to exploit vulnerabilities in the country’s cellphone networks to covertly track mobile phones.
A senior FBI official said that in early 2021, the bureau gave Riva Networks several phone numbers in Mexico to target as part of its fugitive apprehension program. The official said that the bureau thought Riva Networks was using an in-house geolocation tool.
New York Times News Service