In April, The New York Times reported that a contractor had purchased and deployed a spying tool created by Israeli hacking firm NSO on behalf of the U.S. government. The White House claimed to be unaware of the contract and put the FBI in charge of investigating. The FBI discovered that it was, in fact, the agency that had been using the tool, known as Landmark, to track people in Mexico without their knowledge or consent. The FBI claims it unknowingly used the tool and that the contractor, Riva Networks, misled them. The bureau terminated the contract after learning of Riva’s use of the tool. Many questions remain, such as why the FBI hired Riva Networks for sensitive information-gathering operations and why there was a lack of oversight.
It is also unclear if any other government agencies besides the FBI worked with Riva Networks to deploy the spying tool in Mexico. The FBI had previously authorized Riva Networks to purchase a different NSO tool under a cover name. According to two individuals with direct knowledge of the contract, cellphone numbers in Mexico were targeted for tracking throughout 2021, 2022, and into this year, longer than the FBI claims the tool was used.
This incident highlights how NSO continued to profit from its tools despite the White House’s attempts to crack down on foreign spyware firms. Riva Networks and its CEO, Robin Gamble, have not responded to requests for comment on the FBI’s accusations.
The FBI had hired Riva Networks to help track suspected drug smugglers and fugitives in Mexico due to the company’s ability to exploit vulnerabilities in the country’s cellphone networks. The FBI believed Riva was using an in-house geolocation tool but later discovered they were using NSO’s Landmark tool without informing the bureau. Riva renewed its contract with NSO in November 2021 without informing the FBI. The bureau informed its contractors, including Riva, that they were not allowed to use NSO products in 2021. The FBI claims no data from Landmark was obtained by the agency.
The Biden administration blacklisted NSO after its primary hacking tool, Pegasus, was used by authoritarian governments and democracies to spy on journalists, human rights activists, and political dissidents. It is unclear if penalties will be imposed on Riva Networks for its involvement with NSO.
Riva Networks has had lucrative contracts with government agencies, including the Defense Department, the FBI, and the Drug Enforcement Administration. The FBI used Riva Networks to purchase Pegasus in the past. The testing for Pegasus took place at Riva’s facility in New Jersey, but it is currently inactive as the FBI did not renew its software license.
Landmark, unlike Pegasus, tracks the location of individuals based on their cellphone’s communication with cell towers. It has been used by Saudi Arabia’s crown prince to track dissidents and has been linked to the killing of journalist Jamal Khashoggi in 2018.
Despite the growing awareness of the dangers of commercial spyware, new firms, often employing former NSO employees, are filling the void left by NSO’s blacklisting. The proliferation of these tools continues, even as governments attempt to rein in their abuses. Microsoft and Citizen Lab recently conducted an investigation linking malware to these firms.