FBI finds itself at fault for violating White House policy on NSO Group

Officials, however, state that they were unaware since work was awarded to a contractor who used software from a blacklisted company.
Ameya Paleja
Stock image of an FBI detective investigating
Stock image of an FBI detective investigating

miodrag ignjatovic/iStock 

In an interesting turn of events, a several months-long investigation conducted by the Federal Bureau of Investigation (FBI) has found that the agency deviated from White House policy and used software from an Israel-based hacking firm, the NSO Group, The New York Times reported.

The investigation was prompted by a previous NYT report that came out in April this year that a contractor had purchased and deployed a tool from the NSO Group in the US. The company was blacklisted by the White House earlier this year after multiple reports of its Pegasus software being used to hack into the phones of journalists, human rights activists, and dissidents of governments in power.

During the blacklisting, the US government vowed not to allow the "proliferation of digital tools used for repression". As it now stands, an FBI contractor, Riva Networks, signed a deal for new software with NSO within a week of the White House making this policy change.

FBI in the dark

Per the FBI's investigation, the agency contracted Riva Networks to help track suspected drug smugglers and fugitives in Mexico. The agency gave the contractor several phone numbers to track since it was able to explore vulnerabilities in the country's cellphone networks.

Apparently, the FBI believed that Riva Networks used its own geolocation tool, but it has now become apparent that it used NSO Group's geolocation tool called Landmark. In 2021, when the White House added NSO Group to a Commerce Department blacklist, Riva Networks renewed its contract without informing the FBI.

The FBI has now stated that it did not access a device through the tool, nor did any data make its way back from the tool received by the FBI, as claimed by Riva Networks to the agency.

Although it is not unusual for federal agencies to use contractors to gain access to certain services, it does show how even the loosely these contracts are awarded, with agencies retaining no oversight on how the work gets done.

FBI finds itself at fault for violating White House policy on NSO Group
FBI says it wanted geolocation services to track drug smugglers in Mexico

FBI - Riva association goes back a long way

It is not that Riva Networks is a new contractor and hoodwinked the FBI on this one occasion. The company has also been contracted by the Defense Department, Drug Enforcement Administration, and the Air Force Research Laboratory.

With the FBI itself, the contractor played a role in purchasing the controversial Pegasus software. Between 2019 and 2021, the FBI tested the software at Riva's facilities in New Jersey, but then the agency decided against using it, the NYT report added.

The FBI had then used Cleopatra Holdings as a cover name for Riva Networks to facilitate the contract. Interestingly, the NYT investigation found that the name featured again when Riva renewed the Landmark contract. Also, Riva's CEO, Robin Gamble, used the pseudonym "William Malone" for the renewal, further raising suspicion about the intentions behind the act.

The blacklisting of NSO Group has also led to a proliferation of new companies in Israel that are now providing similar services, the NYT report added.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board