Unknown Government Agency Disobeyed White House, Using Front Company to Purchase Banned Spyware
In November of 2021, after years of ongoing scandals, the Biden administration formally blacklisted the NSO Group, a notorious spyware maker from Israel, shutting it off from American businesses and investment opportunities. But the New York Times now reports that not every part of the government was on the same page about that decision.
Indeed, just five days after the White House banned unauthorized business transactions with NSO, an unknown federal agency used a front company to procure one of firm’s most creepy products—a geolocation tool known as “Landmark.” We still don’t know which part of the government pushed through that “secret contract,” but what we do know is this: it was acting in clear violation of the White House’s policy.
Read more
These Winning Close-Up Photos Show Life That's Often Overlooked
Remembering Enterprise: The Test Shuttle That Never Flew to Space
Anybody paying close attention to the surveillance industry over the past several years knows that NSO is a major source of drama. The seller of frighteningly powerful surveillance tools, the firm has—for years—been linked to shady clients (read: despotic regimes), which have frequently used its products to spy on journalists, political activists, and other vulnerable groups.
The government’s decision to blacklist NSO in 2021 marked the beginning of a broader push by the Biden administration to rein in the excesses of the commercial spyware industry. The blacklist placed NSO on the U.S. Commerce Department’s “Entities List”—an official tally of foreign firms that have been deemed as working contrary to U.S. interests. Getting put on that list means U.S. companies can’t do business with you unless they first acquire a special license from the government. The move was clearly designed to crush NSO financially—cutting it off from vital funding and support supplied by American firms. Since that time, the White House has only continued to go after the spyware industry writ large—passing a slew of regulatory reforms, including another executive order last week, all of which have sought to curb the harmful behavior of the industry’s worst offenders.
The White House’s very public efforts at reform make the revelation that an unknown federal agency procured NSO’s tool all the more bizarre.
The “Secret Contract” Was Used to Track Targets in Mexico
While the nitty gritty details of the contract in question haven’t been spelled out entirely, there’s enough information to paint a broad picture of highly suspicious behavior on the part of...someone. As the Times notes, Landmark is a tool that allows NSO clients to quietly track the physical locations of specific mobile users without their knowledge. Previous reporting has shown that the tool takes advantage of SS7, a telecom protocol that is known to have longstanding security deficiencies. The 2021 agreement involving the tool apparently allowed the U.S. government to “test, evaluate, and even deploy the spyware against targets of its choice in Mexico,” and two sources interviewed by the Times also said that the surveillance product was used to make “thousands” of queries related to targets in Mexico. Frighteningly, the parameters of the contract also allowed for the targeting of mobile users within the United States, though there is no evidence that anything like that has taken place, the Times writes.
Why, exactly, was Mexico a target? The answers to that question—like a lot of the details of this arrangement—is unknown.
One thing is for sure: whoever purchased Landmark certainly made a concerted effort to cover their tracks. The Times report that this unknown government agency—whatever it was—entered into an agreement with a front company, dubbed “Cleopatra Holdings,” in order to negotiate a contract with Gideon Cyber Systems—a holding company owned by the private equity firm, Novalpina Capital. Novalpina is the primary owner of NSO, having purchased the spyware vendor back in 2019, in an effort to rehabilitate its image amidst ongoing scandals. The contract was signed by a person named “Bill Malone,” who was said to be the CEO of Cleopatra Holdings. In reality, “Cleopatra” was actually Riva Networks, a secretive government contractor based in New Jersey that has a long history of procuring services for federal agencies, the Times reports. “Malone,” meanwhile, was a pseudonym used by Riva’s CEO, Robin Gamble. The Times states that when its reporters visited the listed address for “Cleopatra Holdings,” they found an odd looking office and were greeted at the door by a person who told them that she’d “never heard of” the company in question.
Riva Networks has sold NSO’s surveillance tools to the U.S. government before. Prior to the Biden administration’s 2021 blacklisting order, the FBI purchased a variant of NSO’s infamous “Pegasus” spyware; Riva was involved with that deal and used the same front identity to help the bureau procure the malware, the Times reports.
White House Calls the Deal “Highly Concerning”
Somewhat comically, the White House seems to be claiming ignorance about the contract: “We are not aware of this contract, and any use of this product would be highly concerning,” an administration official told the Times.
That response begs the question: uh, what happened here? Did a federal agency go rogue with this particular purchase?
To be honest, that would be pretty par for the course. The federal government has consistently proven itself to be of two minds about powerful cyber tools like Landmark and Pegasus: the executive branch, on the one hand, has consistently sought to acknowledge the dangers that such products pose...whereas the national security community has often seemed to be champing at the bit to deploy them—knowing full well how useful they can be.
Which of those perspectives is going to win out in the long term? I guess we’ll have to wait to find out.
More from Gizmodo
Sign up for Gizmodo's Newsletter. For the latest news, Facebook, Twitter and Instagram.
