When The New York Times reported in April that a contractor had purchased and deployed a spying tool made by NSO, the contentious Israeli hacking firm, for use by the U.S. government, White House officials said they were unaware of the contract and put the F.B.I. in charge of figuring out who might have been using the technology.
After an investigation, the F.B.I. uncovered at least part of the answer: It was the F.B.I.
The deal for the surveillance tool between the contractor, Riva Networks, and NSO was completed in November 2021. Only days before, the Biden administration had put NSO on a Commerce Department blacklist, which effectively banned U.S. firms from doing business with the company. For years, NSO’s spyware had been abused by governments around the world.
This particular tool, known as Landmark, allowed government officials to track people in Mexico without their knowledge or consent.
The F.B.I. now says that it used the tool unwittingly and that Riva Networks misled the bureau. Once the agency discovered in late April that Riva had used the spying tool on its behalf, Christopher A. Wray, the F.B.I. director, terminated the contract, according to U.S. officials.
But many questions remain. Why did the F.B.I. hire this contractor — which the bureau had previously authorized to purchase a different NSO tool under a cover name — for sensitive information-gathering operations outside the United States? And why was there apparently so little oversight?
It is also unclear which, if any, government agencies besides the F.B.I. might have worked with Riva Networks to deploy the spying tool in Mexico. Two people with direct knowledge of the contract said cellphone numbers in Mexico were targeted throughout 2021, 2022 and into this year — far longer than the F.B.I. says the tool was used.
The episode further illustrates how, even as the White House tries to crack down on foreign spyware firms, NSO continued to find ways to make money off its tools.
Riva Networks and its chief executive, Robin Gamble, did not respond to several requests for comment on the F.B.I.’s accusations. When a Times reporter went to an address the company lists in some public records, a person who answered said he had never heard of Mr. Gamble. He refused to provide his name before closing the door.
The F.B.I., according to several U.S. officials, had hired the New Jersey-based Riva Networks to help track suspected drug smugglers and fugitives in Mexico because the company was able to exploit vulnerabilities in the country’s cellphone networks to covertly track mobile phones.
A senior F.B.I. official said that in early 2021, the bureau gave Riva Networks several phone numbers in Mexico to target as part of its fugitive apprehension program. The official, who like others in this article spoke on the condition of anonymity to discuss sensitive details, said that the bureau thought Riva Networks was using an in-house geolocation tool.
In the investigation that the F.B.I….
2023-07-31 02:00:29
Post from www.nytimes.com