FBI “Unknowingly” Used Controversial Spyware Tool in Mexico, Exposing Oversight and Security Gaps

Edited by: TJVNews.com

A recent revelation by New York Times reporters Ronen Bergman, Mark Mazzetti, and Adam Goldman has shed light on a concerning incident involving the Federal Bureau of Investigation  and the use of spyware in Mexico. The Times reporters disclosed that the FBI unknowingly deployed a surveillance tool, known as Landmark, developed by NSO, an  Israeli hacking firm, for tracking people in Mexico without their knowledge or consent. The discovery raises questions about oversight, accountability, and the extent of government involvement with NSO and its tools, despite the Biden administration’s efforts to curb foreign spyware firms, the NYT report said.

The NYT report indicates that a New Jersey based contractor named Riva Networks purchased and deployed the NSO-made spying tool for the U.S. government’s use. Curiously, the White House officials claimed they were unaware of the contract and assigned the FBI to investigate who might be using the technology. Shockingly, the FBI’s own investigation found that it was, in fact, the FBI itself that had used the tool unwittingly.

The deal between Riva Networks and NSO was finalized in November 2021, just days before the Biden administration blacklisted NSO, prohibiting U.S. firms from doing business with the company due to years of misuse of their spyware known as Pegasus by governments around the world, as was reported by the NYT. The fact that Riva Networks continued to utilize the tool in Mexico even after the FBI explicitly banned the use of NSO products raises concerns about accountability within the agency.

The FBI hired Riva Networks to help track suspected drug smugglers and fugitives in Mexico. The agency believed that Riva Networks was using an in-house geolocation tool for the task. However, the NYT report said it was later discovered that Riva had started using Landmark at some point in 2021 without informing the FBI about the switch. Unlike Pegasus, Landmark does not penetrate and extract data from cellphones. Instead, it tracks the location of individual people based on which cell tower their phone is communicating with, the report said. Tracking a single person can result in hundreds or thousands of individual Landmark queries, or attempts to determine location at any given time.

The revelation raises concerns about the lack of oversight and accountability within the FBI’s operations. The agency had previously authorized Riva Networks to purchase a different NSO tool under a cover name, Cleopatra Holdings, according to the NYT report. The use of pseudonyms by both  Riva’s CEO, Robin Gamble, and NSO for the contract only adds to the suspicion surrounding the entire arrangement.

That name was also used in the November 2021 contract between Riva Networks and NSO for the purchase of Landmark, according to a copy reviewed by The Times.

Gamble, Riva’s chief executive, even signed the contract for Landmark under a pseudonym, William Malone, according to those people, the NYT reported.

In 2017, Saud al-Qahtani, a senior adviser to Saudi Arabia’s crown prince, used Landmark to track dissidents as part of the kingdom’s brutal campaign to crack down on its perceived enemies, the NYT report said. Qahtani has also been identified as the person who orchestrated the killing of the Washington Post columnist Jamal Khashoggi in 2018.

“As part of our mission, the F.B.I. is tasked with locating fugitives around the world who are charged in U.S. courts, including for violent crimes and drug trafficking,” the agency said in a statement, as was reported by the NYT. “To accomplish this, the F.B.I. regularly contracts with companies who can provide technological assistance to locate these fugitives who are hiding abroad.”

The statement added: “The F.B.I. has not employed foreign commercial spyware in these or any other operational endeavors. This geolocation tool did not provide the F.B.I. access to an actual device, phone or computer. We will continue to lawfully utilize authorized tools to protect Americans and bring criminals to justice.”

According to sources, cellphone numbers in Mexico were targeted by the spying tool throughout 2021, 2022, and into the current year, extending far beyond the period when the FBI claims to have used the tool, according to the NYT report. This discrepancy raises questions about which other government agencies might have been involved with Riva Networks in deploying the tool.

The White House’s executive order restricted federal agencies from using spying tools made by some foreign hacking companies, including NSO’s Landmark. However, U.S. officials argue that government use of geolocation tools, in general, does not violate the order, further adding to the confusion and ambiguity surrounding the situation.

The NYT report said that the paper has filed suit against the FBI under the Freedom of Information Act for documents related to the bureau’s purchase of NSO tools and has also sought documents about the bureau’s relationship with Riva Networks. In a court filing this week, government lawyers argued that the FBI should not have to turn over information about Riva Networks because “the vendors at issue either already do, or may in the future, offer other products that are or can be used for investigative purposes,” as was reported by the NYT.

Government databases show that Riva Networks has had numerous lucrative contracts with government agencies, including the Defense Department, the FBI and the Drug Enforcement Administration. The NYT report said that as recently as October, the company was awarded a contract for work with the Air Force Research Laboratory.

Marc DeNofio, a spokesman for the laboratory, said the work had largely been completed, but “Riva is still active as there are still some support hours remaining on their effort,” as was reported by the NYT.

The FBI’s relationship with the company also goes back several years. In fact, the bureau used Riva Networks to purchase Pegasus, which penetrates phones and extracts their contents without users’ knowledge. The NYT report add that the bureau paid more than $5 million to test the spyware from 2019 to 2021, and officials discussed using it as part of their investigations before ultimately deciding against it.

The episode exposes the challenges faced by governments in cracking down on the proliferation of commercial spyware. The NYT report said that despite efforts to address the misuse of such tools, new firms with ties to Israeli cyberintelligence veterans have stepped in to fill the void left by NSO’s blacklisting.

NSO Group is an Israeli technology firm known for developing and selling advanced spyware and surveillance tools to governments and law enforcement agencies around the world. The company was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio and is based in Herzliya, Israel. NSO’s most notorious product is called Pegasus, which is a highly sophisticated and invasive spyware tool.

Pegasus is classified as a “zero-click” spyware, meaning it can infect a target’s device without any interaction or action required from the user. Once installed on a target’s smartphone, Pegasus can gain near-total control over the device, allowing it to access messages, emails, calls, photos, and even activate the camera and microphone for real-time surveillance. It can also collect data from various popular apps like WhatsApp, Facebook, and more. The level of access and control provided by Pegasus is unprecedented and raises serious concerns about privacy and human rights.

The spyware is usually delivered to the target’s device through malicious links or messages, exploiting vulnerabilities in the device’s operating system. The targets are often journalists, human rights activists, political dissidents, government officials, and other individuals considered potential threats by certain governments. Pegasus has been used by authoritarian regimes to target and surveil journalists and dissidents, leading to accusations of human rights abuses.

Over the years, NSO has faced numerous allegations and controversies related to the misuse of its spyware. There have been reports of Pegasus being used to target journalists, activists, lawyers, and even government officials in various countries. The spyware has been implicated in cases of surveillance and harassment of individuals critical of certain governments, raising serious concerns about its ethical use.

In response to these controversies, NSO has claimed that its products are intended to be used only for legitimate law enforcement and intelligence purposes, such as combating terrorism and criminal activities. The company asserts that it conducts thorough due diligence before selling its products to governments and maintains strict compliance with export control regulations.

However, critics argue that NSO’s lack of transparency and the secretive nature of its business make it difficult to hold the company accountable for the potential misuse of its tools. Human rights organizations and advocacy groups have called for stricter regulations and oversight of the spyware industry to prevent abuse and protect individuals’ privacy and freedom of expression.

In response to the growing concerns, some countries and organizations have taken legal action against NSO. For example, in 2019, WhatsApp filed a lawsuit against NSO Group, alleging that Pegasus was used to target the messaging app’s users. The lawsuit accused NSO of violating U.S. and international laws, including the Computer Fraud and Abuse Act and the U.S. Wiretap Act.

Despite the controversies and legal challenges, NSO continues to operate and provide its spyware to governments worldwide. The ongoing debate about the ethical use of surveillance technologies and the need for stronger regulations in this field highlights the complex issues surrounding privacy, security, and human rights in the digital age.