Copy of a U.S. Federal Agency Disobeyed the White House and Purchased Banned NSO Group Spyware

Copy of a U.S. Federal Agency Disobeyed the White House and Purchased Banned NSO Group Spyware

In November of 2021, after years of ongoing scandals, the Biden administration formally blacklisted the NSO Group, a notorious spyware maker from Israel, shutting it off from American business and investment opportunities. But the New York Times now reports that not every part of the government was on the same page about that decision.

Just five days after the White House blacklisted the spyware firm, an unknown federal agency used a front company to procure one of NSO’s most creepy products — a geolocation tool known as “Landmark.” We still don’t know which part of the government pushed through that “secret contract,” but what we do know is this: it was acting in clear violation of the White House’s policy.

Anybody paying attention to the surveillance industry over the past several years knows that the NSO Group is a major source of drama. The seller of frighteningly powerful surveillance tools, the firm has — for years — been linked to shady clients (read: despotic regimes), which have frequently used its products to spy on journalists, political activists, and other vulnerable groups.

The government’s decision to blacklist NSO, which placed it on the U.S. Commerce Department’s “Entities List” (an official tally of foreign firms that have been deemed antithetical to U.S. interests), banned U.S. companies from doing business with the spyware vendor without acquiring a special licence from the government. The move was clearly designed to crush the company financially — cutting it off from vital software infrastructure and financing supplied by American companies. Since that time, the Biden administration has continued to take steps to curb the harmful impacts of the spyware industry writ large. Last week, the White House passed yet another executive order designed to further limit federal agencies ability to procure commercial spyware.

The “Secret Contract” Was Used to Track Targets in Mexico

All the nitty gritty details of the contract involving Landmark aren’t entirely clear, though some stark pieces of information are. Indeed, the Times reports that Landmark is a tool that allows NSO clients to quietly track the physical locations of specific mobile users without their knowledge. The 2021 agreement allowed the U.S. government to “test, evaluate, and even deploy the spyware against targets of its choice in Mexico.” Two sources interviewed by the Times also told the newspaper that the surveillance tool was used to make “thousands” of queries related to targets in Mexico. Frighteningly, the parameters of the contract also allowed for the targeting of mobile users within the United States, though there is no evidence that anything like that has taken place.

Why, exactly, was Mexico a target? The answer to that question — like a lot of the details of this arrangement — is unknown.

One thing is for sure: whoever purchased Landmark certainly made a concerted effort to cover their tracks. The Times report that this unknown government agency — whatever it was — entered into an agreement with a front company, dubbed “Cleopatra Holdings,” in order to negotiate a contract with Gideon Cyber Systems — a holding company owned by the private equity firm, Novalpina Capital. Novalpina is the primary owner of NSO, having purchased the spyware vendor back in 2019, in an effort to rehabilitate its image amidst ongoing scandals. The contract was signed by a person named “Bill Malone,” who was said to be the CEO of Cleopatra Holdings. In reality, “Cleopatra” was actually Riva Networks, a secretive government contractor based in New Jersey that has a long history of procuring services for federal agencies, the Times reports. “Malone,” meanwhile, was a pseudonym used by Riva’s CEO, Robin Gamble. The Times states that when its reporters visited the listed address for “Cleopatra Holdings,” they found an odd looking office and were greeted at the door by a person who told them that she’d “never heard of” the company in question.

Riva Networks has sold NSO’s surveillance tools to the U.S. government before. Prior to the Biden administration’s 2021 blacklisting order, the FBI purchased a variant of NSO’s infamous “Pegasus” spyware; Riva was involved with that deal and used the same front identity to help the bureau procure the malware, the Times reports.

White House Calls the Deal “Highly Concerning”

Somewhat comically, the White House seems to be claiming ignorance about the contract: “We are not aware of this contract, and any use of this product would be highly concerning,” an administration official told the Times.

That response begs the question: uh, what happened here? Did a federal agency go rogue with this particular purchase?

To be honest, that would be pretty par for the course in this department. The federal government has consistently proven itself to be of two minds about powerful cyber tools like Landmark and Pegasus: the executive branch, on the one hand, has consistently sought to acknowledge the dangers that such invasive products pose…whereas the national security community has often seemed to be champing at the bit to deploy them — knowing full well how useful an all-seeing surveillance tool can be.