US President Joe Biden issued an executive order forbidding the federal government from employing commercial spyware that threatens national security, such as the NSO's Pegasus. However, in a report written by the New York Times (NYT), it was revealed that among the walls of the White House, there are still present ties to the NSO and that the deal between a business that has served as a front for the US government and the American branch of a notorious Israeli hacking firm was completed.

The Israeli firm, NSO Group, reportedly provided the US government with access to one of its most potent weapons under the terms of the agreement, a geolocation tool that can secretly monitor mobile phones around the world without the owner's knowledge or permission, according to NYT. 

NSO hacking tools have been used for years by governments all over the world to spy on political dissidents, human rights activists, and journalists. Only five days earlier, the Biden administration had announced it was taking action against NSO.

NSO was declared a national security danger by the White House, and the Commerce Department was informed to stop doing business with it. As a result, NSO was added to the US blacklist in 2021.

The secret contract, which the NYT disclosed is still in effect, is against the public policy of the Biden administration. The "United States government," according to the contract, would be the tool's final user, but it is not clear which government agency approved the deal and may be using the spyware. The administration has explicitly given permission to evaluate, test, and even use the spyware against targets of its choosing in Mexico.

Read next: US government’s purchase, use of Israeli spyware to be investigated

When asked about the contract, White House officials said it was news to them. “We are not aware of this contract, and any use of this product would be highly concerning,” said a senior administration official, responding on the basis of anonymity to address a national security issue.

The undisclosed agreement sheds more light on the ongoing struggle among and within countries, including the US, for control of potent cyberweapons, according to the  NYT. 

Governments now have the ability to conduct invasive, targeted monitoring in ways that weren't possible before the invention of the tools. This power has resulted in abuses and breaches of privacy. 

President Biden issued an administrative order last week to restrict the use of commercial spyware by the government. It forbids federal departments and agencies from using hacking tools that could be misused by foreign governments, could be used to target Americans abroad, or could be installed on networks used by the US government and face security risks.

Only spyware from commercial sources was covered by the order; American intelligence organizations' own tools, which have comparable internal capabilities, were not.

According to the NYT, some agencies were attracted to the potency of these cyberweapons even before the latest contract was made public, despite the Biden administration's attempts to put an end to NSO's operations.

Related News

Iraq’s PMF law seen as test of sovereignty amid US objections

Notorious Palantir lands record $10bln contract with the US Army

A subsequent Times investigation 

The FBI used an American company, designated as "Cleopatra Holdings," but is actually a small New Jersey-based government contractor named Riva Networks, for the covert November 2021 contract, according to the New York Times. The 2021 deal and at least one other contract that Riva carried out on behalf of the FBI were both signed by the company's chief executive under a fake name.

The 2021 contract was for the same NSO tool that a Crown Prince Mohammed bin Salman of Saudi Arabia advisor once used as part of a harsh campaign against what he believed to be threats to the country.

According to internal department records, L3Harris (US Aerospace and defense company) executives spoke with Commerce Department representatives about the potential deal, despite the fact that NSO was on the blacklist. A draft agreement was in place to finalize it before the White House publicly objected and L3Harris abandoned its plans.

FBI buys Pegasus license

NSO was already making inroads into the US government market during the Trump presidency, and in 2019 the FBI bought a license for Pegasus. The bureau had two objectives: first, it wanted to examine the spyware to see how potential enemies might employ it, and second, it wanted to test Pegasus in case it could be used for its own operations inside the US.

The FBI used Riva Networks to make the acquisition, but it did so under the guise of "Cleopatra Holdings," according to the NYT investigation. Public documents indicate that Riva has a long history of doing business with the Defense Department and other government organizations.

In a 2018 letter to the Israeli occupation government, the Justice Department authorized “Cleopatra Holdings” to purchase Pegasus on behalf of the FBI, according to a reviewed copy of the letter obtained by NYT.

Who is the mysterious contractor? 

Under the terms of the agreement with Gideon, US government representatives had access to a unique NSO portal where they could enter mobile phone numbers, allowing the geolocation tool to determine the precise location of the phone at that precise time without the knowledge or consent of the phone user. 

The contract for November 2021 was signed by "Bill Malone," who was named as the CEO of Cleopatra Holdings. According to two people acquainted with the relationship between Riva and Cleopatra, Robin Gamble, the CEO of Riva Networks, actually signed the contract, according to NYT. 

The NYT investigation revealed the address for Cleopatra Holdings, identified in the 2018 Justice Department letter to the Israeli occupation government, the office had signs near the door saying it was monitored by 24-hour surveillance, and the lobby displayed an American flag on a stand and a framed certificate from a military special operations unit.

There were no signs for Cleopatra Holdings, and according to NYT, the person who answered the door said she had never heard of the firm, but asked for the reporter’s business card.

Moreover, an address for Riva Networks listed in a public database appears to be a residential home in a suburban New Jersey neighborhood. Nobody answered when a reporter knocked on the door.

Done deal 

The then Israeli prime minister at the time, Naftali Bennett, decided to support NSO’s sale to L3Harris, but on the condition that NSO would be free to sell its products to Israeli intelligence agencies.

However, there was already stiff opposition inside the White House to the L3Harris deal, according to NYT. White House officials publicly expressed their opposition to the acquisition after learning about it from Intelligence Online and vowed to fight any sale of NSO to a military contractor with a national security clearance. The Deal with L3Harris was off.

For ongoing access to Landmark, Cleopatra Holdings continues to pay Gideon Cyber Solutions on a monthly basis.