Skip to content

US Fed agency used a shell company to buy NSO spyware

  • by
  • 3 min read

The NSO Group has been the source of controversy for quite some time, with numerous governments throughout the world buying its spyware products to keep tabs on journalists, opposition leaders and just about anyone they deemed a threat. In November 2021, after years of scandals, the Biden administration blocklisted the company, shuttering its American business, but one sneaky federal agency found a workaround. 

The New York Times reports that just five days after Biden’s decision, an unknown US federal agency used a shell company to buy Landmark, NSO Group’s geolocation tool that can track the location of just about any cellphone globally without knowledge or consent of the victim. Dubbed the “secret contract” this was a deal finalised on November 8 2021 between a company acting as a front for the US government and the American affiliate for NSO. 

The contract was signed for the front company by a businessman using a fake name, violates the Biden administration’s public policy and worst of all, still appears to be active. It clearly states that the US government would be the end user of the tool without clarifying what government agency authorised the deal and is currently using the spyware tool. The contract also specifically allowed the US government to “test, evaluate and even deploy the spyware against targets of its choice in Mexico”. 

White House officials claimed that they don’t know anything about the contract, as per a senior administration official. As for the spokesmen for the White House and Office of the Directory of National Intelligence, requests for comments were denied. 

In the News: WD data breach leaves customers unable to access their data

A ‘concerning’ deal targeting Mexicans

While the White House may call the deal ‘concerning’, the truth of the matter is that its public efforts to wind down the commercial spyware industry seem to be failing. That said, whichever agency bought Landmark, sure did go through a lot of trouble to cover its tracks. 

The contract lays out the front company, called Cleopatra Holdings negotiating a contract with Gideon Cyber Systems, a holding company owned by private equity firm Novalpina Capital. Novalpina Capital purchased NSO back in 2019 intending to improve its reputation amidst ongoing scandals. However, the bigger goal behind the purchase was to increase business and start selling spyware to the US as well as its closest “Five Eyes” intelligence partners, namely Britain, Canada, Australia and New Zealand. 

Nonetheless, the contract between Cleopatra Holdings and Gideon Cyber Systems was signed by Bill Malone, the supposed CEO of Cleopatra Holdings. In reality, Cleopatra Holdings is Riva Networks, a secret government contractor based in New Jersey that has years of experience selling products and services to the Defense Department in addition to other government agencies. As for Bill Malone, “Malone” is a pseudonym used by Riva CEO Robin Gamble. 

As for targeting Mexicans, while the exact details of the contract haven’t been exposed, two sources interviewed by the New York Times pointed out that Landmark was used to make thousands of queries related to Mexican targets. The contract further allowed targeting mobile users in the United States, although there’s no evidence to suggest any Americans have been targeted yet. Why Mexicans? Much like a lot of other details from the contract, it’s unknown at the moment. 

In the News: Microsoft’s OneNote will now auto-block 120 file extensions

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here:

Exit mobile version