When the New York Times reported in April that a contractor had purchased and deployed a spying tool made by NSO, a controversial Israeli hacking firm, for use by the U.S. government, White House officials were unaware of the contract and told the FBI to find out who might have been using the technology. The FBI determined that the bureau itself was responsible. The deal for the surveillance tool between the contractor, Riva Networks, and NSO was completed in November 2021. The Biden administration had put NSO on a Commerce Department blacklist, which banned U.S. firms from doing business with the company. For years, NSO’s spyware had been abused by governments around the world. This tool, known as Landmark, allowed government officials to track people in Mexico without their knowledge or consent, the Times reports.

The FBI now says that it used the tool unwittingly and that Riva Networks misled the bureau. Once the agency discovered in late April that Riva had used the spying tool on its behalf, director Christopher Wray terminated the contract. Many questions remain. Why did the FBI hire this contractor — which the bureau had authorized to purchase a different NSO tool under a cover name — for sensitive information-gathering operations outside the U.S.? Why was there apparently so little oversight? It is also unclear which, if any, government agencies besides the FBI might have worked with Riva Networks to deploy the spying tool in Mexico. Two people with knowledge of the contract said cellphone numbers in Mexico were targeted throughout 2021, 2022 and into this year — far longer than the FBI says the tool was used. The episode illustrates how, as the White House tries to crack down on foreign spyware firms, NSO continued to find ways to profit from its tools.