Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Fearing Misuse, Israel Tightens Supervision of Cyber Exports

Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.

Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.

The ministry said the countries purchasing Israeli cyber technology would have to sign a declaration pledging to use the products “for the investigation and prevention of terrorist acts and serious crimes only.”

It said countries that violate the terms of use could be subject to sanctions, “including limiting the cyber system and/or disconnecting it.”

The announcement made no mention of NSO. But it came just days after it was revealed that 11 U.S. State Department employees were hacked with NSO spyware. The employees were all located in Uganda and included some foreign service officers, said a person familiar with the matter, who was not authorized to speak publicly about an ongoing investigation.

It was the first known instance of NSO Group’s trademark Pegasus spyware being used against U.S. government personnel.

Last month, the U.S. Commerce Department blacklisted NSO, barring the company from using U.S. technology. The blacklisting has raised questions about NSO’s financial outlook and ability to survive, and the company has acknowledged that it is trying to reverse the decision.

Apple also sued NSO last week over its hacking of iPhones and other Apple products, calling the Israeli company “amoral 21st century mercenaries.” Facebook has filed a lawsuit over similar allegations that it intruded its popular WhatsApp messaging system.

Pegasus allows its operator to gain access to a target’s mobile phone, including contacts, text messages and real-time communications.

Advertisement. Scroll to continue reading.

NSO says it sells its technologies to governments only to battle crime and terrorism and that it has strict safeguards to prevent abuse. Company officials have acknowledged cutting off several customers due to misuse.

However, human rights groups and outside researchers have said the company’s safeguards are insufficient. They say customers have abused Pegasus to keep tabs on journalists, human rights activists and political dissidents from Mexico to Saudi Arabia to the Israeli-occupied West Bank. Critics have also accused Israel of lax oversight over the digital surveillance industry.

NSO declined to comment on the Defense Ministry guidelines. Last week, however, it said it had immediately shut down customers “potentially relevant” to the Uganda case. It also vowed to take legal action against customers if a violation of their contract was found.

Israel has previously said that cyber exports are limited to fighting crime and terrorism. Under the new guidelines, the ministry said the definitions “have been sharpened, in order to avoid blurring boundaries in this context.”

“The updated statement states that terrorist acts are, among other things, acts that are intended to threaten a population and may result in death, injury, hostage-taking and more,” it said. It also said it was clarifying “the circumstances in which the operation of the cyber system is prohibited and explicitly clarifies the existence of the possibility of imposing sanctions in the event of a violation of the provisions.”

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox

Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...