Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.
The ministry said the countries purchasing Israeli cyber technology would have to sign a declaration pledging to use the products “for the investigation and prevention of terrorist acts and serious crimes only.”
It said countries that violate the terms of use could be subject to sanctions, “including limiting the cyber system and/or disconnecting it.”
The announcement made no mention of NSO. But it came just days after it was revealed that 11 U.S. State Department employees were hacked with NSO spyware. The employees were all located in Uganda and included some foreign service officers, said a person familiar with the matter, who was not authorized to speak publicly about an ongoing investigation.
It was the first known instance of NSO Group’s trademark Pegasus spyware being used against U.S. government personnel.
Last month, the U.S. Commerce Department blacklisted NSO, barring the company from using U.S. technology. The blacklisting has raised questions about NSO’s financial outlook and ability to survive, and the company has acknowledged that it is trying to reverse the decision.
Apple also sued NSO last week over its hacking of iPhones and other Apple products, calling the Israeli company “amoral 21st century mercenaries.” Facebook has filed a lawsuit over similar allegations that it intruded its popular WhatsApp messaging system.
Pegasus allows its operator to gain access to a target’s mobile phone, including contacts, text messages and real-time communications.
NSO says it sells its technologies to governments only to battle crime and terrorism and that it has strict safeguards to prevent abuse. Company officials have acknowledged cutting off several customers due to misuse.
However, human rights groups and outside researchers have said the company’s safeguards are insufficient. They say customers have abused Pegasus to keep tabs on journalists, human rights activists and political dissidents from Mexico to Saudi Arabia to the Israeli-occupied West Bank. Critics have also accused Israel of lax oversight over the digital surveillance industry.
NSO declined to comment on the Defense Ministry guidelines. Last week, however, it said it had immediately shut down customers “potentially relevant” to the Uganda case. It also vowed to take legal action against customers if a violation of their contract was found.
Israel has previously said that cyber exports are limited to fighting crime and terrorism. Under the new guidelines, the ministry said the definitions “have been sharpened, in order to avoid blurring boundaries in this context.”
“The updated statement states that terrorist acts are, among other things, acts that are intended to threaten a population and may result in death, injury, hostage-taking and more,” it said. It also said it was clarifying “the circumstances in which the operation of the cyber system is prohibited and explicitly clarifies the existence of the possibility of imposing sanctions in the event of a violation of the provisions.”
Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation
Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days
Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox
Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks
Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

More from Associated Press
- Russian Millionaire on Trial in Hack, Insider Trade Scheme
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- South Dakota’s Noem Says Cell Phone Number Hacked
- Learning to Lie: AI Tools Adept at Creating Disinformation
- Microsoft Invests Billions in ChatGPT-Maker OpenAI
- Mississippi Creates New Cyber Unit, Names 1st Director
- FBI Chief Says He’s ‘Deeply concerned’ by China’s AI Program
- Ransomware Shuts Hundreds of Yum Brands Restaurants in UK
Latest News
- Russian Millionaire on Trial in Hack, Insider Trade Scheme
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data
- Russia-Linked APT29 Uses New Malware in Embassy Attacks
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
