Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Fearing Misuse, Israel Tightens Supervision of Cyber Exports

Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.

Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.

The ministry said the countries purchasing Israeli cyber technology would have to sign a declaration pledging to use the products “for the investigation and prevention of terrorist acts and serious crimes only.”

It said countries that violate the terms of use could be subject to sanctions, “including limiting the cyber system and/or disconnecting it.”

The announcement made no mention of NSO. But it came just days after it was revealed that 11 U.S. State Department employees were hacked with NSO spyware. The employees were all located in Uganda and included some foreign service officers, said a person familiar with the matter, who was not authorized to speak publicly about an ongoing investigation.

It was the first known instance of NSO Group’s trademark Pegasus spyware being used against U.S. government personnel.

Last month, the U.S. Commerce Department blacklisted NSO, barring the company from using U.S. technology. The blacklisting has raised questions about NSO’s financial outlook and ability to survive, and the company has acknowledged that it is trying to reverse the decision.

Apple also sued NSO last week over its hacking of iPhones and other Apple products, calling the Israeli company “amoral 21st century mercenaries.” Facebook has filed a lawsuit over similar allegations that it intruded its popular WhatsApp messaging system.

Pegasus allows its operator to gain access to a target’s mobile phone, including contacts, text messages and real-time communications.

NSO says it sells its technologies to governments only to battle crime and terrorism and that it has strict safeguards to prevent abuse. Company officials have acknowledged cutting off several customers due to misuse.

However, human rights groups and outside researchers have said the company’s safeguards are insufficient. They say customers have abused Pegasus to keep tabs on journalists, human rights activists and political dissidents from Mexico to Saudi Arabia to the Israeli-occupied West Bank. Critics have also accused Israel of lax oversight over the digital surveillance industry.

NSO declined to comment on the Defense Ministry guidelines. Last week, however, it said it had immediately shut down customers “potentially relevant” to the Uganda case. It also vowed to take legal action against customers if a violation of their contract was found.

Israel has previously said that cyber exports are limited to fighting crime and terrorism. Under the new guidelines, the ministry said the definitions “have been sharpened, in order to avoid blurring boundaries in this context.”

“The updated statement states that terrorist acts are, among other things, acts that are intended to threaten a population and may result in death, injury, hostage-taking and more,” it said. It also said it was clarifying “the circumstances in which the operation of the cyber system is prohibited and explicitly clarifies the existence of the possibility of imposing sanctions in the event of a violation of the provisions.”

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox

Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Compliance

European privacy activists have filed complaints against Apple over its use of software to track the behavior of iPhone users.The Vienna-based group NOYB -...