Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

Fearing Misuse, Israel Tightens Supervision of Cyber Exports

Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.

Israel’s Defense Ministry on Monday announced that it was tightening supervision over cyber exports — a move that follows a series of scandals involving Israeli spyware company NSO Group.

The ministry said the countries purchasing Israeli cyber technology would have to sign a declaration pledging to use the products “for the investigation and prevention of terrorist acts and serious crimes only.”

It said countries that violate the terms of use could be subject to sanctions, “including limiting the cyber system and/or disconnecting it.”

The announcement made no mention of NSO. But it came just days after it was revealed that 11 U.S. State Department employees were hacked with NSO spyware. The employees were all located in Uganda and included some foreign service officers, said a person familiar with the matter, who was not authorized to speak publicly about an ongoing investigation.

It was the first known instance of NSO Group’s trademark Pegasus spyware being used against U.S. government personnel.

Last month, the U.S. Commerce Department blacklisted NSO, barring the company from using U.S. technology. The blacklisting has raised questions about NSO’s financial outlook and ability to survive, and the company has acknowledged that it is trying to reverse the decision.

Apple also sued NSO last week over its hacking of iPhones and other Apple products, calling the Israeli company “amoral 21st century mercenaries.” Facebook has filed a lawsuit over similar allegations that it intruded its popular WhatsApp messaging system.

Pegasus allows its operator to gain access to a target’s mobile phone, including contacts, text messages and real-time communications.

NSO says it sells its technologies to governments only to battle crime and terrorism and that it has strict safeguards to prevent abuse. Company officials have acknowledged cutting off several customers due to misuse.

However, human rights groups and outside researchers have said the company’s safeguards are insufficient. They say customers have abused Pegasus to keep tabs on journalists, human rights activists and political dissidents from Mexico to Saudi Arabia to the Israeli-occupied West Bank. Critics have also accused Israel of lax oversight over the digital surveillance industry.

NSO declined to comment on the Defense Ministry guidelines. Last week, however, it said it had immediately shut down customers “potentially relevant” to the Uganda case. It also vowed to take legal action against customers if a violation of their contract was found.

Israel has previously said that cyber exports are limited to fighting crime and terrorism. Under the new guidelines, the ministry said the definitions “have been sharpened, in order to avoid blurring boundaries in this context.”

“The updated statement states that terrorist acts are, among other things, acts that are intended to threaten a population and may result in death, injury, hostage-taking and more,” it said. It also said it was clarifying “the circumstances in which the operation of the cyber system is prohibited and explicitly clarifies the existence of the possibility of imposing sanctions in the event of a violation of the provisions.”

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox

Related: Apple Adds ‘BlastDoor’ to Secure iPhones From Zero-Click Attacks

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Cybercrime

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information.