Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

US Puts New Controls on Israeli Spyware Company NSO Group

The Biden administration announced Wednesday it is putting new export limits on Israel’s NSO Group, the world’s most infamous hacker-for-hire company, saying its tools have been used to “conduct transnational repression.”

The Biden administration announced Wednesday it is putting new export limits on Israel’s NSO Group, the world’s most infamous hacker-for-hire company, saying its tools have been used to “conduct transnational repression.”

The company, whose spyware researchers say has been used around the world to break into the phones of human rights activists, journalists, and even members of the Catholic clergy, said it would advocate for a reversal.

The U.S. Commerce Department said NSO Group and three other firms are being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports. The department said putting these companies on the entity list was part of the Biden administration’s efforts to promote human rights in U.S. foreign policy.

“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad,” U.S. Secretary of Commerce Gina Raimondo said in a statement.

The announcement was another blow to NSO Group, which was the focus of reports by a media consortium earlier this year that found the company’s spyware tool Pegasus was used in several instances of successful or attempted phone hacks of business executives, human rights activists and others around the world.

Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone’s microphones and cameras. Researchers have found several examples of NSO Group tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction.

Tech giant Facebook is currently suing NSO Group in U.S. federal court for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with its spyware.

The company has broadly denied wrongdoing and issued a statement Wednesday saying its tools “support US national security interests and policies by preventing terrorism and crime.”

Advertisement. Scroll to continue reading.

“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based (on) the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products,” the company said.

The full impact of being put on the entity list is unclear. Kevin Wolf, a lawyer at the firm Akin Gump and former top Commerce official, said being placed on the entity list can have a broad impact on a company.

“Many companies choose to avoid doing business with listed entities completely in order to eliminate the risk of an inadvertent violation and the costs of conducting complex legal analyses,” he said.

In 2019 the Commerce Department placed Chinese tech giant Huawei, which U.S. defense and intelligence communities have long accused of being an untrustworthy agent of Beijing’s repressive rulers, on the entity list.

Stewart Baker, a cybersecurity lawyer and former general counsel at the National Security Agency, said it remains to be seen how big an impact Wednesday’s announcement will have on the NSO Group’s long-term health. He said the Commerce Department will have significant discretion in how it handles licensing requests related to the NSO Group, and could face pressure from U.S. exporters and the Israeli government.

“We could see a situation in which the sanction has been granted and it has a great symbolic significance and some practical significance for NSO, but certainly isn’t a death penalty and may over time just be really aggravating,” he said.

Another Israeli spyware company, was also added to the entity list. In July, Microsoft said it had blocked tools developed by Candiru that were used to spy on more than 100 people around the world, including politicians, human rights activists, journalists, academics and political dissidents.

A prominent Russian firm, Positive Technologies, and the Singapore-based Computer Security Initiative Consultancy were also placed on the list for trafficking in “cyber tools used to gain unauthorized access” to IT systems, the department said. The Treasury Department put sanctions on Positive Technologies, which has a broad international footprint and partnerships with such IT heavyweights as Microsoft and IBM, earlier this year.

RelatedIsrael Spyware Firm NSO Operates in Shadowy Cyber World

RelatedJournalists’ Phones Hacked via iMessage Zero-Day Exploit

Related: Spyware by Israel’s NSO Used Against Journalist: Amnesty

Related: Israel Court Rejects Amnesty Petition Against Spyware Firm NSO

Related: NSO Group: Israeli Firm Accused of Cyberespionage

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...