NSO Spyware Is On US Trade Blacklist

The US Department of Commerce has recently blacklisted two Israeli phone spyware companies, NSO Group and Candiru, adding them to the list of foreign companies that engage in malicious cyber activities. The ban is the biggest step taken by the US so far  to curb abuses in the global market for spyware, which is for all practical purposes, is unregulated. 

The move by the Commerce Department was driven by NSO’s export around the world of a sophisticated surveillance system known as Pegasus, which can be remotely implanted in smartphones.

NSO Group and the lesser-known Candiru, considered its competitor in the cyber-surveillance market, were accused of providing spyware software to governments that was ultimately turned on journalists and activists.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” US Secretary of Commerce Gina M. Raimondo said in a statement.“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organisations here and abroad.”

Pegasus military-grade spyware developed and sold by Israel's NSO Group has emerged as a formidable cyber weapon, used by some of its more autocratic customers in the Middle East to target a wide range of people, not just criminals and terrorists. Pegasus has reportedly been used by nation states including UAE, Morocco and Saudi Arabia to target the phones of rights activists and journalists.

NSO Group said it was "dismayed" by the decision, adding that its technology helped maintain US national security by "preventing terrorism and crime". It has long maintained that its software is sold only to military, law enforcement and intelligence agencies from countries with good human rights records. "We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based on the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," the company said in a statement.

US officials said that NSO Group and another Israeli firm, Candiru, had acted "contrary to the national security or foreign policy interests of the United States".

Positive Technologies of Russia, and Computer Security Initiative Consultancy from Singapore, were also listed and the Department of Commerce said they trafficked in cyber tools used to gain unauthorised access to computer networks.

Details about the alleged use of Pegasus by NSO Group clients to target British citizens came to light in July after journalists working with cyber security campaigners, including Amnesty International, obtained a leaked database of 50,000 phone numbers selected by NSO Group clients. 

The numbers were linked to phones used by politicians, human rights defenders and journalists and forensic analysis of some of the devices found evidence that Pegasus software had been installed on them.

Haaretz:    LiveMint:     BBC:     FT:    Times of Israel:     Middle East Eye:     Middle East Eye:     NYT

You Might Also Read: 

Top Secret Israeli Hackers For Hire:

 

« Wanted: Pipeline Hackers - $10m Reward
Artificial Intelligence & The Technology Effects On Accounting »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

QA Systems

QA Systems

QA Systems provides software testing solutions for safety and business critical sectors and software safety and security standards.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Crashtest Security

Crashtest Security

Crashtest Security is a cyber security company that helps digital companies to continuously create secure software with the help of automated vulnerability assessments.

Industrial Internet Consortium (IIC)

Industrial Internet Consortium (IIC)

The Industrial Internet Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Bridgecrew

Bridgecrew

Secure public cloud infrastructure. Our platform automates security engineering, allowing teams to automatically fix configuration errors in AWS, CloudFormation and Terraform.

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

Deduce

Deduce

Deduce use a combination of aggregate historical user data, identity risk intelligence, and proactive alerting to deliver a robust identity and authentication solution.

ISMAC

ISMAC

ISMAC was founded to create a security solution that would work for smaller to medium as well as bigger corporations at an affordable price.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.