NSO Spyware Is On US Trade Blacklist

Uploaded on 2021-11-06 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The US Department of Commerce has recently blacklisted two Israeli phone spyware companies, NSO Group and Candiru, adding them to the list of foreign companies that engage in malicious cyber activities. The ban is the biggest step taken by the US so far  to curb abuses in the global market for spyware, which is for all practical purposes, is unregulated. 

The move by the Commerce Department was driven by NSO’s export around the world of a sophisticated surveillance system known as Pegasus, which can be remotely implanted in smartphones.

NSO Group and the lesser-known Candiru, considered its competitor in the cyber-surveillance market, were accused of providing spyware software to governments that was ultimately turned on journalists and activists.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” US Secretary of Commerce Gina M. Raimondo said in a statement.“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organisations here and abroad.”

Pegasus military-grade spyware developed and sold by Israel's NSO Group has emerged as a formidable cyber weapon, used by some of its more autocratic customers in the Middle East to target a wide range of people, not just criminals and terrorists. Pegasus has reportedly been used by nation states including UAE, Morocco and Saudi Arabia to target the phones of rights activists and journalists.

NSO Group said it was "dismayed" by the decision, adding that its technology helped maintain US national security by "preventing terrorism and crime". It has long maintained that its software is sold only to military, law enforcement and intelligence agencies from countries with good human rights records. "We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based on the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," the company said in a statement.

US officials said that NSO Group and another Israeli firm, Candiru, had acted "contrary to the national security or foreign policy interests of the United States".

Positive Technologies of Russia, and Computer Security Initiative Consultancy from Singapore, were also listed and the Department of Commerce said they trafficked in cyber tools used to gain unauthorised access to computer networks.

Details about the alleged use of Pegasus by NSO Group clients to target British citizens came to light in July after journalists working with cyber security campaigners, including Amnesty International, obtained a leaked database of 50,000 phone numbers selected by NSO Group clients. 

The numbers were linked to phones used by politicians, human rights defenders and journalists and forensic analysis of some of the devices found evidence that Pegasus software had been installed on them.

Haaretz:    LiveMint:     BBC:     FT:    Times of Israel:     Middle East Eye:     Middle East Eye:     NYT

You Might Also Read: 

Top Secret Israeli Hackers For Hire:

 

« Wanted: Pipeline Hackers - $10m Reward
Artificial Intelligence & The Technology Effects On Accounting »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

CyberGhost

CyberGhost

CyberGhost is a Virtual Private Network services provider offering secure encrypted access to the internet.

Real Random

Real Random

Real Random is on a mission to enhance existing and new crypto-systems with its revolutionary solution to generating numbers that are Truly Random.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

Everfox

Everfox

Everfox, formerly Forcepoint Federal, has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.