NSO Spyware Is On US Trade Blacklist

The US Department of Commerce has recently blacklisted two Israeli phone spyware companies, NSO Group and Candiru, adding them to the list of foreign companies that engage in malicious cyber activities. The ban is the biggest step taken by the US so far  to curb abuses in the global market for spyware, which is for all practical purposes, is unregulated. 

The move by the Commerce Department was driven by NSO’s export around the world of a sophisticated surveillance system known as Pegasus, which can be remotely implanted in smartphones.

NSO Group and the lesser-known Candiru, considered its competitor in the cyber-surveillance market, were accused of providing spyware software to governments that was ultimately turned on journalists and activists.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” US Secretary of Commerce Gina M. Raimondo said in a statement.“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organisations here and abroad.”

Pegasus military-grade spyware developed and sold by Israel's NSO Group has emerged as a formidable cyber weapon, used by some of its more autocratic customers in the Middle East to target a wide range of people, not just criminals and terrorists. Pegasus has reportedly been used by nation states including UAE, Morocco and Saudi Arabia to target the phones of rights activists and journalists.

NSO Group said it was "dismayed" by the decision, adding that its technology helped maintain US national security by "preventing terrorism and crime". It has long maintained that its software is sold only to military, law enforcement and intelligence agencies from countries with good human rights records. "We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based on the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," the company said in a statement.

US officials said that NSO Group and another Israeli firm, Candiru, had acted "contrary to the national security or foreign policy interests of the United States".

Positive Technologies of Russia, and Computer Security Initiative Consultancy from Singapore, were also listed and the Department of Commerce said they trafficked in cyber tools used to gain unauthorised access to computer networks.

Details about the alleged use of Pegasus by NSO Group clients to target British citizens came to light in July after journalists working with cyber security campaigners, including Amnesty International, obtained a leaked database of 50,000 phone numbers selected by NSO Group clients. 

The numbers were linked to phones used by politicians, human rights defenders and journalists and forensic analysis of some of the devices found evidence that Pegasus software had been installed on them.

Haaretz:    LiveMint:     BBC:     FT:    Times of Israel:     Middle East Eye:     Middle East Eye:     NYT

You Might Also Read: 

Top Secret Israeli Hackers For Hire:

 

« Wanted: Pipeline Hackers - $10m Reward
Artificial Intelligence & The Technology Effects On Accounting »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

Cura Technologies

Cura Technologies

Cura Technologies is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Conceptivity

Conceptivity

Conceptivity provide risk management solutions in the areas of Supply Chain Security, Cyber Security and Critical Infrastructure Protection.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Checksum Consultancy

Checksum Consultancy

Checksum Consultancy specializes in Information security, Risk management, and IT governance.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Limes Security

Limes Security

Limes Security GmbH is the leading OT Security expert in the German-speaking region of Europe.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.