Uncategorized

Israeli cyber firm NSO Group blacklisted by US amid phone hacking allegations

NSO Group was placed on an “entity list” by the Commerce Department, which said the firm had been acting “contrary to the foreign policy and national security interests of the United States.”

The Commerce Department also placed three other similar vendors—based in Israel, Russia and Singapore—on the entity list. The move came after an interagency panel composed of the departments of Defense, State, Energy, Treasury and Commerce determined that the conduct of the companies warranted inclusion on the list.

The designation will block exports from the U.S. to NSO Group of both hardware and software without a Commerce Department license, and could make it more difficult for the company to seek contracts with international customers. The department said it would review any future license applications with a “presumption of denial” but retains discretion to grant them in some circumstances.

The Israeli government also tightly controls the export of NSO Group’s software as defense technology and NSO Group operates under Israeli export law—but the U.S. designation would bar the company from working with U.S. cybersecurity vendors and researchers to obtain the kind of security vulnerabilities it relies on to power its intrusion software without a waiver from the Commerce Department.

A recent series of articles published by a global consortium of journalism organizations alleged that one of NSO Group’s main software tools, known as Pegasus, has been used by dozens of law-enforcement and intelligence customers around the world to target and break into cellphones belonging to politicians, human-rights activists and journalists.

NSO Group has generally denied the reports, and said a list of phone numbers said to include targets of Pegasus spyware used in the reporting is inaccurate.

“NSO Group is dismayed by the decision given that our technologies support U.S. national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed,” an NSO Group spokesman said in a statement Wednesday on the designation.

NSO Group said it has terminated contracts with numerous governments that have abused its software and put in place compliance and human-rights programs to deter future abuse.

Echoing the findings of recent news reports, the Commerce Department’s new rule said NSO Group “developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”

The State Department said the designation against NSO Group and other vendors reflects the Biden administration’s commitment to human rights as part of U.S. foreign policy and its goal of halting “the proliferation and misuse of digital tools used for repression.”

NSO Group has been under fire for years by privacy advocates who have said it and firms like it sell high-powered hacking tools to governments with poor track records on human rights. The firm sells cybersecurity tools that can be used to remotely extract data from devices like phones and computers.

Such software—built on vulnerabilities in consumer technology made by companies like Apple Inc., Microsoft Corp. and Alphabet Inc.’s Google—is valuable for intelligence and espionage and is widely used by governments around the world.

Sophisticated governments such as the U.S. and Israel have robust government-run cyber intrusion programs and capabilities. Other governments rely on private vendors—often staffed by retired intelligence officers—for their capabilities. NSO Group doesn’t comment on its customers, but The Wall Street Journal has reported it has provided capabilities to governments in the Middle East, Mexico and India.

The Trump administration used entity list designations against Huawei Technologies Co. and other firms, but it is more uncommon for firms based in countries that are allied with the U.S. to be added.

The new designation appears to represent a split between the Biden administration and the Israeli government over the propriety of exporting intrusion software to certain countries and for certain purposes.

Wednesday’s action is the latest effort by U.S. authorities to try to control a largely ungoverned international marketplace for hacking tools that often sees American technology and expertise wind up in the hands of foreign governments. The Biden administration also recently charged three former U.S. intelligence officers with unlawfully providing similar intrusion services to the government of the United Arab Emirates. They paid a $1.68 million fine and agreed not to work on future offensive cybersecurity operations as part of an agreement to resolve the criminal charges.

Facebook in 2019 brought a lawsuit against NSO Group, alleging the company’s spyware infected the phones of some users after it was delivered through the WhatsApp messaging platform. The lawsuit is ongoing, and NSO Group has disputed the allegations.

NSO Group is best known as a maker of surveillance software, but in recent months, the company has increasingly billed itself as a maker of defensive cybersecurity products. Wednesday’s Commerce designation could complicate that effort, said John Scott-Railton, a researcher with the Citizen Lab, an academic research group that studies state-sponsored cyber espionage.

“This is bound to have a chilling effect on NSO’s futures in the eyes of investors,” said Mr. Scott-Railton, long a critic of the company. “This is a huge long-term blow for the kind of confidence that third parties are going to have in NSO and it’s also the clearest signal we have about what the US government thinks of what NSO is doing.”

He added: “NSO has had months of crisis, following the revelations from the Pegasus project and other big reports. This latest case makes it clear that the company is not only out of the woods but that their fortunes are very much less certain than they’d like investors to believe.”

 

This story has been published from a wire agency feed without modifications to the text

Subscribe to Mint Newsletters * Enter a valid email * Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint.
Download
our App Now!!


Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
%d bloggers like this: