An Israeli-firm NSO has made news for all the wrong reasons, its spyware Pegasus. Multiple reports by Amnesty International, media consortium, and other sources have listed damning pieces of evidence that Pegasus is used by authoritarian governments to hack iPhones and Android devices of journalists, rival politicians, Human Rights activists, and others to spy and harass them. In some extreme cases, the spying led to physical abuse and murder.
Based on such evidence, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) has declared NSO a national security risk, along with three other entities from Russia and Singapore. The four foreign companies are placed in the Entity List for engaging in activities that are contrary to the national security or foreign policy interests of the United States.
To stem the proliferation of digital tools used for repression, the U.S. declares the NSO (developer of Pegasus) a national security risk
As part of President Joe Biden’s initiative to cripple the development of digital tools which threaten people’s privacy, security, and lives, the BIS has placed NSO on the Entity list for the development of spyware Pegasus which is against United States national security or foreign policy interests. The Commerce Department has also established controls on the export, re-export, or in-country transfer of certain items that can be used for malicious cyber activities to improve citizens’ digital security, combat cyber threats, and mitigate unlawful surveillance.
NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.
The U.S. Secretary of Commerce Gina M. Raimondo said that the U.S. will “aggressively” hold such companies accountable that develop technologies for malicious purposes.
“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad.”
- NYT journalist was attacked by Pegasus malware after reporting on the spyware
- Pegasus enabled Bahraini government to hack iPhones of nine activists, at home and in exile
- Governments used Pegasus spyware to steal and leak private photos of female journalists – Report
- NSO blocks several clients’ access to Pegasus, a spyware used to hack iOS and Android devices
- Cybersecurity experts ask Apple and Google to do more for users’ protection against spyware like Pegasus