By ALAN SUDERMAN, Associated Press
RICHMOND, Va. (AP) – The Biden administration on Wednesday announced it was imposing new export limits on Israel’s NSO group, the world’s most infamous hacker company, saying its tools were used for “crackdowns transnational “.
The company, which spyware researchers say has been used around the world to break into the phones of human rights activists, journalists and even Catholic clergy, has said it will advocate by favor of a reversal.
The US Department of Commerce said NSO Group and three other companies were added to the “entity list,” limiting their access to US components and technology by requiring government permission for exports. The department said putting these companies on the entity list was part of the Biden administration’s efforts to promote human rights in U.S. foreign policy.
âThe United States is committed to aggressively using export controls to hold accountable companies that develop, commercialize or use technology to carry out malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials and organizations at home and abroad, âUnited States Commerce Secretary Gina Raimondo said in a statement.
The announcement was another blow to NSO Group, which was the subject of reports by a media consortium earlier this year that discovered that the company’s spyware tool, Pegasus, had been used in several cases of successful or attempted phone hacks against business leaders, human rights activists and others around the world.
Pegasus infiltrates phones to suck up personal and location data and surreptitiously controls smartphone microphones and cameras. Researchers have found several examples of NSO Group tools using so-called âzero-clickâ exploits that infect targeted mobile phones without any user interaction.
Tech giant Facebook is currently suing NSO Group in US federal court for allegedly targeting some 1,400 users of its encrypted WhatsApp messaging service with its spyware.
The company has broadly denied the wrongdoing and released a statement Wednesday saying its tools “support US national security interests and policies by preventing terrorism and crime.”
“We look forward to presenting all the information on how we have the most rigorous human rights and compliance programs in the world that are based (on) the American values ââthat we deeply share, which has already resulted in multiple breaks in contact with government agencies that have abused our products. , the company said.
The full impact of listing on the Entity List is unclear. Kevin Wolf, lawyer at Akin Gump and former senior commerce official, said being placed on the entity list can have a big impact on a business.
“Many companies choose to avoid doing business with listed entities altogether in order to eliminate the risk of inadvertent breach and the costs of conducting complex legal analyzes,” he said.
In 2019, the Commerce Department placed Chinese tech giant Huawei, which the U.S. defense and intelligence communities have long accused of being an untrustworthy agent of Beijing’s repressive rulers, on the entity list.
Stewart Baker, a cybersecurity attorney and former general counsel for the National Security Agency, said the impact of Wednesday’s announcement on the long-term health of the NSO Group remains to be seen. He said the Commerce Department would have significant discretion in how it handles license applications related to the NSO Group and may face pressure from U.S. exporters and the Israeli government.
“We could see a situation where the sanction has been granted and this has great symbolic significance and some practical significance for NSO, but it is certainly not a death penalty and can over time be really aggravating,” he said. he declared.
Another Israeli spyware company, Candiru, has also been added to the entity list. In July, Microsoft said it blocked tools developed by Candiru that have been used to spy on more than 100 people around the world, including politicians, human rights activists, journalists, academics and political dissidents. .
A leading Russian company, Positive Technologies, and Singapore-based Computer Security Initiative Consultancy, have also been placed on the list for trafficking “cyber tools used to gain unauthorized access” to computer systems, the department said. . The Treasury Department imposed sanctions on Positive Technology, which has a large international footprint and partnerships with IT heavyweights like Microsoft and IBM, earlier this year.
Copyright 2021 The Associated press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.