The U.S. Department of Commerce has announced that Israeli software company NSO Group, along with three other companies, was put on the U.S. Entity List, a list that enforces importing and exporting trade restrictions.
NSO, along with fellow Israeli company Candiru, were blacklisted “based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” according to the USDOC.
NSO is the creator of Pegasus, a program that — thanks to its stealth — allows authorities such as police and intelligence agencies to access a phone’s passwords, photos, messages and record calls all without ever being detected by the user.
According to The Guardian, the earliest version of Pegasus was found by researchers back in 2016. That version was able to infiltrate phones through spam emails and texts, a process known as “spear-phising.” Since that time, NSO’s product has become more advanced, even reaching “zero-click” infiltration, which means no user interactions need to be had in order for the spyware to access the device.
Several foreign countries used Pegasus on journalists, emissaries, and diplomats. The ruler of Dubai and Prime Minister of United Arab Emirates, Sheikh Mohammed bin Rashid Al-Maktoum, was found to have used the spyware hacked the phones of his ex-wife, Princess Haya bint Hussein, and her associates.
Meanwhile, French president Emmanuel Macron’s phone – along with the phones of other French officials — was hacked, and ended up causing a “diplomatic rift” between France and Israel.
An Hungarian official acknowledged that the government used Pegasus to target journalists, businesspeople, and fellow politicians while saying that Hungary’s Interior Ministry was the purchaser. However, Hungary officials claim they used the surveillance technology legally.
The spyware has been heavily criticized for years now due to its dangerous array of surveillance tactics and breaches. Whatsapp claimed the spyware was responsible for nearly 1,400 users being breached by governments in 2019, which led CEO Will Cathcart to sue NSO.
Following this development, the U.S. Department of Justice began an investigation into NSO Group, which denied any wrongdoing in the matter.
As The New York Times notes, the U.S.’ announcement also came at the surprise of the Israeli defense ministry, which approves the sales of Pegasus to foreign government – the spyware is classified as a “defense technology,” and NSO maintains that its used for fighting crimes like terrorism.
In 2019, Israeli defense export deals totaled $7.2 billion and involved 120 defense companies. That year, Israeli said 17 percent of all deals involved radars and electronic warfare, the highest percentage of any contract.
NSO Group released a statement in response to the blacklisting, where they expressed a desire for the decision to be overturned while stating their surprise.
“NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed.”
NSO also explained how they possess “the world’s most rigorous compliance and human rights programs,” and claim they have severed contracts in the past with government agencies that misused their products.
NSO has undergone numerous changes in the past couple days, with CEO and founder Shalev Hulio stepping down from the role, instead becoming the “global president.”
Andrew Rhoades is a Contributing Reporter at The National Digest based in New York. A Saint Joseph’s University graduate, Rhoades’ reporting includes sports, U.S., and entertainment. You can reach him at email@example.com.