Israel’s NSO Group, Creator Of Pegasus Spyware, Put On U.S. Blacklist

The U.S. Department of Commerce has announced that Israeli software company NSO Group, along with three other companies, was put on the U.S. Entity List, a list that enforces importing and exporting trade restrictions.

NSO, along with fellow Israeli company Candiru, were blacklisted “based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” according to the USDOC.

Embed from Getty Images

NSO is the creator of Pegasus, a program that — thanks to its stealth — allows authorities such as police and intelligence agencies to access a phone’s passwords, photos, messages and record calls all without ever being detected by the user.

According to The Guardian, the earliest version of Pegasus was found by researchers back in 2016. That version was able to infiltrate phones through spam emails and texts, a process known as “spear-phising.” Since that time, NSO’s product has become more advanced, even reaching “zero-click” infiltration, which means no user interactions need to be had in order for the spyware to access the device.

Several foreign countries used Pegasus on journalists, emissaries, and diplomats. The ruler of Dubai and Prime Minister of United Arab Emirates, Sheikh Mohammed bin Rashid Al-Maktoum, was found to have used the spyware hacked the phones of his ex-wife, Princess Haya bint Hussein, and her associates.

Meanwhile, French president Emmanuel Macron’s phone – along with the phones of other French officials — was hacked, and ended up causing a “diplomatic rift” between France and Israel.

An Hungarian official acknowledged that the government used Pegasus to target journalists, businesspeople, and fellow politicians while saying that Hungary’s Interior Ministry was the purchaser. However, Hungary officials claim they used the surveillance technology legally.

Embed from Getty Images

The spyware has been heavily criticized for years now due to its dangerous array of surveillance tactics and breaches. Whatsapp claimed the spyware was responsible for nearly 1,400 users being breached by governments in 2019, which led CEO Will Cathcart to sue NSO.

Following this development, the U.S. Department of Justice began an investigation into NSO Group, which denied any wrongdoing in the matter.

As The New York Times notes, the U.S.’ announcement also came at the surprise of the Israeli defense ministry, which approves the sales of Pegasus to foreign government – the spyware is classified as a “defense technology,” and NSO maintains that its used for fighting crimes like terrorism.

In 2019, Israeli defense export deals totaled $7.2 billion and involved 120 defense companies. That year, Israeli said 17 percent of all deals involved radars and electronic warfare, the highest percentage of any contract.

NSO Group released a statement in response to the blacklisting, where they expressed a desire for the decision to be overturned while stating their surprise.

“NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed.”

NSO also explained how they possess “the world’s most rigorous compliance and human rights programs,” and claim they have severed contracts in the past with government agencies that misused their products.

NSO has undergone numerous changes in the past couple days, with CEO and founder Shalev Hulio stepping down from the role, instead becoming the “global president.”


Hackers Target Government Officials Using WhatsApp

Facebook is embroiled in controversy in the aftermath of the company’s decision not to remove political advertisements that contain falsehoods, drawing criticism from politicians and the general public alike for being complicit in spreading misinformation. The social media platform is no stranger to controversy of this sort, as many critics have called out the company for failing to mitigate the impact of foreign interference in elections and for failing to adequately safeguard its users’ privacy, among other concerns. Most recently, the news organization Reuters reported that hackers have been using WhatsApp, a messaging application owned by Facebook, to attack government officials. 

According to Reuters, an internal investigation conducted by WhatsApp revealed that a “significant” portion of the victims were high-profile government and military officials, many of which were allies of the U.S. As government officials from the United States and around the world have been known to use WhatsApp to communicate sensitive information, the WhatsApp hacks pose a significant risk to domestic and international security. In response to the attacks, WhatsApp sued the Israeli hacking tool developer NSO Group, alleging that they created and sold a hacking platform that allowed their clients to hack the cellphones of at least 1,400 users between April and May of this year. The total number of affected users is unknown, but is likely to be much higher than the 1,400 users mentioned in the lawsuit.

Embed from Getty Images

It’s not clear as of yet who was directly responsible for initiating the hacks, but NSO sells spyware exclusively to government customers, suggesting adversaries of the U.S. may be responsible. Known victims include officials in the United States, Bahrain, Mexico, Pakistan, and India. While most of the victims have not disclosed the fact that their security may have been compromised, some Indian nationals have publicly alleged they were among the targets of the attacks, including journalists, academics, and lawyers.

NSO has denied any wrongdoing, and has said that it is “not able to disclose who is or is not a client or discuss specific uses of its technology.” Instead, NSO claims that its products are intended only for catching terrorists and other criminals. However, experts doubt this claim, as they suspect products developed by NSO have been widely used for more nefarious purposes.

Embed from Getty Images

WhatsApp has notified victims that they had been hacked, and checked their list of known victims against law enforcement requests for information relating to criminal investigations, but found no overlap between the two sets of data. Instead of relying on spyware like that developed by NSO Group, WhatsApp encourages governments to submit requests for information to the company through an online portal they maintain. Though WhatsApp provides its users with end-to-end encryption, ensuring that only the sender and recipient are able to read the contents of messages, the company nevertheless cooperates with governments for legitimate law enforcement purposes.

As of 2015, WhatsApp is the world’s most popular messaging application, as it allows users to send text messages, media, voice messages, and make Voice over IP calls, among other features. The app is available around the world, and is particularly popular in countries other than the U.S. Facebook purchased WhatsApp in February of 2014 for $19 billion, representing the social network’s largest acquisition to date. Due to the app’s ability to enable secure, private communication between individuals, the app is banned in China, a country with strict restrictions on speech. WhatsApp has been the subject of criticism for multiple reasons, including its use by terrorist organizations like the Islamic State, as well as the prevalence of scams and malware throughout the app.