The United States Department of Commerce announced Wednesday that it added to NSO group, maker of spyware Pegasus, to its list of companies banned for posing a threat to national security, in a decision that “dismayed” the Israeli company.
NSO was exposed in July after research published by a consortium of 17 international media revealed that Pegasus had allegedly allowed spying on the numbers of journalists, politicians, activists or business leaders in various countries.
Pegasus-infected phones basically become pocket spy gadgets. They allow the user to read the messages of the affected person, look at their photos, know their location and even turn on the camera without their knowing it.
“These tools have allowed foreign governments to apply transnational repression, which is the practice of authoritarian governments to follow dissidents, journalists and activists outside their borders to silence dissent,” the Commerce Department said in a statement.
Washington also listed the Israeli company Candiru, the Computer Security Initiative Consultancy PTE (COSEINC) of Singapore and the Russian firm Positive Technologies.
The addition of these firms implies restrictions on their purchases from US suppliers. And, for example, it is now much more difficult for American organizations to sell them information or technology.
The Pegasus manufacturer expressed surprise at the inclusion on the list.
“The NSO group is dismayed by the decision” of the United States and “will work to ensure that this decision is modified,” a spokesman for the company based on the outskirts of Tel Aviv, which claims to have a “Rigorous ethical charter based on American values.”
More than one concern
Critics say the widespread availability of software like Pegasus allows even cash-strapped authoritarian governments to buy their own version of the US National Security Agency, which wields highly invasive surveillance powers.
“NSO Group spyware is a tool of repression, which has been used around the world to violate human rights,” said Danna Ingleton, deputy director of Amnesty Tech, in a statement.
“This dangerous industry is out of control, and this should spell an end to the impunity that spyware companies have enjoyed,” he added.
A key problem is that companies supplying spyware must assess the appropriate use of their technology and whether buyers can be trusted to abide by the restrictions.
“It’s pretty clear that most governments ignore those limitations and do what they think is in their best interest,” said Oliver Tavakoli, chief technology officer at cybersecurity company Vectra.
Following the July Pegasus scandal, UN experts called for an international moratorium on the sale of surveillance technology until regulations to protect human rights are in place.
The initial concern about Pegasus was compounded by resentments when Apple released a solution in September to prevent spyware from infecting its devices without users even opening a malicious link or message.
The so-called “zero-click,” which can silently corrupt a device, was identified by researchers at Citizen Lab, a cybersecurity watchdog organization in Canada.