The US is banning technology exports to two controversial Israeli companies—NSO Group and Candiru—for allegedly helping foreign governments spread spyware to smartphones.
The Biden administration is sanctioning the companies for “engaging in activities that are contrary to the national security or foreign policy interests of the United States.” The sanctions mean computer hardware and software exports to the companies are banned unless a US-government license is secured. But applicants should presume they’ll face denial.
“NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” the US Commerce Department announced.
For years, NSO Group has been selling surveillance tools to foreign governments capable of secretly infecting iPhones and Android devices, sometimes with only a phone call or a message. The company has long claimed the tools have helped law enforcement stop crime and terrorism. However, security researchers have uncovered evidence the same spying tools, dubbed Pegasus, often target human rights activists, lawyers, and journalists.
In July, a massive leak showed NSO Group’s surveillance tools were allegedly used to target 50,000 phone numbers. WhatsApp’s CEO also claimed US allies, including government officials, have been among the targets.
In response, the US Commerce Department is sanctioning NSO Group, along with Candiru, another mysterious Israeli company accused of helping foreign governments spread spyware to smartphones and PCs.
However, NSO Group denies any wrongdoing. “NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed,” it said.
Nevertheless, NSO Group also admits some clients abused the company’s surveillance tools. But the company claims it’s pulled the plug on the access.
“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products,” the company added.
In addition to NSO Group and Candiru, the US Commerce Department is also blacklisting two other companies, Russia’s Positive Technologies and Singapore’s Computer Security Initiative Consultancy PTE. LTD, for allegedly trafficking in illegal spyware tools.
