US authorities on Wednesday put the Israeli maker of the Pegasus spyware on a list of restricted companies, taking aim at software central to a scandal over surveillance of journalists and officials.
The company, NSO, was engulfed in controversy over reports that tens of thousands of human rights activists, journalists, politicians and business executives worldwide were listed as potential targets of its Pegasus software.
Smartphones infected with Pegasus are essentially turned into pocket spying devices, allowing the user to read the target’s messages, look through their photos, track their location and even turn on their camera without them knowing.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent,” the US Commerce Department said in a statement.
NSO fired back at the decision, saying its “technologies support US national security interests and policies by preventing terrorism and crime.”
“We will advocate for this decision to be reversed,” an NSO spokesperson told AFP, adding its compliance controls have resulted in “multiple terminations of contacts with government agencies that misused our products.”
Washington also targeted Israeli company Candiru, Singapore-based Computer Security Initiative Consultancy PTE (COSEINC) and Russian firm Positive Technologies.
‘Zero-click’ attackÂ
The companies’ addition to the so-called “entity list” means exports to them from US organizations are restricted. For example, it is now far harder for American researchers to sell them information or technology.
Critics say the widespread availability of software like Pegasus now allows even cash-strapped authoritarian governments to effectively purchase their own answer to the United States’ National Security Agency, with highly invasive surveillance powers.
While companies offering such technology have sprung up around the world, several have been founded in Israel, drawing recruits from the military intelligence elite.
“Today’s action is a part of the Biden-Harris Administration’s efforts to put human rights at the center of US foreign policy, including by working to stem the proliferation of digital tools used for repression,” the Commerce statement said.
Following the initial concern over Pegasus, a subsequent wave of worries emerged when iPhone maker Apple released a fix in September for a weakness that can let the spyware infect devices without users even clicking on a malicious message or link.
The so-called “zero-click” is able to silently corrupt the targeted device, and was identified by researchers at Citizen Lab, a cybersecurity watchdog organization in Canada.
UN experts have called for an international moratorium on the sale of surveillance technology until regulations are implemented to protect human rights following the Pegasus scandal.
Israel’s defense establishment has set up a committee to review NSO’s business, including the process through which export licenses are granted.
NSO has insisted its software is intended for use only in fighting terrorism and other crimes and says it exports to 45 countries.