Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

US says NSO Group & Pegasus hacking tool are national security risks

NSO Group

The NSO Group, developer of iPhone hacking tool Pegasus, has been added to the U.S. Department of Commerce's Entity List, banning imports as a national security issue.

Four foreign companies have been added to the Entity List by the Commerce Department's Bureau of Industry and Security (BIS). NSO Group, Israel's Candiru, Russia's Positive Technologies and Singapore's Computer Security Initiative Consultancy PTE are all listed for engaging in activities contrary to the national security.

"The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad," said US Secretary of Commerce Gina M. Raimondo in a statement.

The Commerce Department statement says that NSO Group and Candiru have been listed specifically because of evidence that they developed and supplied spyware to foreign governments. These governments then used the tools to target officials, activists, journalists, and more.

Positive Technologies and Computer Security Initiative Consultancy PTE were found to "traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide."

Being placed on the Entity List means that there are now restrictions on the "export, reexport, and in-country transfer of times" subject to the listing.

The Commerce Department says that this action is aimed at "improving citizens' digital security." It's described as part of the Biden-Harris Administration's efforts to "put human rights at the center of US foreign policy."

Previously, the NSO Group's CEO Shalev Hulio has said that the company cannot be held responsible for how its tools are used. Hulio said that private citizens should not be concerned, because the tool was used to target criminals.

However, its Pegasus tool has been shown to have been used to spy on human rights activists, and journalists. It has targeted critics of governments, rather than solely criminals