Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

US says NSO Group & Pegasus hacking tool are national security risks

NSO Group

Last updated

The NSO Group, developer of iPhone hacking tool Pegasus, has been added to the U.S. Department of Commerce's Entity List, banning imports as a national security issue.

Four foreign companies have been added to the Entity List by the Commerce Department's Bureau of Industry and Security (BIS). NSO Group, Israel's Candiru, Russia's Positive Technologies and Singapore's Computer Security Initiative Consultancy PTE are all listed for engaging in activities contrary to the national security.

"The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad," said US Secretary of Commerce Gina M. Raimondo in a statement.

The Commerce Department statement says that NSO Group and Candiru have been listed specifically because of evidence that they developed and supplied spyware to foreign governments. These governments then used the tools to target officials, activists, journalists, and more.

Positive Technologies and Computer Security Initiative Consultancy PTE were found to "traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide."

Being placed on the Entity List means that there are now restrictions on the "export, reexport, and in-country transfer of times" subject to the listing.

The Commerce Department says that this action is aimed at "improving citizens' digital security." It's described as part of the Biden-Harris Administration's efforts to "put human rights at the center of US foreign policy."

Previously, the NSO Group's CEO Shalev Hulio has said that the company cannot be held responsible for how its tools are used. Hulio said that private citizens should not be concerned, because the tool was used to target criminals.

However, its Pegasus tool has been shown to have been used to spy on human rights activists, and journalists. It has targeted critics of governments, rather than solely criminals



9 Comments

rob53 3312 comments · 13 Years

Does this mean the NSA, CIA, FBI and all the other entities will have to stop using their copies? I would like to know how many copies of these systems have been sold to the US government as well as state and local police forces.

riverko 247 comments · 9 Years

rob53 said:
Does this mean the NSA, CIA, FBI and all the other entities will have to stop using their copies? I would like to know how many copies of these systems have been sold to the US government as well as state and local police forces.

Or we may read it - we already bought it, no one else should buy it

longpath 401 comments · 20 Years

Never grant the state any power you would not entrust to your worst enemy. This isn’t a hard concept.

command_f 428 comments · 14 Years

I don't see the logic here. Since these are foreign entities, doesn't that leave the tools and capabilities available to everyone except the US?

As a foreigner, I would think the US would want, eg, NSA, to have access even if only to develop counter-measures (and the 'I don't trust NSA argument' doesn't work here because, if they're not trustworthy, they'll acquire the tools anyway).

command_f 428 comments · 14 Years

longpath said:
Never grant the state any power you would not entrust to your worst enemy. This isn’t a hard concept.

But your worst enemy already has it...