The US has added NSO Group, the Israeli military spyware company that created software that has been traced to the phones of journalists and human rights activists, to a trade blacklist in a bid to tackle the growing surveillance threat posed by technology companies.
NSO and a smaller Tel Aviv-based company, Candiru, were among four companies added by the US commerce department on Wednesday to its so-called entity list, which would restrict exports of US technology to the companies.
Both are part of a growing Israeli cyber industry that often recruits veterans of the army’s elite units and sells software allowing clients to hack computers and cell phones remotely.
NSO’s licensed military-grade software, Pegasus, was last year revealed to have been used to target smartphones belonging to 37 journalists, human rights activists and other prominent figures.
The company has said repeatedly that it sells its weapon only to nations in order to fight terrorism and serious crime, and with the approval of the Israeli government. A spokesman did not immediately respond to a message seeking comment.
According to research by Microsoft and the University of Toronto’s Citizen Lab, Candiru exploited vulnerabilities in Microsoft and Google products, allowing governments to hack more than 100 journalists, activists and political dissidents globally.
The US commerce department said the designation of the two companies was “based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.
“These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order,” the department said.
The US commerce department also added a Russian company, Positive Technologies, and Singapore-based Computer Security Initiative Consultancy to its list, alleging that they “traffic in cyber tools” used to gain unauthorised access to computer systems.
Gina Raimondo, US commerce secretary, said the US was “committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cyber security of members of civil society, dissidents, government officials, and organisations here and abroad.”