Skip to main content

NSO Group: US blacklists Israeli firms for harming 'national security interests'

US says NSO Group, the company behind Pegasus, and Candiru enabled governments to 'threaten the rules-based international order'
The NSO Group, based in Israel, has attracted criticism for producing the Pegasus spyware which has been installed on mobile phones (file/AFP)

US authorities have put NSO Group, the Israeli spyware company at the centre of a global hacking scandal, on a blacklist, saying its activities are contrary to US foreign policy and national security interests.

A second Israeli spyware company, Candiru, was also placed on the Commerce Department's Bureau of Industry and Security's "entity list", along with companies from Russia and Singapore.

Pegasus: UK urged to conduct 'immediate' probe into spyware scandal
Read More »

Pegasus software, produced by the Israeli NSO Group, has been used by governments, including Morocco, Saudi Arabia, and the United Arab Emirates, to illegally access the phone data of activists and journalists worldwide. 

The Commerce Department said it made its decision based on evidence that the companies developed and supplied spyware that allowed foreign governments to "maliciously target" government officials, journalists, activists and others in ways that "threaten the rules-based international order".

"Today’s action is a part of the Biden-Harris Administration’s efforts to put human rights at the centre of US foreign policy, including by working to stem the proliferation of digital tools used for repression," the department said in a statement.

NSO Group on Wednesday rejected the decision and said it would seek a reversal.

"NSO Group is dismayed by the decision, given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed," an NSO spokesperson told AFP.

Pegasus spyware used on phones

In July, journalists working with cyber-security campaigners, including Amnesty Tech, obtained a leaked database of 50,000 phone numbers selected by NSO Group clients.

The numbers were linked to phones used by politicians, human rights defenders and journalists, and forensic analysis of some of the devices found evidence that Pegasus software had been installed on them.

The NSO Group said that the reports were based on "wrong assumptions" and "uncorroborated theories", and questioned the reliability of the leaked database. 

The company has also said that its products cannot be used to conduct cybersurveillance within the US and "no customer has ever been granted technology that would enable them to access phones with US numbers".

Wednesday's decision means that NSO Group and Candiru will be banned from buying parts and components from US companies without a special licence. 

Digital rights advocates celebrated the decision including US-based Access Now which called the move "long overdue".

"This is a huge win," said Natalia Krapiva, the organistion's Tech-Legal Counsel. "NSO and Candiru like to brag that their spyware technologies are all about protecting public safety and national security.

"But here, we have the United States, a major power, coming out and saying these companies are violating not only human rights, but also US national security."

The decision also drew reactions from the UK, where the numbers of around 400 British citizens appeared in the leaked database and may have been targets of Pegasus.

Campaigners have repeatedly urged the government to put a moratorium on spyware sales and exports until regulations are in place to protect human rights to no avail.

"What about the UK?" tweeted Chris Doyle, director of the Council for Arab-British Understanding. "Are [we] just going to do nothing?"

The UK government has said it complained to NSO Group several times ahead of the revelations this summer, but has not revealed when or why it had concerns.

MEE was unable to find contact details for the notoriously secretive Candiru in order to request a comment.