US sanctions Israeli NSO Group for selling spyware

The US has banned Israeli company NSO Group, which sells the Pegasus spyware, and three other companies.

The prohibition means US companies wishing to import or export products or services related to NSO Group must now obtain a license from the government.

The US ban could represent a severe blow for NSO Group, not only in terms of its ability to sell products to customers in the US but also by restricting its access to US technologies for the development of future ones.

US companies can no longer have any kind of relationship with NSO since "there is a risk of becoming involved in activities that are dangerous to national security," thus leading to heavy government penalties.

The Entity List update also included Candiru, another Israeli company active in developing and selling spyware. NSO Group and Candiru were added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, business people, activists, academics, and embassy workers, according to the State Department.

In a ruling by the US Commerce Department’s Bureau of Industry and Security (BIS), the government said these tools have “enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.”

In addition, Positive Technologies and COSEINC were added to the Entity List based on a determination they “misuse and traffic cyber tools that are used to gain unauthorized access to information systems in ways that are contrary to the national security or foreign policy of the United States, threatening the privacy and security of individuals and organizations worldwide.”

“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad,” said commerce secretary Gina Raimondo.

The announcement comes as part of the Biden-Harris Administration’s efforts to put human rights at the center of US foreign policy, including by working to stem the proliferation of digital tools used for repression.