The US Department of Commerce’s Bureau of Industry and Security (BIS) on Wednesday promulgated a final rule adding four foreign companies, including Israel’s NSO Group, to the Entity List. According to the Bureau, the Entity List identifies companies that are or may become involved in “activities contrary to the national security or foreign policy interests of the United States.”
Officials determined that NSO Group and fellow Israeli company Candiru “developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
NSO Group claims to be a producer of “technology that helps government agencies prevent and investigate terrorism and crime.” In August 2021, United Nations human rights experts expressed concern over NSO Group’s Pegasus spyware after an investigation by Amnesty International revealed that the technology was being used to spy on journalists and activists. According to Amnesty, Pegasus can be installed on victims’ phones and “allows an attacker complete access to the device’s messages, emails, media, microphone, camera, calls and contacts.” Amnesty discovered evidence indicating that murdered Saudi journalist Jamal Khashoggi was among those targeted by the software.
In a statement, Secretary of Commerce Gina M. Raimondo asserted that the United States “is committed” to holding companies accountable that use technology to “threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad.”
The BIS also blacklisted Russia’s Positive Technologies and Singapore’s Computer Security Initiative Consultancy PTE LTD in Wednesday’s final rule.