The controversial Israeli company NSO group has been placed on a US blacklist by the Biden administration, in an almost unprecedented move targeting of an Israeli entity, given the Jewish state is America's closest longtime ally in the region. Another Israeli spyware company that works closely with the government was also blacklisted in the same designation.
The White House moved against NSO for having acted "contrary to the foreign policy and national security interests of the US" - after last summer a bombshell investigation by the French non-profit group Forbidden Stories revealed its cutting edge spyware was used by foreign governments to hack Western allies, including accessing the mobile numbers of French President Emmanuel Macron and much of his cabinet.
Specifically its Pegasus phone-hacking tool was found to have been used to "maliciously target" journalists and activists as well as top government officials. Revealed by the initial report was an extensive list that included over 600 government officials and politicians from over 30 countries. Pakistan Prime Minister Imran Khan was also a big name on the list.
The US Commerce Dept. announced in a statement: "Today’s action is a part of the Biden-Harris administration’s efforts to put human rights at the center of US foreign policy, including by working to stem the proliferation of digital tools used for repression."
"This effort is aimed at improving citizens’ digital security, combatting cyber threats, and mitigating unlawful surveillance and follows a recent interim final rule released by the commerce department establishing controls on the export, reexport, or in-country transfer of certain items that can be used for malicious cyber activities," it said.
Additionally the Israel-based company Candiru was also placed on the "entity list" with two other companies from Russia and Singapore, according to the Commerce statement:
NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.
NSO Group is well-known to work closely with the Israeli government as a key defense contractor, and government authorities oversee and regulate the export of Pegasus as a unique defense technology which must be prevented from being used by Israel's enemies. The spyware is actually controlled for export in the same way that weapons would be. It's believed the Saudis, for example, used such technology to hack and track journalists and dissidents, such as the murdered Jamal Khashoggi, killed at the Istanbul consulate in 2018 at the hands of Saudi operatives on orders from the kingdom.
Given this, the question of the US actually extending punitive measures on Israeli officials themselves would be the next big step (obviously extremely unlikely given that it's America's closest Mideast ally and defense partner).
According to Axios' Barak Ravid, this was clarified later on Wednesday following the Commerce statement: "The State Department clarifies the Biden administration will not take steps against Israel or the Israeli government after the decision to blacklist Israeli Cyber spying companies NSO and Candiru," he wrote.
Being on the entities list means the two Israeli companies are now barred from buying parts and components from US companies without specific approval from US authorities, which would require being issued a special license. Moreover, typically the reputational damage on a global scale is a huge black eye for such companies seeking to extend into foreign markets.