Biden administration blacklists Israeli spyware company NSO Group over Pegasus and spying of world leaders

Published Nov 3, 2021


The US on Wednesday added the Israeli spyware company NSO Group to its “entity list” – a federal blacklist prohibiting the company from receiving American technologies – after determining its phone hacking tools had been used by foreign governments to “maliciously target” government officials, activists, journalists, academics, and embassy workers around the world.

The move is a significant sanction against a company spotlighted in July by the global Pegasus Project consortium, including The Washington Post and 16 other news organisations worldwide. The consortium published dozens of articles detailing misuse of the Pegasus spyware by customers of NSO.

The US commerce department said in a statement that the action is part of the Biden administration’s “efforts to put human rights at the centre of US foreign policy, including by working to stem the proliferation of digital tools used for repression.”

The company did not immediately respond to requests for comment.

The company has consistently denied the findings of the Pegasus Project, which found that some of NSO's dozens of law enforcement, military and intelligence customers, in more than 40 countries, target journalists, politicians and human rights workers on a routine basis with Pegasus, which can hack into a victim's cellphone. NSO has acknowledged problems with certain customers in the past.

Being added to the entity list prohibit all exports from the US to NSO, of any type of hardware or software, severing the company from a vital source of technology. It could also hinder it from future business arrangements and challenge their ability to work as an international company.

“The impact is broader than just the legal prohibition,” said Kevin Wolf, an international trade lawyer at the firm Akin Gump, who previously ran the entity list process.

“It's a huge red flag,” he said.

Commerce officials said NSO Group and another Israeli surveillance company, Candiru, had enabled “foreign governments to conduct transnational repression”, allowing authoritarian governments to target “dissidents, journalists and activists outside of their sovereign borders to silence dissent.”

Past administrations added Huawei and other Chinese firms to the list, citing their alleged contributions to human rights abuses of the Uyghurs – a mostly Muslim minority group, detained en masse in Chinese “re-education” camps.

But it is rare for the US government to target companies from US allies, including NSO Group's home country of Israel. NSO's addition to the list also marked one of the first times that the US government had cited cyber-surveillance issues as the cause for the penalty.

Three other companies were also added to the list – Israel's Candiru, Russia's Positive Technologies, and Singapore's Computer Security Initiative Consultancy PTE.