US 'black lists' Israeli maker of Pegasus spyware

WASHINGTON — US authorities on Wednesday put the Israeli maker of the Pegasus spyware on a list of restricted companies, taking aim at software central to a scandal over surveillance of journalists and officials.

The company, NSO, was engulfed in controversy over reports that tens of thousands of human rights activists, journalists, politicians and business executives worldwide were listed as potential targets of its Pegasus software.

Smartphones infected with Pegasus are essentially turned into pocket spying devices, allowing the user to read the target's messages, look through their photos, track their location and even turn on their camera without them knowing.

"These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent," the US Commerce Department said in a statement.

NSO did not immediately reply to a request for comment.

Washington also targeted Israeli company Candiru, Singapore-based Computer Security Initiative Consultancy PTE (COSEINC) and Russian firm Positive Technologies.

‘Zero-click’ attack 

The companies’ addition to the so-called “entity list” means that exports to them from US organisations are restricted. For example, it is now far harder for American researchers to sell them information or technology.

An international media investigation reported in July that several governments used the Pegasus malware, created by NSO Group, to spy on activists, journalists and politicians.

“Today’s action is a part of the Biden-Harris Administration’s efforts to put human rights at the center of US foreign policy, including by working to stem the proliferation of digital tools used for repression,” the Commerce statement said.

Following the initial concern over Pegasus, a subsequent wave of worries emerged when iPhone maker Apple released a fix in September for a weakness that can let the spyware infect devices without users even clicking on a malicious message or link.

The so-called “zero-click” is able to silently corrupt the targeted device, and was identified by researchers at Citizen Lab, a cybersecurity watchdog organisation in Canada.

UN experts have called for an international moratorium on the sale of surveillance technology until regulations are implemented to protect human rights following an Israeli spyware scandal.

Israel’s defense establishment has set up a committee to review NSO’s business, including the process through which export licenses are granted.

NSO has insisted its software is intended for use only in fighting terrorism and other crimes, and says it exports to 45 countries