WASHINGTON - The United States will not be pursuing action against the Israeli government related to Israeli spyware firms NSO group and Candiru that were blacklisted for engaging in activities contrary to the United States' national security or foreign policy interests.
"We are not taking action against countries or governments where these entities are located," the State Department said in a statement soon after the U.S. Commerce Department added NSO and Candiru, alongside companies from Russia and Singapore, to its Entity List for malicious cyber activities.
The State Department noted that NSO Group and Candiru were added to the Entity List "based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."
It added that the firms in question are "reasonably believed to be involved, have been involved, or pose a significant risk to being or becoming involved, in activities contrary to the national security or foreign policy interests of the United States."
The move was one of several punitive measures that Democratic lawmakers urged the Biden administration to undertake following the revelation of how deep the misuse of NSO Group's spyware ran.
Lawmakers have pushed for much deeper regulation of the "hacking-for-hire" industry, while specifically calling for NSO Group's clients to be considered to be sanctioned under the Global Magnitsky Act. They also have argued that SEC regulations should prevent NSO Group and other companies engaged in similar activities from accessing American investors' funds — including through a potential initial public offering, which NSO is eyeing.
NSO group is the largest cyberespionage firm in Israel, valued at over one billion dollars; it specializes in cellphone hacking. Candiru, a younger company, specializes in hacking computers. Over the years, countless investigations, spearheaded by the Pegasus Project, have been published on NSO in particular and the misuse of its spyware.
- U.S. Blacklists Israeli Cyberarms Firms NSO, Candiru for Harming 'National Security'
- Israel's Shame: NSO and Pegasus, a Danger to Democracy Around the World
- How Israeli Spy-tech Became Dictators' Weapon of Choice
The U.S. decision to blacklist NSO is “a big first step & huge impact following years of research, reporting and advocacy” by a number of human rights groups and media outlets, tweeted Ron Deibert, the director of Citizen Lab.
Citizen Lab, a University of Toronto-based watchdog group, was involved in analyzing a leaked list of more than 50,000 cellphone numbers, identifying more than 1,000 individuals in 50 countries who may have been targeted by the cyber-espionage firm.
“Other governments must now follow (Looking at you Canada),” he wrote.
The move is a “Major blow to NSO” agreed Citizen Lab senior researcher John Scott-Railton.
There are “a few consequences to keep an eye on” such as the “immediate impact on NSO's business practices & companies that will work with them” and a “dramatic chilling effect on investors & NSO's long term future,” he tweeted.
Sam Sokol contributed to this report.