U.S. blacklists Israeli hacking tool vendor NSO Group – Reuters

A fence surrounds the U.S. Department of Commerce in Washington October 5, 2013. REUTERS/Mike Theiler
WASHINGTON, Nov 3 (Reuters) – The U.S. Commerce Department added Israel's NSO Group and Candiru to its trade blacklist on Wednesday, saying they sold spyware to foreign governments that used the equipment to target government officials, journalists and others.
Positive Technologies of Russia, and Computer Security Initiative Consultancy PTE LTD, from Singapore, were also listed. The Department said they trafficked in cyber tools used to gain unauthorized access to computer networks.
The companies' addition to the list, for engaging in activities contrary to U.S. national security or foreign policy interests, means that exports to them from U.S counterparts are restricted. It for instance makes it far harder for U.S. security researchers to sell them information about computer vulnerabilities.
"We are not taking action against countries or governments where these entities are located," said a spokesperson for the U.S. State Department.
Suppliers will need to apply for a license before selling to them, which is likely to be denied.
In the past, the NSO Group and Candiru have been accused of selling hacking tools to authoritarian regimes. NSO says it only sells its products to law enforcement and intelligence agencies and takes steps to curb abuse.
'DISMAYED'
An NSO spokesperson said the company was "dismayed" by the decision since its technologies "support U.S. national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed."
NSO will present information regarding its "rigorous" compliance and human rights programs, "which already resulted in multiple terminations of contacts with government agencies that misused our products," the spokesperson said in an e-mailed statement to Reuters.
The Israeli defence ministry, which grants export licenses to NSO, declined to comment on the matter.
Contact information for Candiru was not available.
The Biden administration imposed sanctions on Positive Technologies, a Russian cybersecurity firm, this year for providing support to Russian security services. The company denies any wrongdoing.
Positive Technologies said the new sanctions will not affect their business and will not prevent the company from a planned public listing.
"We do not know on what grounds the U.S. Commerce Department added us to the list," General Director Denis Baranov said in an emailed comment.
"Anyway we repelled sanction risks earlier and they do not pose additional threats for us now," he wrote.
Computer Security Initiative Consultancy PTE LTD, also known as COSEINC, did not immediately respond to requests for comment.
A former U.S. official familiar with Positive Technologies, who spoke on condition of anonymity, said the firm had helped establish computer infrastructure used in Russian cyberattacks on U.S. organizations.
COSEINC founder Thomas Lim is known for organizing a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity. An email published by WikiLeaks in 2015 suggested Lim had also previously offered to sell hacking tools to infamous Italian spyware vendor HackingTeam.
Lim did not immediately respond to a request for comment sent to a social media account he owns.
Export control experts say the designation could have a far broader impact on the listed companies than simply limiting their access to U.S. technology.
"Many companies choose to avoid doing business with listed entities completely in order to eliminate the risk of an inadvertent violation and the costs of conducting complex legal analyses," said Kevin Wolf, former assistant secretary of Commerce for Export Administration during the Obama administration.
The entity list was increasingly used for national security and foreign policy aims during the Trump administration. Chinese telecom company Huawei (HWT.UL) was added in 2019, cutting it off from some key U.S. suppliers and making it difficult for them to produce mobile handsets.
Our Standards: The Thomson Reuters Trust Principles.
Subscribe for our daily curated newsletter to receive the latest exclusive Reuters coverage delivered to your inbox.
Reuters, the news and media division of Thomson Reuters, is the world’s largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.
Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.
The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.
The industry leader for online information for tax, accounting and finance professionals.
Information, analytics and exclusive news on financial markets – delivered in an intuitive desktop and mobile interface.
Access to real-time, reference, and non-real time data in the cloud to power your enterprise.
Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.
All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.
© 2021 Reuters. All rights reserved

source