US Dept of Commerce sanctions NSO Group, Positive Technologies, other makers of snoopware

Yeah, that ought to do the trick


Updated The US government's Dept of Commerce on Wednesday sanctioned four companies in Israel, Russia, and Singapore for selling software used to break into computer systems and by foreign governments to suppress dissent.

The department's Bureau of Industry and Security (BIS) added Israel-based firms NSO Group and Candiru to its Entity List "based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers."

BIS also added Russia-based Positive Technologies, sanctioned in April for selling weaponized software to Russia, and Singapore-based Computer Security Initiative Consultancy Pte Ltd (COSEINC) for offering software used "to gain unauthorized access to information systems."

“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad," said US Secretary of Commerce Gina Raimondo in a statement.

The Commerce Department attributed the decision to sanction the four companies to the Biden-Harris administration's commitment to put human rights at the center of US foreign policy.

Inclusion on the Entity List disallows the export of hardware and software in the US to named organizations or individuals unless approved by the Commerce Department. US companies may still do business with named entities, but such transactions are frowned upon: "BIS considers that transactions of any nature with listed entities carry a 'red flag' and recommends that US companies proceed with caution with respect to such transactions," the Commerce Department explains.

The decision to sanction the four firms follows from export controls outlined last month by the Commerce Department to adopt rules consistent with the 1996 Wassenaar Arrangement, an international arms control agreement that extends to "intrusion software."

Positive Technologies, Candiru, and COSEINC did not immediately respond to requests for comment. El Reg's Gareth Corfield noted earlier this isn't the first time the US government has tried to crack down on Positive Technologies:

In an email to The Register, NSO Group said it intends to lobby to have the decision undone.

"NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed," a company spokesperson said.

"We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products."

Amnesty International, which earlier this year published a report in conjunction with French advocacy group Forbidden Stories alleging that NSO's Pegasus spyware was widely used to violate human rights and to target government officials and members of civil society, described the Commerce Department's action as confirmation of its findings.

This decision sends a strong message to NSO Group that it can no longer profit from human rights abuses without repercussions

"With this move, the US government has acknowledged what Amnesty and other activists have been saying for years: NSO Group’s spyware is a tool of repression, which has been used around the world to violate human rights," said Danna Ingleton, deputy director of Amnesty Tech, in a statement. "This decision sends a strong message to NSO Group that it can no longer profit from human rights abuses without repercussions."

Ingleton described the Entity List inclusion as "a day of reckoning for NSO Group’s investors" – which includes multiple US pension funds through their respective stakes in NSO Group backer Novalpina Capital – and questioned whether they will be willing to continue to bankroll a firm accused of violating human rights.

"The threats posed by surveillance technology are bigger than one company," said Ingleton. "This dangerous industry is out of control, and this must spell the end of the impunity spyware companies have so far enjoyed. We need an immediate global moratorium on the export, sale, transfer and use of surveillance technology until there is a human rights-compliant regulatory framework in place." ®

Updated to add

On Thursday, Positive Technologies published a statement from CEO Denis Baranov on its website. He said the action by the Department of Commerce would have little or no impact on the company’s business.

"Every one of our developments is strictly protection-focused. The time is ripe to develop tools of this kind, and we shall continue to do so," he said.

"On what basis the DOC included us in this list, we do not know. In any case, we preempted the sanctions risks ahead of time, and now they pose no additional threats to us."

Broader topics


Other stories you might like

  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading
  • Supreme Court urged to halt 'unconstitutional' Texas content-no-moderation law
    Everyone's entitled to a viewpoint but what's your viewpoint on what exactly is and isn't a viewpoint?

    A coalition of advocacy groups on Tuesday asked the US Supreme Court to block Texas' social media law HB 20 after the US Fifth Circuit Court of Appeals last week lifted a preliminary injunction that had kept it from taking effect.

    The Lone Star State law, which forbids large social media platforms from moderating content that's "lawful-but-awful," as advocacy group the Center for Democracy and Technology puts it, was approved last September by Governor Greg Abbott (R). It was immediately challenged in court and the judge hearing the case imposed a preliminary injunction, preventing the legislation from being enforced, on the basis that the trade groups opposing it – NetChoice and CCIA – were likely to prevail.

    But that injunction was lifted on appeal. That case continues to be litigated, but thanks to the Fifth Circuit, HB 20 can be enforced even as its constitutionality remains in dispute, hence the coalition's application [PDF] this month to the Supreme Court.

    Continue reading
  • How these crooks backdoor online shops and siphon victims' credit card info
    FBI and co blow lid off latest PHP tampering scam

    The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.

    It's an age-old problem: someone breaks into your online store and alters the code so that as your customers enter their info, copies of their data is siphoned to fraudsters to exploit. The Feds this week have detailed one such effort that reared its head lately.

    As early as September 2020, we're told, miscreants compromised at least one American company's vulnerable website from three IP addresses: 80[.]249.207.19, 80[.]82.64.211 and 80[.]249.206.197. The intruders modified the web script TempOrders.php in an attempt to inject malicious code into the checkout.php page.

    Continue reading

Biting the hand that feeds IT © 1998–2022