The US Department of Commerce has asked American companies to not sell their tech to NSO, citing reports that the group’s Pegasus spyware is used against journalists, government officials, activists, and more.
In its press release, the regulator says that the company is being added to the Entity List because its tool threatens the rules-based international order when its sold to repressive foreign governments.
Pegasus is a program designed to infect targets without notice, allowing police and intelligence agencies to get access to a phone’s text messages, photos, and passwords, all without leaving a trace.
The Department of Commerce says that NSO being added to the entity list, which restricts US companies from exporting products to it because the company poses a significant risk of being or becoming involved in activities that are contrary to the national security or foreign policy interests of the United States.
Meanwhile, NSO has said that its tool can’t be used to target American phone numbers, and the Department of Commerce and Pegasus Project haven’t contested that fact.
The Department of Commerce cited two more companies — one from Russia and one from Singapore — that it says are involved in selling hacking tools.
Pegasus spyware was recently in news because of The Pegasus Project, a collection of journalists who revealed a list of names seemingly connected to the spyware. That list included journalists, activists, heads of state, and others from across the globe, people that NSO says its software shouldn’t be used to target.
The Pegasus Project also analyzed a handful of journalists’ phones and found evidence that the spyware had been installed on them almost certainly by a government agency, as NSO says those are the only clients it’ll sell its software and services to.
