After U.S. State Dept. Employees Hacked, Israel Tightens Supervision of Cyber Technology

Israel's Defense Ministry said Monday that it was tightening oversight on exported cyber technology by having any countries that purchase it sign a declaration and threatening sanctions against any who misuse it, the Associated Press reported.

The move comes in the wake of the revelation that 11 employees of the U.S. State Department had been hacked with spyware from Israeli company NSO Group, which has been the subject of several controversies in recent months.

Though the Israeli Defense Ministry did not mention NSO Group by name, its announcement came days after the State Department hacking was disclosed, the AP reported. This was the first known time that U.S. government employees were targeted with the company's Pegasus spyware.

All of the targeted employees, which included some foreign service officers, were in Uganda, the AP reported, citing a person familiar with the issue who spoke on condition of anonymity. In a statement released Friday, NSO Group said that it immediately shut down all customers "potentially relevant to this case" upon hearing reports of the hacking, but noted that it hadn't received any confirmation that it was NSO's technology used in the attack.

"If the allegations turn out to be true, they are a blunt violation of all commitments and agreements that company has with its customers, and the company will take legal action against these customers," the statement said.

Now, any countries that purchase Israeli cyber technology will be required to sign a declaration promising to use the tools "for the investigation and prevention of terrorist acts and serious crimes only," the Defense Ministry said. Any nations that breach the terms of use may also face sanctions, including potentially having their access to the technology limited or halted, according to the AP.

For more reporting from the Associated Press, see below.

Israel Tightens Cyber Oversight
Israel’s Defense Ministry said in a statement December 6, 2021, that it is tightening supervision over cyber exports—a move that follows a series of scandals involving Israeli spyware company NSO Group. Above, a logo adorns a wall on a branch of the Israeli NSO Group company, near the southern Israeli town of Sapir, on August 24, 2021. Sebastian Scheiner/AP Photo

Last month, the U.S. Commerce Department blacklisted NSO, barring the company from using U.S. technology. The blacklisting has raised questions about NSO's financial outlook and ability to survive, and the company has acknowledged that it is trying to reverse the decision.

Apple also sued NSO last week over its hacking of iPhones and other Apple products, calling the Israeli company "amoral 21st century mercenaries." Facebook has filed a lawsuit over similar allegations that it intruded its popular WhatsApp messaging system.

Pegasus allows its operator to gain access to a target's mobile phone, including contacts, text messages and real-time communications.

NSO says it sells its technologies to governments only to battle crime and terrorism and that it has strict safeguards to prevent abuse. Company officials have acknowledged cutting off several customers due to misuse.

However, human rights groups and outside researchers have said the company's safeguards are insufficient. They say customers have abused Pegasus to keep tabs on journalists, human rights activists and political dissidents from Mexico to Saudi Arabia to the Israeli-occupied West Bank. Critics have also accused Israel of lax oversight over the digital surveillance industry.

NSO declined to comment on the Defense Ministry guidelines.

Israel has previously said that cyber exports are limited to fighting crime and terrorism. Under the new guidelines, the ministry said the definitions "have been sharpened, in order to avoid blurring boundaries in this context."

"The updated statement states that terrorist acts are, among other things, acts that are intended to threaten a population and may result in death, injury, hostage-taking and more," it said. It also said it was clarifying "the circumstances in which the operation of the cyber system is prohibited and explicitly clarifies the existence of the possibility of imposing sanctions in the event of a violation of the provisions."

State Department Employees Hacked
It was revealed last week that 11 employees of the U.S. State Department had been hacked with spyware from Israeli company NSO Group, which has been the subject of several controversies in recent months. Above, Secretary of State Antony Blinken speaks during a virtual meeting at the State Department in Washington on February 26, 2021. Manuel Balce Ceneta/AP Photo