U.S. Government is Cracking Down on Pegasus
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Following recent attacks on world governments using Pegasus spyware, there have been many serious discussions had by government entities, cybersecurity firms, and human rights groups on what should be done about the spyware creator, NSO Group.
In a statement issued yesterday, four U.S. Representatives are calling the U.S. government to act against the Israeli cyberarms firm.
A Response to Reports that Pegasus is Used Against Peaceful Activists and Journalists
U.S. Representatives Tom Malinowski (NJ-07), Katie Porter (CA-45), Joaquin Castro (TX-20), and Anna G. Eshoo (CA-18) issued a statement yesterday following reports that NSO group’s Pegasus spyware has been used by authoritarian governments against non-criminal citizens. Such governments often target any public or private critics of their regimes not only in their own nations but in other countries as well.
Last week, it was reported that French President Macron was targeted by Morocco using NSO Group’s spyware, prompting the company to publicly state that their product is only to be used by governments for the purpose of fighting terrorism and crime. However, the U.S. Representatives have posited that such a claim would be like “selling guns to the mafia and believing they will only be used for target practice.” NSO Group has no mechanism in place to make sure that they are selling to their intended customer base and it is evident that their product has been purchased by the entities that they deny affiliation with. Authoritarian governments are known to often include human rights activists and journalists in the terrorist category as they pose a threat to their control.
The Representatives’ state that “the NSO Group’s denials are not credible, and show an arrogant disregard for concerns that elected officials, human rights activists, journalists, and cyber-security experts have repeatedly raised.”
RELATED READ How Can I Tell If Spyware Is On My Phone?
They are issuing a call to stop “hacking for hire” through the misuse of Pegasus.
“Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade,” say the Representatives.
“Companies that sell such incredibly sensitive tools to dictatorships are the A.Q. Khans* of the cyberworld. They should be sanctioned, and if necessary, shut down.”
*Abdul Qadeer (A.Q.) Khan is a Pakistani nuclear engineer known as the “Father of Pakistan’s Nuclear Bomb.” The Pakistani scientist has a decades-long record of involvement in the illegal transfer of nuclear materials and technologies to entities that aided Iran, Libya, North Korea, and potentially others.
The statement goes on to describe the United States’ involvement with private companies/contractors in developing intelligence and weapons technology. The U.S. and allies are known to partner with private companies or contractors to develop and provide “sensitive technologies,” however they are calling out NSO Group by stating that the U.S. “would never tolerate a company that contracts with the pentagon to develop [weapons] and then sells that technology on the open market to government that might use it against us.”
Cybersecurity Measures Necessary to Address Rising Threats
Here are the measures that the Representatives have put forth in their statement
- Call out private companies that sell cyber-intrusion tools to government with a history of misuse, both by name and in writing.
- Consider the immediate addition of the NSO Group and other companies engaged in similar activities to the Entity List (Department of Commerce) and place sanctions on their abusive clients under the Global Magnitsky Act, which authorizes the President to impose sanctions or deny entry into the U.S. to any foreign parties who engage in human rights abuse or corruption.
- Establish by legislation or executive order a sanctions regime to hold companies and individuals accountable for selling such tools to authoritarian governments.
- Ensure that NSO Group and similar entities do not have access to American investors funds
- “Accelerate efforts to finalize accession tot he Wassenaar Arrangement’s limited controls on cyber-intrusion tools, lead a multilateral initiative to impose strengthened controls with transparent human rights assessments on items with surveillance capabilities, and consider SEC regulations requiring companies to publicly disclose exports of technologies with surveillance capabilities and to carry out published human rights due diligence for any such exports.”
- Investigate whether or not American citizens (journalists, human rights groups, diplomats, etc.) are possible targets of Pegasus spyware, whether national security in the U.S. has been harmed, and take steps to protect the citizens and federal employees from such a threat.