3rd Party Risk Management
Cyberwarfare / Nation-State Attacks
Israeli Companies Barred From Exporting Spyware to Totalitarian Regimes
The Israeli government’s Ministry of Defense reportedly has cut the official list of countries to which Israeli companies’ cyber spyware can be exported from 102 to 37, reducing surveillance tool export market by two-thirds.
As reported, the latest list restricts cyber spyware companies in Israel from doing business with countries that were previously customers, such as Morocco, Mexico, Saudi Arabia and the United Arab Emirates.
The list is said to restrict companies from doing business with those who are involved in offensive cyber, countries where there are totalitarian regimes and countries where there are suspicions of a violation of civil rights, according to a report by Israeli business newspaper Calcalist. While the news is being widely reported by Bloomberg, Reuters and others, all outlets appear to be relying on this single source.
If confirmed, this move would mark a reversal of August’s relaxation of export rules around cyber offensive weapons made by Israel, prior to which Reuters reported Israeli Prime Minister Benjamin Netanyahu told a cyber conference in June, in response to demands to regulate the sector more as it grows: “But I think we have to take the risk, and it’s a considerable risk, of regulating less in order to grow more.”
Earlier this year, an investigation unveiled by Amnesty International and Forbidden Stories, a French-based nonprofit group, alleges that two Israeli companies – NSO Group and Candiru – supplied spyware to foreign governments which then used it to spy on dissidents, journalists and activists.
The new list of countries with which Israeli cyber companies can do business, as reported by Calcalist, includes Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S.
The report also claims that the Israeli cybersecurity industry exports of services are worth about $10 billion in sales, of which it is estimated that the export of offensive cyber represents about 10%, thus $1 billion. No estimate is given for the potential financial impact of reducing export markets.
Israel is now considered one of the largest cyber powers in the world, with 13% of the world’s cyber companies operating from Israel in the past year, reports Calcalist, which adds that over the past year, 29% of all investments in the field were directed to Israel, which currently has about 500 cyber companies.
While Information Security Media Group is not aware of any explanation being published as to why the list was narrowed down, the latest news follows actions taken by the U.S. Department of Commerce, which earlier this month blacklisted four Israeli spyware firms, including NSO Group and Candiru, for allegedly engaging in activities “contrary to the national security or foreign policy interests of the U.S.” (see: US Commerce Department Blacklists Israeli Spyware Firms).
Earlier this month, 10 U.K. lawmakers – seven members of Parliament and three lords – wrote a letter to British Prime Minister Boris Johnson demanding that the government end all its joint cybersecurity initiatives with countries that are known to have used NSO spyware to target dissidents, journalists and lawyers, among others, reports the Guardian newspaper.
The lawmakers cite the blacklisting by the U.S. and the findings from the Pegasus Project carried out in collaboration with The Citizen Lab that found two human rights activists now living in exile in London were targeted by Pegasus spyware (see: Citizen Lab: Bahrain Used Pegasus to Spy on Activists).
In addition, the French government reportedly pulled out of a deal with NSO Group after accusations surfaced in July that NSO’s flagship Pegasus spyware product was being used by an NSO customer to target President Emmanuel Macron of France (see: World Leaders Included on Alleged Spyware Targeting List).
Around the same time, the French government was in the process of closing a deal with NSO Group for its services, according to the MIT Technology Review.
In July 2021, officials from Israel’s Ministry of Defense visited NSO Group. The visit was prearranged and it did not include an audit or examination of computer systems or documents (see: Israeli Government Visits NSO Group Amid Spyware Claims).
In a statement, NSO Group had said, “The company is working in full transparency with the Israeli authorities. We are confident that this inspection will prove the facts are as declared repeatedly by the company against the false allegations made against us in the recent media attacks.”
Apple’s New Threat Notifications
Earlier this past week, the NSO Group also became the target of a lawsuit filed by Apple, which alleged that the spyware maker abused its products and services to carry out spying operations without the consent of the company or its users (see: Apple Sues NSO for Product and Service Abuse).
Now, in a separate development, Apple has announced a new initiative dubbed Apple threat notifications, which is designed to protect a user’s device against the attacks and to inform and assist users who may have been targeted by state-sponsored attackers.
“Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life. The vast majority of users will never be targeted by such attacks,” the company states.
If Apple discovers any activity, the company says it will notify the targeted users in two ways: by displaying a threat notification at the top of the page after the user signs into appleid.apple.com and by sending an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
Privacy Campaigners’ Response
Implementation of the notifications may serve to educate a wider audience about state-sponsored attacks, notes Hannah Hart, digital privacy expert at ProPrivacy, but she warns, “There’s also the potential for smaller-scale bad actors to take advantage of the threat notifications by launching carefully crafted phishing campaigns. These individuals might target Apple users with fake but convincing iMessages or emails claiming to be a threat notification, and ultimately pressure users into handing over personal details, logins, or even financial information.”
Apple has stated that the threat notifications will not require users to click links, download files, or share details – which should make detecting phishing scams a little easier, adds Hart.
But overall she welcomed the move is welcomed, saying, “While these consequential scams and false alarms could follow hot on the heels of Apple’s new notifications, they’ll also protect a vast swath of users – including journalists, activists, and critics, who could be at greater risk of being targeted by state-sponsored attacks.”