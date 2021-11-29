Israel is cracking down on its spyware vendors
Israel’s government is belatedly reining in the notorious NSO Group and other spyware vendors amid a wave of international opprobrium directed at the industry.
The move marks a signal victory for the idea that nations can impose some rules of the road on the Wild West of cyberspace.
Israel’s Ministry of Defense slashed the number of nations its companies can sell cybersecurity tools to without a special license — from 102 down to 37, according to a list obtained by the Israeli business publication Calcalist.
Cut from the list: Several nations where NSO’s Pegasus spyware was used to surveil and harass journalists, dissidents and civil society groups, including Morocco, Mexico, Saudi Arabia, and the United Arab Emirates, Calcalist’s Meir Orbach reports.
About time?
U.S. officials have pushed such norms for more than a decade, aimed at reducing the chance of cyber conflict and promoting stability and respect for human rights. They want to limit the use of hacking tools for government repression, along with barring nations from hacking each other's critical industries and removing safe havens for criminal hackers.
They’ve had limited success changing the behavior of U.S. adversaries such as Russia and China. But they’ve fared far better at establishing what’s in and out of bounds for nations that share basic democratic values.
“This shows that Israel is a country that doesn’t want to be on the other side of normative opinion [on cyber issues], not just from the U.S. but from many other countries,” Chris Painter, the top cyber diplomat during the Obama administration, told me. “It shows that when countries consider themselves bound by basic democratic principles, you can make some progress on cyber norms.”
Under pressure
Israel’s about-face comes after a wave of international condemnation of NSO.
Extensive reporting by The Post and other media found that the company’s Pegasus spyware was routinely used by its government clients to cow political opponents and enable repression.
- The Biden administration took its strongest move against NSO earlier this month, blocking U.S. companies from selling technology to the company and to another Israeli spyware firm Candiru.
- The White House earlier banned U.S. companies from selling commercial hacking tools to repressive regimes including China and Russia. The move aligned the United States with 42 ally nations that are members of the Wassenaar Arrangement, which limits exports of technology that can be used for military purposes, including spying and hacking.
- Apple sued NSO last week for hacking its customers. WhatsApp filed a similar lawsuit in 2019 that’s working its way through the legal system.
- Experts at the United Nations have called for a moratorium on international sales of all surveillance technology until countries can agree how to enforce human rights standards.
Some NSO critics are skeptical Israel’s moves will make a big difference.
They fear NSO and similar companies will exploit loopholes such as selling spyware to third parties that sell it to autocratic regimes in turn.
Citizen Lab Senior Researcher John Scott-Railton described the move on Twitter as “damage-control, misdirection & overstatement for an international audience.” Citizen Lab has done extensive research identifying how Pegasus was used improperly and on other spyware vendors.
Israel's move will undoubtedly add to a list of woes for NSO.
Moody’s recently downgraded the firm’s credit rating, and NSO is at increasing risk of defaulting on $500 million in debt. NSO’s incoming chief executive Isaac Benbenisti stepped down before he even took office, citing the difficulty of leading the company following the U.S. blacklisting.
NSO officials have repeatedly denied that their spyware is misused by government clients. They’ve also argued the surveillance they enable is vital to preventing terrorist attacks.
We're a long way from fixing the spyware problem.
Even if Israel's moves prompt widespread reform within the country, they're unlikely to stem the misuse of spyware by other governments. A recent report from the Atlantic Council think tank identified about 224 companies that sell surveillance and hacking tools, just 27 of which are based in Israel.
Israel and Iran have traded cyberattacks in recent weeks, U.S. and Israeli officials say
Days later, an Iran-linked hacking group calling itself Black Shadow breached an Israeli LGBTQ dating app and a network of health clinics. The group publicly posted files stolen in the hacks, including data on 1.5 million Israelis. The group is either an arm of the Iranian government or a group of hackers working for Iran, three senior Israeli officials said.
Regular citizens were caught in the middle of both of the attacks. The hack of the Iranian fuel stations “appeared aimed at generating another wave of anti-government unrest” in the country, Fassihi and Bergman write. The hack of LGBTQ dating app Atraf threatened to out Israelis who hadn’t publicly spoken about their sexuality.
“Perhaps there’s a war going on between Israel and Iran, but from the little civilian’s perspective we are being held as prisoners here in the middle and are helpless,” Israeli radio editor Beni Kvodi told the Times.
It's not clear how the hacks will end. “Each side blames the other for the escalation, and even if there were the will to stop it, it’s hard to see how this genie gets recorked,” Fassihi and Bergman write.
The hacker who breached the brokerage app Robinhood fooled a customer service agent by posing as an insider
The hacker duped the representative into turning over the keys to online accounts by posing as someone from within the company, Bloomberg’s Annie Massa, William Turton and Jack Gillum report. The hacker ultimately obtained 5 million customer email addresses, 2 million names and detailed personal information about 310 customers, the company said.
“Robinhood didn’t learn of the lapse until the rep got home and told a relative about the strange call — and was promptly advised to escalate it, according to a person familiar with the matter,” Massa, Turton and Gillum write. “Only then did the employee inform the company,” they write.
Robinhood declined to comment to Bloomberg. Its customers haven’t faced financial losses because of the incident, according to the company.
Israel is resuming a phone surveillance program to track cases of the new coronavirus variant
The tracking system has been revised after a similar program sparked controversy last year. Under the previous system, Israelis were ordered to quarantine if the system showed they were in close contact with people who tested positive for the coronavirus. It prompted challenges from civil liberties groups, opposition politicians and the country’s Supreme Court.
The system also had performance issues. Nearly 400,000 Israelis were mistakenly quarantined, the high court said.
Shin Bet, Israel’s domestic security agency, is limiting the new system to tracking infections of the omicron variant, Haaretz’s Yaniv Kubovich reports. People who are suspected of having come into contact with infected people will not be ordered to quarantine. Instead, they will be instructed to get tested.
Shin Bet wants another agency to do the tracking. Agency officials repeated the longstanding request at a meeting of the country’s coronavirus cabinet. They argue the operation could undermine public trust in Shin Bet's other work.
Shin Bet also argues that the system is only effective when the number of cases is low. The agency will ask for the system to be shut down if dozens or hundreds of omicron cases emerge in the country, Kubovich reports.
The move is among several Israel is making to stem the tide of the latest coronavirus variant, Shira Rubin reports.
- The country is also closing its borders to foreigners
- Israel has already confirmed one case of the new variant. At least seven other people in the country are suspected to be infected.
- Just three of the suspected cases recently went abroad, indicating that the variant could already be transmitting within the country.
