President Joe Biden signed an executive order Monday curtailing the use of digital spy tools after finding at least 50 US government staffers have been targeted with malicious spyware while stationed overseas.
An extensive government review, dating back to 2021, found US personnel were targeted while stationed across ten different countries.
Senior cabinet officials say the discovery prompted the President to introduce new rules in an effort to curb the use of commercial hacking tools and send a message to cyber vendors producing and selling the spyware.
Officials say other reports have found the malicious hacking tools are being bought by foreign governments, including in the Middle East and Africa, and repeatedly used against dissidents, human rights defenders, and journalists.
The new rules would ban certain spyware vendors from selling to US government agencies if they are found doing business with foreign governments identified by US intelligence as known abusers of human rights.
The new restrictions would also apply to the makers of any commercial spyware platform used against US staffers.
"We needed to have a standard where if we know that a company is selling to a country that is engaged in these outlined activities, that in and of itself is a red flag," a senior administration official said.
Senior officials said restricting what the US government defense, law enforcement, and intelligence agencies are allowed to purchase will pressure the spyware industry to curtail the sale of malicious tools to countries with poor human rights track records.
"We have clearly identified the proliferation and misuse of spyware as a threat to national security. The threat of misuse around the world also implicates our core foreign policy interests," one US official said.
In 2021, Reuters was the first to report at least nine US State Department personnel had been targeted with highly sophisticated commercial spyware, by an unknown threat actor.
The threat actor had hacked the employees' Apple iPhones using Pegasus spyware, which was developed by the Israeli tech company, NSO.
At the time, Pegasus was considered one of the world’s most powerful cyber weapons.
A senior official cited the Reuters report as a reason for the broader internal government review.
The US government bought the spyware itself in 2021, but because of its controversial nature, abandoned ever using it.
Pegasus is currently being used in over 45 countries worldwide, although the Israeli government prevented NSO from selling Pegasus to Ukraine in early 2022 for fear of damaging relations with Russia.
In 2019, Microsoft, Google, Apple, and WhatsApp, filed a suit against the Israeli spyware maker, claiming Pegasus posed a fundamental risk to human rights.
The Big Tech vs NSO case will be heard in the US Supreme Court later this year.
Your email address will not be published. Required fields are markedmarked