White House claims that phone spyware overseas was used to target 50 US officials

Senior administration officials indicated this week that at least 50 U.S. government workers have had their mobile phones targeted with commercial spyware in at least 10 foreign nations, and that number is anticipated to rise as the inquiry goes on.

‍

The disclosure comes as the White House unveils a new executive order to prohibit the use of commercial malware that endangers national security and human rights of the US government. The decision, which was announced on Monday, comes in the aftermath of a protracted debate about the use of Pegasus, a potent spyware, by foreign governments to hack journalists, human rights activists, and dissidents worldwide. Also, it occurs this week when the government is co-hosting the second World Conference for Democracy.

‍

Late in 2021, Apple warned around a dozen Americans. Embassy personnel in Uganda were informed that Pegasus, military-grade spyware created by Israel-based NSO Group, which has dozens of governments as clients, had been used to hack into their iPhones. The tool, which is frequently launched by "zero-click" malware that doesn't even require the target to click on a link, enables users to steal digital files, listen in on conversations, and monitor the movements of targets.

‍

The Biden administration was surprised by the most recent statistic, which showed at least 50 government personnel.

“We were surprised at the number of cases," said

 one senior administration official. He noted that dozens of government officials, including some of the highest-ranking officials, had devices that appeared or were confirmed to have been hacked by commercial spyware. There was no specific information provided by the office regarding the company's software used or who had deployed the malware. “Our initial suspicion was that [such spyware] could pose counterintelligence and security risks when we started this process. As time passed, we realized that security and counterintelligence risks were becoming increasingly substantial."

"We cannot rule out that there will be more instances of targeted personnel being identified, as the effort to identify additional targeted personnel continues," the official said.

The individual mentioned that steps were being done to reduce the threats that the tools posed. He spoke on the condition of anonymity as per White House guidelines.

‍

The Commerce Department's placement of NSO Group on a trade blacklist known as the Entity List, a significant action that forbade the export of any hardware or software from the United States to NSO, cutting off a crucial source of technology and sending a signal to potential investors, precedes the executive order by more than a year. When abuse of human rights is discovered, the corporation canceled contracts and claims that its human rights standards "are based on the American ideals we passionately embrace."

‍

NSO Group is blacklisted by the Biden administration because of Pegasus spyware

‍

NSO Group, however, is only one of the dozens of firms that develop spyware, according to experts. Most of these firms are smaller or less well-known than NSO Group, and many of them, according to officials, operate with impunity in an area that is mostly uncontrolled. According to John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, a cybersecurity research organization, the ruling is a positive step toward defining boundaries worldwide.

‍

According to Scott-Railton, who has worked on multiple investigations into Pegasus, "it will curtail worldwide spyware growth by putting corporations and investors on notice that time is running out for 'anything goes' business tactics."

‍

The directive forbids federal agencies from deploying commercial spyware if it has been used to hack or target U.S. government devices or persons, or if it has been used to violate human rights, such as by targeting dissidents. It was the result of a White House review that started in the late summer of 2021. In order to prevent providing a "perverse incentive" for businesses to migrate to the United States in order to circumvent regulations, it applies to malware developed by both international and domestic organizations, the official added.

‍

According to the official, there is an exception for malware that may be required to test defenses against hackers or assist U.S. authorities in developing defensive cyber measures.

‍

The FBI came under fire last year for press revelations that it had considered deploying Pegasus. Director Christopher A. Wray claimed, when questioned by lawmakers at a House Intelligence Committee hearing in March, that the FBI merely bought a license for Pegasus spyware to analyze it and never utilized it. " The NSO products were not used operationally by the FBI in any investigation," he stated.

‍

FBI acknowledges it tested NSO Group's spyware

‍

The United States has not been a significant market for commercial spyware, so Rep. Jim Himes (D-Conn.), a ranking member on the House Intelligence Committee, was originally skeptical of the effects a prohibition may have. However, he claimed that the White House surveyed intelligence organizations and discovered that "a number of technology companies are actually very keen to sell to the U.S., which would suggest that they're going to be very careful about the nature of their product, what it's used for, and who uses it."

‍

At this week's democracy summit, the United States will emphasize combating the misuse of technology and rising "digital authoritarianism," according to a second official.

‍

Following a July 2021 investigation by The Washington Post and 16 other news organizations into the operations of NSO Group, the Commerce Department listed NSO Group and three other businesses as entities and opened an inquiry into Pegasus.