Israel’s Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms in the country are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list.
The revised list, details of which were first reported by the Israeli business newspaper Calcalist, now only includes 37 countries, down from the previous 102:
Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Iceland, India, Ireland, Italy, Japan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, New Zealand, Norway, Portugal, Romania, Slovakia, Slovenia, South Korea, Spain, Sweden, Switzerland, the Netherlands, the U.K., and the U.S.
Notably missing from the list are countries such as Morocco, Bahrain, Saudi Arabia, and the U.A.E, which have been previously identified as customers of Israeli spyware vendor NSO Group. In curtailing the exports, the move effectively makes it harder for local cybersecurity firms to market their software to countries with totalitarian regimes or with a track record of perpetrating human abuses.
The move comes close on the heels of the U.S. Commerce Department adding NSO Group and Candiru to its trade blocklist for developing and supplying sophisticated interception or intrusion capabilities to foreign governments that then used the spy tools to strike journalists, activists, dissidents, academics, and government officials across the world.
Earlier this week, Apple followed with its own salvo, filing a lawsuit against NSO Group and its parent company Q Cyber Technologies for illegally targeting its users with Pegasus, military-grade spyware that’s designed to harvest sensitive personal and geolocation information and surreptitiously activate the phones’ cameras and microphones.
“By marketing to [U.S./NATO adversaries], these firms signal that they are willing to accept or ignore the risk that their products may bolster the capabilities of authoritarian and/or adversary governments, which may use their products to target vulnerable populations within their country or conduct foreign espionage more effectively,” Atlantic Council said in a report published earlier this month detailing the proliferation of the cyber-surveillance industry.