Skip to main content

After Pegasus affair, Israeli tech companies fear US blacklisting

It is still too early to tell if the Pegasus affair and US blacklisting of some cyberattack companies will harm the Israeli industry or actually boost global demands for such products.
This studio illustration shows a smartphone with the website of Israel's NSO Group, which features Pegasus spyware, July 21, 2021.

The announcement by the US Department of Commerce that it was placing Israeli cybersecurity companies on its blacklist sent shockwaves through Israel’s entire cyber sector. The industry, with tools used both offensively and defensively, is considered one of the best in the world.

The concern now is that being on the US blacklist will have an immediate impact on an industry that is a major player in the Israeli economy. On the other hand, the fact that these companies’ successes have elicited such a sharp response from the Americans could increase demand for their other cyber products, most of them used as security tools.

So far, the Commerce Department has announced that two Israeli companies, NSO and Candiru, would be added to a list of groups that operate against the national interests of the United States. Their products, says the Commerce Department, are being used by authoritarian regimes to suppress local democratic forces: “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent.”

What the decision means in practical terms is that the companies in question will need to obtain a special license to do business in the United States. Also, it will be harder for them to use any American services whatsoever, from accounting programs to the cloud. Furthermore, it is not at all certain that they will be able to obtain the special license in the first place. The US government has become especially sensitive after news leaked of an extensive cyberattack against the company Solar Winds and through it many government agencies in the United States. Apparently, the attack itself originated with hackers tied to Russia.

NSO was listed because of a series of investigations into its Pegasus spyware, which revealed it was being used around the world for illegitimate purposes such as tracking journalists and human rights activists. While the company denied the findings, other Western intelligence agencies (including those of France and Belgium) confirmed them. The decision by the Commerce Department is especially severe. It comes after an extensive investigation by the US administration itself.

Investigations into the NSO discovered that it sold its cellphone spyware program to nations and organizations, which allegedly used them illicitly, including in efforts to track opponents of the regime. In this context, it has been mentioned that the program allegedly played a role in the Khashoggi incident in which an opponent of the Saudi government was murdered in the Saudi Consulate in Turkey. It was also reported that the program was installed in the phone of French President Emmanuel Macron, apparently by Moroccan intelligence (though the Moroccans deny it). And these are just two of a long list of cases from around the world.

As a result of all of this, several large corporations have cut ties with NSO, including the video meeting site Zoom, programming and hardware giant Intel, and others. The US-based Jefferies Investment Bank, which managed loans and debt repayments for NSO and helped with other administrative activities, particularly on Wall Street, also cut ties with the company.

These and other incidents have led to reports that the Israeli company is considering selling its Pegasus spyware program altogether. On the other hand, it is doubtful whether this will help the company recover.

The problem isn’t just with NSO either. Meta, the latest iteration of Facebook, just blocked seven spyware companies from its platforms too. It should be noted that most of these companies were Israeli. Meta will now take steps to warn some 48,000 clients whom it believes were targets of malicious activity by these spyware firms.

The decision comes in the wake of a monthslong investigation of malicious cyberware for hire. Meta now claims that it uncovered new details about the way spyware companies allow their clients to indiscriminately target people across the internet to collect intelligence about them, manipulate them and ultimately compromise their devices. Among the seven cybersurveillance companies named by Facebook in its investigation are the Israeli firms Black Cube, Cobwebs, Bluehawk and Cognyte. Also mentioned was the Macedonian firm Cytrox, which has extensive meta-activity in Israel.

Many of these companies claim that the groups that hire their services do so in order to fight organized crime and terrorism. Facebook contests this claim after having found that the sector regularly allows its clients to spy on journalists, opponents of various regimes, critics of totalitarian governments, and human rights activists and their families.

Black Cube responded that it “does not undertake any phishing or hacking and does not operate in the cyber world. Black Cube is a litigation support firm which uses legal Humint investigation methods to obtain information for litigations and arbitrations. … Black Cube obtains legal advice in every jurisdiction in which we operate in order to ensure that all our agents’ activities are fully compliant with local laws.”

These reports have put Israeli companies dealing with cybersurveillance on the defensive. Many of them are staffed by graduates of the Israeli defense establishment, which is known for its abilities in this field. Ten years ago, they allegedly infected the software used by the Iranian nuclear program with the Stuxnet virus, resulting in a lengthy slowdown of Iran’s nuclear project.

The current assessment is that the industry at large will not be hurt by these developments. In fact, it may even benefit from them, even if one or two companies are forced to shut down or see their activities limited. According to a top executive in an Israeli company even larger than NSO, the incidents led to an increased demand in the companies’ projects, with multiple international bodies, including countries and companies, making inquiries. He told Al-Monitor on condition of anonymity that these concerned aggressive cyberwarfare tools but also more benign cybersecurity tools. “If we know how to launch attacks, it stands to reason that we know how to defend ourselves from attack as well.”

This was confirmed by Shay Michel, general manager of Merlin Ventures TLV. He told Al-Monitor that while it is placing restrictions on the companies, the administration in Washington is very interested in the capabilities of these companies in order to protect its own organizations and as a lesson from the Solar Winds incident about private companies that provide services to the government.

While the NSO affair is not over yet, Israel’s commercial figures reflect global interest in these sorts of products. According to the Ministry of Commerce, there was an 11.6% increase in the import of business services from Israel during the first quarter of 2021, amounting to $43.4 billion. All in all, there has been an increase, on average, of 13% per annum since 2016. A significant part of this was made up of high-tech exports, especially cyber technology exports.

The abovementioned top executive sums it up as follows: “The Biden administration inadvertently conducted an advertising campaign on behalf of Israel’s cyber industry. Anyone who wants to launch an attack knows that the best tools for that can be found right here. Much more importantly, however, this is also true for any country or body that needs to defend itself from cyberattacks.”