A notorious commercial spyware developer has spent millions of dollars lobbying the US government in a bid to get itself removed from a trade blacklist, according to a new report.
NSO Group is the Israeli firm behind the Pegasus spyware, which is the subject of lawsuits from WhatsApp and Apple.
Delivered via zero-click exploits, the spyware has allegedly been used by autocracies to spy on tens of thousands of targets, including political dissidents, human rights activists, journalists and even heads of state.
Read more on commercial spyware: New Zero-Click iOS Exploit Deploys Israeli Spyware.
In 2021, NSO Group was added to a US export blacklist designed to prevent it from buying components from American companies.
However, the firm has been quietly seeking to influence US government thinking over the past few years, according to a new report from Open Secrets.
Based on Foreign Agents Registration Act disclosures filed with the Justice Department, the report revealed that NSO Group has paid foreign agents over $2.9m for lobbying work in the US since 2020.
This includes a $1.1m outlay on PR and law firms in 2022, which the report claimed is more than the government of Israel spent on US lobbying during the same period.
NSO group has always denied its malware is used to commit human rights abuses and argues it sells products solely for legitimate law enforcement purposes.
Meta’s WhatsApp took NSO Group to court in 2019 over allegations that the Israeli firm developed and helped to deploy malware that was used to target its users. The Supreme Court gave the go-ahead for the case to continue earlier this year.
Apple followed suit in 2021, taking legal action “to prevent further abuse and harm” to users of its products. The tech giant said at the time it would be seeking a permanent injunction banning NSO Group from using its products and services.
The White House has become increasingly hostile to commercial spyware makers. In March, a new executive order banned US government use of any tool that has previously been misused by foreign states to spy on citizens, dissidents and activists, or that poses a counterintelligence or security risk.
The tech industry has also announced a new initiative designed to push back against what it describes as “cyber mercenaries.”
Editorial image credit: T. Schneider / Shutterstock.com