Heimdal
article featured image

Contents:

At least 50 US government officials are either suspected or confirmed to have been targeted by invasive commercial spyware designed to hack mobile phones, extract data, and track the movements of the victims.

An executive order limiting the use of a class of potent surveillance tools by the American government was signed by President Biden on Monday. These tools have been abused by governments around the world, both autocracies and democracies, to spy on political dissidents, journalists, and human rights activists.

Analyzing the Executive Order

The new rules will prohibit federal government departments and agencies from using commercial spyware if the vendors are found doing business with foreign governments identified by US intelligence as known abusers of human rights, or if the spyware could pose security risks if installed on U.S. government networks. Additionally, the restrictions would also apply to the makers of any commercial spyware equipment used against U.S. staffers.

The order covers only spyware developed and sold by commercial entities, not tools built by American intelligence agencies.

“We needed to have a standard where if we know that a company is selling to a country that is engaged in these outlined activities, that in and of itself is a red flag,” a senior administration official said.

Restricting what the US government defense, law enforcement, and intelligence agencies are allowed to purchase will pressure the spyware industry to reduce the sale of malicious tools to countries that have poor human rights track records.

If you want to read in more detail what the Executive Order provides, you can access the fact sheet issued by the White House here.

Reviews Date Back to 2021

According to Cybernews, a senior official cited a Reuters report issued in 2021 as a reason for the broader internal government review. In 2021, Reuters reported that at least nine US State Department personnel had been targeted by an unknown threat actor with highly sophisticated commercial spyware.

The threat actor used the Pegasus spyware, developed by the Israeli tech company NSO, to hack the employees’ iPhones and access data. At the time, Pegasus was considered to be one of the most powerful cyber weapons.

Currently, Pegasus is in use in more than 45 nations, but the Israeli government forbade NSO from selling Pegasus to Ukraine in early 2022 out of concern for its relations with Russia.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE