Thursday, December 26

U.S. blacklists spyware companies Intellexa and Cytrox, citing security threats

The Biden administration on Tuesday added foreign commercial spyware companies Intellexa and Cytrox to a federal “entity list” that prohibits American companies from engaging in certain trade activities with them, after determining they pose a threat to U.S. national security and foreign policy interests.

The decision is part of an ongoing effort to address the proliferation and misuse of commercial spyware, according to senior administration officials, who spoke on the condition of anonymity to brief reporters on the matter. The move is the most significant since President Biden issued an executive order in March that sets limits on U.S. agencies’ use of spyware and bars the technology’s use when there’s a risk could be used by foreign governments to target Americans or violate human rights.

That action serves as a “strong signal” to entities that use commercial spyware, as well as the surveillance industry on the whole, a senior administration official said.

“This is also an opportunity for private investors to consider the risk” and reevaluate whether to invest and support “such commercial spyware companies whose business practices threaten the security and safety of technology used by citizens around the world, not just here in the United States,” the official added.

The companies added to the entity list include Intellexa S.A. in Greece, Cytrox Holdings Crt in Hungary, Intellexa Limited in Ireland, and Cytrox AD in North Macedonia. They are being penalized for “trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide,” according to an update in the Federal Register.

The move builds on U.S. actions in November 2021, when the Israeli spyware company NSO Group was added to the federal blacklist when it was determined its phone-hacking tool was used by foreign governments to target government officials, academics, journalists and others. Hanan Elatr, the wife of slain Washington Post columnist Jamal Khashoggi, sued NSO last month alleging the group infected her phone with its spyware to track her late husband.

The White House has previously stated that foreign governments have used spyware to maliciously target U.S. personnel. After the March executive order, officials said that 50 U.S. government workers appear to or were confirmed to have been hacked by commercial malware tools.

The action also comes on the heels of a pledge made by the U.S. and allied nations in March to develop and implement measures aimed at countering commercial spyware abuses.

Congress is currently debating whether to renew a key surveillance authority expiring at the end of this year that would allow the FBI and National Security Agency to gather electronic data without a traditional warrant based on probable cause when the target is a foreigner overseas and it’s for foreign intelligence purposes. Officials say it is essential for national security purposes but critics argue the tool has been abused.

Leave a Reply

Your email address will not be published. Required fields are marked *