US spyware companies will now have to adhere to a new rule set by the Department of Commerce to prevent the sale of hacking tools to Russia and China.
US Spyware to Adhere to New Rules
According to The Washington Post, the Commerce Department outlined the change in a press conference on Oct. 20, which requires companies in the United States to have a license in order to sell spyware and other hacking software to countries that are regarded as a threat to national security.
The new rule is complex. If a company in the United States wants to export spyware to a government that poses a national security concern, the company would need to present a license.
However, if the software is for cyber defense and it is not sold to anyone linked with the government, no license would be needed.
Companies will need a license to export hacking software and equipment to Russia, China, and other countries listed by the Commerce Department, whether for cyber defense or not.
Gina M. Raimondo, the US Secretary of Commerce, said in a statement that the United States is committed to working with multilateral partners, according to The Verge.
This is to prevent the spread of technologies that can be used for malicious activities that threaten the country's cybersecurity and human rights.
The new US spyware rule will target tools and software similar to Pegasus, and it will take effect in 2022.
The intrusive software, which NSO Group makes, was used by governments to spy on smartphones that belong to journalists and human rights activists. It can steal data from mobile phones and turn a device's mic unnoticed.
Even though the United States is a member of the Wassenaar Arrangement, a voluntary export control regime that sets rules on the export of technologies considered dual-use, it is one of the last of the 42 countries to impose certain restrictions on the sale of hacking software.
Security officials revealed that the United States took so long to create the rule because of its complexity. If it is done incorrectly, imposing limitations could prevent cybersecurity specialists from working with experts from other countries.
The Department of Commerce allows 45 days for public comment and another 45 days to make changes before the new rule goes into effect, according to The Register.
The US spyware export rule will greatly affect the Pegasus spyware. The spyware is developed, marketed, and licensed to governments worldwide by the Israeli company NSO Group. It can infect billions of phones that run iOS or Android operating systems.
The earliest version of the spyware was in 2016, and it infected phones through spear-phishing in which text messages or emails trick a target into clicking on a malicious link.
Since then, the attack capabilities of NSO have become more advanced. Pegasus infections can be achieved through zero-click attacks, which do not require interaction from the owner of the phone in order to push through.
These will exploit vulnerabilities, which are bugs or flaws in an operating system that the phone's manufacturer does not yet know about and has not been able to fix.
This article is owned by Tech Times
Written by Sophie Webster