More than six years after proposing export restrictions on “intrusion software,” the US Commerce Department’s Bureau of Industry and Security (BIS) has formulated a rule that it believes balances the latitude required to investigate cyber threats with the need to limit dangerous code.
The BIS on Wednesday announced an interim final rule that defines when an export license will be required to distribute what is basically commercial spyware, in order to align US policy with the 1996 Wassenaar Arrangement, an international arms control regime.
[…]
India’s Supreme Court starts probe into use of Pegasus spyware
Government offered to investigate itself – Court politely declined that kind suggestion
https://www.theregister.com/2021/10/29/india_nso_pegasus_probe/
India’s Supreme Court has taken the unusual step of commissioning a Technical Committee to investigate whether the national government used the NSO Group’s “Pegasus” spyware on its citizens.
[…]
Whistleblower claims NSO offered ‘bags of cash’ for access to US phone networks
A whistleblower’s allegations about spyware maker NSO Group should be investigated by American posecutors, US House Rep Ted Lieu (D-CA) has said.
The informant claimed senior NSO executives offered “bags of cash” to California-based telecoms security and monitoring outfit Mobileum to assist in its surveillance work, according to the Washington Post on Tuesday.
Specifically, it’s alleged NSO wanted to gain, with Mobileum’s help, Signaling System 7-level access to US cellular networks, a position that can be abused to determine a cellphone’s location, redirect and read its incoming text messages, snoop on calls, and more. SS7 is the glue between telecommunications providers, and subverting it opens up a wealth of opportunities for spies and miscreants.
[…]
We’re likely only seeing ‘the tip of the iceberg’ of Pegasus spyware use against the US
Google and internet rights groups have called on Congress to weigh in on spyware, asking for sanctions and increased enforcement against so-called legit surveillanceware makers.
During an open House Intelligence Committee hearing on Wednesday, US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware.
[…]
ETA:
The US Supreme Court has quashed spyware maker NSO Group’s argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users’ phones.
Facebook and its WhatsApp subsidiary sued the notorious Isreal-based software company in 2019, alleging that NSO exploited a zero-day bug in WhatsApp to remotely drop Pegasus on about 1,400 smartphones belonging to attorneys, journalists, human rights activists, political dissidents, diplomats and other senior foreign government officials in multiple countries.
[…]
Judge orders NSO to cough up Pegasus super-spyware source code
NSO Group, the Israel-based maker of super-charged snoopware Pegasus, has been ordered by a federal judge in California to share the source code for “all relevant spyware” with Meta’s WhatsApp.
The order [PDF] from Judge Phyllis Hamilton at the end of last month stems from WhatsApp’s 2019 lawsuit [PDF] against NSO for allegedly spying on 1,400 WhatsApp users.
[…]
