Israel has cut the number of countries to which local companies that can export cybersecurity tools in the wake of the U.S. Department of Commerce sanctioning spyware maker NSO Group Technologies Ltd. earlier this month.

The number of countries has been slashed from 102 to 37, with the remaining eligible countries primarily being in Europe and North America. Notable among the countries being removed from the list are Morocco, Mexico, Saudi Arabia and the UAE, all of which are believed to have acquired spyware from NSO.

Calcalist reported today that the restricted list will significantly complicate matters for Israeli cybersecurity security companies, particularly those selling spyware tools to totalitarian regimes or those with a record of violating human rights.

The activities of countries allegedly using NSO Group software have been known for years. For example, NSO software was reportedly used in Mexico in 2017 to target supporters of a soda tax. Later the same year, the Mexican government was caught attempting to use NSO software to hack phones. In 2019, it was also suggested that NSO software might have been used by the governments of Uganda and Zambia to spy on opponents.

There are additional cases but what brought NSO software into the spotlight in 2021 was a report in July. The report, by The Washington Post and 16 media partners, detailed how NSO’s Pegasus software was used in attempted or successful hacks of 37 smartphones belonging to journalists, human rights activists and others linked to murdered Saudi journalist Jamal Khashoggi.

The total number of those targeted using Pegasus was more significant again. The software was found to be being used to target around 50,000 people in total. The Post was able to match approximately 1,000 of the numbers across 50 countries.

Some of these numbers belonged to Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists and more than 600 politicians and government officials. Heads of state and prime ministers were also on the list.

The sanction on NSO from the U.S. government cited this activity specifically. “The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials and organizations here and abroad,” U.S. Secretary of Commerce Gina Raimondo said at the time.

Although the Israeli government has not officially said that it’s limiting the number of countries Israeli cybersecurity firms can export to because of the U.S. sanction, it’s highly unlikely to be a coincidence that some of those missing from the revised list are the same countries that are known to have been using NSO software.

Image: NSO Group