The U.S. government has determined that four entities act against the foreign policy and national security interests of the United States and will be included in the List of Entities under Suspicion. These four companies are from Israel, Russia and Singapore and have been added to a blacklist of entities suspected of carrying out malicious activities on the network.
This Entity List (supplement No. 4 to Part 744 of the EAR)identifies entities for which there is reasonable cause to believe, based on verifiable facts, that the entities have been involved, are involved in, or present a significant risk of being or engaged in activities contrary to the national security or foreign policy interests of the United States.
The Bureau of Industry and Security (BIS) places entities on the Entity List pursuant to Part 744 (Control Policy: End User and End-Use Based) and Part 746 (Embargoes and Other Special Controls) of the EAR.
The End User Review Committee (ERC), composed of representatives from the Departments of Commerce (president), State, Defense, Energy and, where applicable, the Treasury, makes all decisions regarding additions, removals, or other modifications to the Entity List. The ERC makes all decisions to add an entry to the List of Entities by majority vote and makes all decisions to remove or modify an entry by unanimous vote.
Companies on the blacklist
The ERC determined that NSO Group and Candiru be added to the list of entities based on section 744.11(b) of the EAR. The investigation showed that Israeli companies NSO Group and Candiru developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businessmen, activists, academics, and embassy workers.
The ERC determined that Positive Technologies, located in Russia, and Computer Security Initiative Consultancy PTE.LTD., located in Singapore, be added to the List of Entities based on their involvement in activities contrary to U.S. national security. Specifically, these entities traffic in cyberattacks that are used to gain access to information systems, which threatens the privacy and security of people and organizations around the world.
For the reasons described above, these 4 companies have been added:
• Candiru y NSO Group.
- Computer Security Initiative Consultancy PTE. LTD.
Defence of companies on their inclusion in the blacklist
In the case of Positive Technologies, they have made an announcement to talk about their inclusion in the blacklist. They deny that they should be on that list. Denis Baranov, CEO of Positive Technologies comments:
“Our global goal is to create products and technologies to improve the overall level of cybersecurity around the world, as well as to shape an environment that provides maximum resilience to cyberattacks, including internationally. Each of our developments is strictly focused on protection. The time has come to develop tools of this kind, and we will continue to do so. We don’t know on what basis the Commerce Department included us on this list. In any case, we are ahead of the risks of sanctions that lie ahead of time, and now they do not pose an additional threat to us.”
The company blames geopolitics that should not hinder the technological development of society and provide cybersecurity on a global scale.
In the case of the Singapore company, it is a bit strange that being a commercial company with patented solutions has a website with Google Adsense advertising. They have not commented on their blacklisting.
NSO group has also denied the allegations in a press release. Although they comment that if their software is used in the wrong way they break the agreements with the companies that do it and that they wait to see the complete information to see what has happened.