



Washington CNN—

At least 50 US government officials are suspected or confirmed to have been targeted by invasive commercial spyware designed to hack cellphones, a senior US administration official told reporters on Monday, revealing a number far higher than what we knew before.

The revelation came as President Joe Biden issued an executive order on Monday banning US government agencies from using spyware deemed a threat to US national security or involved in human rights abuses.

Pressure has grown in recent weeks on the administration to do more to limit the use of hacking tools among other democracies following news reports that several European governments have used spyware on their citizens. A bipartisan group of US lawmakers wrote to Secretary of State Antony Blinken this month urging him to form an international coalition to fight spyware.

These hacking tools pose distinct and growing counterintelligence and security risks to the United States, including to the safety and security of American personnel and their families, the senior official said in an overview of the executive order.

The directive targets spyware or malware sold by companies around the world that sneaks into target’s cellphones with just a few clicks.

One impetus for the executive order was the discovery in 2021 that the iPhones of a dozen US State Department employees had been hacked with spyware developed by Israeli company NSO Group, CNN reported.

The executive order reflects the Biden administration’s wide-ranging concerns that authoritarian governments and democracies can use the powerful tools of hacking to suppress opposition voices or target journalists.

The tools also directly threaten US diplomats.

Democratic Rep. Jim Himes of Connecticut, one of the lawmakers who has called on the Biden administration to do more on spyware, said he expects the number of government staffers Americans confirmed to be targeted by hacking tools is increasing as the United States continues to investigate the matter. .

The executive order, he told CNN, sends a strong signal to spyware companies that their access to the US market depends on ensuring that their technology is not misused.

But the US government can do more to suppress, said Himes, the top Democrat on the House Intelligence Committee.

If a country receiving significant foreign aid uses [spyware] against dissidents, against journalists, we have to rethink this foreign aid, Himes said.

The Biden administration will co-host a democracy summit this week with governments around the world, where spyware is expected to be a top topic.

But the extent to which US government agencies themselves have used spyware is unclear. The new directive prohibits US agencies from using spyware operationally, but does not prevent using the tools for testing purposes, as the FBI says.

The FBI also explored the use of the NSO Group’s signature hacking tool in criminal investigations before choosing not to, while the CIA purchased the tool for the East African government of Djibouti, according to a New York Times report.

The senior administration official declined Monday to detail examples of instances where U.S. government agencies may have used commercial spyware operationally in response to a question from CNN.

Ron Deibert, director of the University of Toronto’s Citizen Lab, which investigates spyware abuse, said the new executive order will make the highly lucrative U.S. federal government market inaccessible to companies that pose a risk to national security and facilitate transnational repression and human rights violations abroad.

The directive, Deibert told CNN, will hopefully spark a common front among allied nations around the world and send a strong signal that the days of the Wild West are over for NSO Group and other reckless players in this space. .

NSO Group, which the US Department of Commerce has effectively blocked from buying US software, has long claimed that its hacking tools are only sold to governments for legitimate anti-terrorism or crime-fighting purposes.

But the spyware challenge isn’t limited to one technology or vendor, analysts say. Suspected spyware infections have been found in dozens of countries, from Angola to Zambia, according to research by the Carnegie Endowment for International Peace.

This story has been updated with additional information.

