(Reuters) – At least 50 U.S. government staffers stationed in 10 countries were targeted with commercial hacking tools, commonly known as spyware, a senior administration official said, highlighting the growing threat by offensive cyber vendors and prompting the White House to introduce rules to hinder the spying.
U.S. President Joseph Biden signed an executive order on Monday to curb the malicious use of digital spy tools around the globe which target U.S. personnel and civil society.
The extent of such hacking had not been previously known, but in 2021 Reuters reported that Apple Inc (AAPL.O) iPhones of at least nine U.S. State Department employees were targeted by an unknown assailant using sophisticated spyware developed by an Israeli company.
At the time, it represented the widest known hack of U.S. officials through such tools.
The senior administration official cited Reuters’ prior reporting as a reason for the broader internal government review.
The new executive order is designed to apply pressure on the secretive industry by placing new restrictions on U.S. government defense, law enforcement and intelligence agencies’ purchasing decisions, a senior administration official said.
By more heavily regulating which organizations can do business with the U.S. government, the idea is that it will shift how the shadowy market operates and limit sales to certain actors, the official said.
“We have clearly identified the proliferation and misuse of spyware as a threat to national security,” the official said, based on an extensive U.S. government review that began in 2021. “The threat of misuse around the world also implicates our core foreign policy interests.”
Makers of such hacking tools could be barred from selling to U.S. agencies if they are found to be doing business with foreign governments that have a poor human rights track record, based on analysis by the U.S. State Department and others.
In addition, if the U.S. intelligence community finds evidence that a particular commercial spyware platform was used to help target U.S. government staff, then it too would be subject to the new restrictions.
The decision follows a series of media and cybersecurity reports in recent years concerning spyware sales to governments around the world, including in the Middle East and Africa, where it was reportedly used against dissidents, human rights defenders and journalists.
“We needed to have a standard where if we know that a company is selling to a country that is engaged in these outlined activities, that in and of itself is a red flag,” said the senior administration official.