Last week, researchers at Citizen Lab uncovered sophisticated new spyware that allowed hackers to take complete control of anyone’s iPhone, turning the phone into a pocket-spy to intercept communications, track movements and harvest personal data. The malicious software, codenamed “Pegasus,” is believed to have been developed by the NSO Group, an Israeli company (whose majority shareholder is a San Francisco based private equity firm) that describes itself as a “leader in cyber warfare” and sells its software — with a price tag of $1 million – primarily to foreign governments. The software apparently took advantage of three previously unknown security flaws in Apple’s iOS software, and was described by experts as “the most sophisticated” ever seen on the market. Apple quickly released a patch of its software, iOS 9.3.5, and urged users to download it immediately.


Continue Reading Espionage and Export Controls: The iPhone Hack Highlights The New World of Warfare

After weeks of negotiations and a Putin-backed delay, the UN Security Council unanimously adopted resolution 2270 on March 2, 2016, imposing new sanctions against North Korea. According to U.S. Secretary of State John Kerry, the resolution imposes the strongest set of UN sanctions in over two decades. This article provides a summary of the new UN North Korea sanctions followed by an overview of the most recent developments in North Korea sanctions under US law.
Continue Reading The Day of North Korea Sanctions: the UN Imposes the Toughest North Korea Sanctions Yet While OFAC and State Designate More North Korean Entities

On August 30, 2015, the Washington Post broke a story that the Obama administration is developing a package of economic sanctions that will target Chinese companies and individuals who have benefitted from cybertheft. The new sanctions would come at a time when commerce between the two countries is thriving, but political relations are strained.
Continue Reading Keep Your Frenemies Close: Proposed China Sanctions and the Price of Escalation

If you are not aware, please take note that the July 20, 2015 deadline is fast approaching for comments to the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) proposed rule on the export control of certain intrusion and surveillance related software.  The proposed rule, which addresses changes to the U.S. Export Administration Regulations (EAR), is designed to align with agreements made in the December 2013 Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, a multilateral export control regime with 41 participating states committed to promoting transparency and responsibility in cross-border transfers of arms and dual-use goods and technologies.  The wide-reaching rule proposes adding new controls in Category 4 of the EAR’s Commerce Control List (CCL) intended to address “intrusion software” used by hackers and other cybercriminals.  The difficulty is that, in the way the proposed rule is worded (and explained), it also subjects network penetration testing products, the type that use “intrusion software” to identify cyber-vulnerabilities, to the same export licensing requirements.  That is to say, the manner in which the controlled intrusion software would be defined includes the good as well as the bad, and – could have a chilling effect on beneficial research and development of defensive software.
Continue Reading The Baby and the Bathwater: The Department of Commerce’s Bureau of Industry and Security (BIS) Intrusion and Surveillance Software Export Licensing Proposal

Cyber threats are one of the U.S.’s top security threats.  In just the past year, there has been a significant increase in the frequency, scale and sophistication of cyber intrusions and attacks – many of them originating overseas – which have targeted U.S. businesses.  On April 1, 2015, the President announced a new tool to combat the most significant cyber threats to the national security, foreign policy and economy of the United States.  
Continue Reading U.S. Authorizes Targeted Sanctions Against Overseas Cyber Threats