Burst!The U.S. government will ban the export of hacking tools to China and Russia

On October 20, the U.S. Department of Commerce issued a new export control regulation, hoping to curb the export or resale of hacking tools to China and Russia. Fearing that prohibiting such sales might hinder the normal development of cyber defense work, this rule was shelved for many years.

The Ministry of Commerce stated in a statement that after a lot of discussions, they believe that the ban on the sale of hacking tools can be balanced, and it can continue to maintain the cooperation of US researchers and cybersecurity companies with overseas partners and customers to resolve software vulnerabilities and malicious attacks. At the same time, it effectively prevents opponents from mastering relevant hacking techniques.

Secretary of Commerce Gina M. Raimondo said in the statement, “The United States is committed to maintaining cooperation with multilateral partners to prevent the wanton spread of technologies that can be used for malicious activities.” While conducting cyber security activities, it protects the national security of the United States from malicious cyber attackers.”

This regulation will take effect in 90 days, requiring companies not to sell any hacking software and equipment to China, Russia and other key targeted countries unless they have obtained permission from the Bureau of Industry and Security (BIS) of the Ministry of Commerce. The Ministry of Commerce claimed that this was done to make it more difficult for opponents to use relevant network tools to undermine human rights and interrupt communications, while still retaining a certain amount of tool circulation space for network security companies.

This move once again reiterated the unanimous position of the United States and dozens of EU countries that signed the Wassenaar Agreement. The Wassenaar Agreement is a voluntary framework designed to control the sale of civilian and military technology. Neither China nor Israel signed this agreement, but Russia did.

Israel has previously stated that it will voluntarily follow the requirements of the Wassenaar Agreement, but its specific actions seem to be inconsistent. Researchers have found dozens of cases where Pegasus spyware was installed on the phones of political dissidents, which was developed by the Israeli NSO Group.

In August of this year, the Canadian Research Institute Citizens Laboratory discovered that between June 2020 and February 2021, the iPhones of nine Bahraini activists were hacked by Pegasus spyware. The murdered Saudi columnist Jamal Khashoggi gave birth to the closest two women who came to the country, and their smartphones also showed traces of Pegasus. NSO denied that the Pegasus software was used for such purposes.

The new regulations of the US Department of Commerce are clearly in response to several recent technology export control policies implemented by the Biden administration. In March of this year, the US government restricted the export of advanced semiconductors and encryption software to China and Russia on grounds of national security. A month later, the US government imposed export controls on seven Chinese companies and government laboratories on the grounds that they were suspected of helping China build supercomputers for military purposes.

For the new regulations announced on Wednesday, the Ministry of Commerce has set a 45-day public comment period. After the discussion, the Ministry of Commerce will spend another 45 days to make further amendments before issuing the final regulations.