International Initiative To Control Commercial Spyware

Uploaded on 2024-03-13 in FREE TO VIEW

Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta have signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools. This relatively inexpensive commercial spyware software can remotely infiltrate the most intimate spaces of a target’s digital life to steal their information and secrets.

Spyware tools can also be used by hackers-for-hire who carry out mercenary hacking campaigns on behalf of commercial clients.

Spyware firms often say their products are meant for use by governments for national security, but the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

Journalists, activists and dissidents the world over are well aware of how their communication devices can be infiltrated. Eight years after American whistle-blower Edward Snowden leaked the National Security Agency files, exposing mass surveillance programs being run at the time by the US government, the Pegasus Project revealed the stunning ways spyware tools had evolved and spread since then.

Now, a new international agreement, known as the Pall Mall Process, has been signed to collaborate on reigning in the “hacker for hire” commercial market, in which private interests sell tools and services to support offensive cyber activities.  

The declaration was signed by 35 nations at a conference hosted by both Britain and France to tackle the growing availability and use of spyware used to listen to phone calls, steal photos and remotely operate cameras and microphones. Under the Pall Mall Process, a joint commitment to act against an issue, the signatories will try to discourage irresponsible behaviour of these organisations in an effort to improve the transparency around their activities while trying to codify ways to implement compulsory regulation

In addition to governments, major information technology companies such as Apple, BAE Systems, Google, and Microsoft were also in attendance.
 
The meeting comes at a time when cyber spying and cyber espionage have increased substantially and is being conducted by both state and non-state actors to support a wide range of surveillance, espionage, monitoring, and other forms of cyber malfeasance.  

According to the British National Cyber Security Centre, the commercial cyber spying sector is growing fast enough to double in size every ten years.  

This comes on the heels of a UK Government Communications Headquarters (GCHQ) warning that more than 80 countries had purchased this type of technology over the past ten years, basing such findings on an aggregation of both classified and unclassified data. Indeed, this industry has proven quite profitable as more countries and organisations seek to outsource an invasive capability to exploit the digital space for their benefit.  

The currently unregulated spyware industry is estimated to be worth approximately USD 12 billion with no signs of slowing down.  The surveillance technologies offered are sophisticated and often leverage current vulnerability information to increase their effectiveness.  

Over the past year or so, the United States has taken a series of steps to try and rein in this industry.  Recently, the US Department of State issued new policy on the matter, which would empower the Department of State to impose visa restrictions on individuals associated with the misuse of commercial spyware.  This action comes nearly a year after the Biden Administration issued an Executive Order barring US government agencies from using commercial spyware.

The US was the first government to take on this industry when it sanctioned the NSO Group (as well as another Israeli company) whose Pegasus spyware had been linked to several incidents of domestic surveillance, targeting journalists, and monitoring political oppositionist individuals and groups.  

Amongst the nations signing this pledge were notable adversaries like China and Russia, but also included more democratic leaning governments like Germany, the United Kingdom, and the United States, all countries that have been linked to offensive cyber operations.  

Notably absent was Israel where several leading companies producing this technology are based and countries like Thailand, Mexico, Spain, and Hungary did not sign the agreement.

Oodaloop     |     Standard     |     CIGI Online     |     Forbidden Stories     |     The Guardian     |    

US News     |     Reuters     

Image: Chris Yang

You Might Also Read: 

Israeli Hacking Spyware In Widespread Use:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Threat Intelligence Exposes The Extent of Cyber Attacks
X Taking Payments From Terrorists »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Communications & Information Technology Regulatory Authority (CITRA)

Communications & Information Technology Regulatory Authority (CITRA)

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

World Cyber Security Summit

World Cyber Security Summit

World Cyber Security Summit, by Trescon, is a thought-leadership driven platform for CISOs who are looking to explore new-age threats and the technologies/strategies that can help mitigate them.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.

Intelidata Techedge Pvt. Ltd.

Intelidata Techedge Pvt. Ltd.

Intelidata are a Global Cyber Security Consultancy and Services firm that helps companies drive growth by minimizing risk and maximizing potential.