International Initiative To Control Commercial Spyware

Uploaded on 2024-03-13 in FREE TO VIEW

Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta have signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools. This relatively inexpensive commercial spyware software can remotely infiltrate the most intimate spaces of a target’s digital life to steal their information and secrets.

Spyware tools can also be used by hackers-for-hire who carry out mercenary hacking campaigns on behalf of commercial clients.

Spyware firms often say their products are meant for use by governments for national security, but the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

Journalists, activists and dissidents the world over are well aware of how their communication devices can be infiltrated. Eight years after American whistle-blower Edward Snowden leaked the National Security Agency files, exposing mass surveillance programs being run at the time by the US government, the Pegasus Project revealed the stunning ways spyware tools had evolved and spread since then.

Now, a new international agreement, known as the Pall Mall Process, has been signed to collaborate on reigning in the “hacker for hire” commercial market, in which private interests sell tools and services to support offensive cyber activities.  

The declaration was signed by 35 nations at a conference hosted by both Britain and France to tackle the growing availability and use of spyware used to listen to phone calls, steal photos and remotely operate cameras and microphones. Under the Pall Mall Process, a joint commitment to act against an issue, the signatories will try to discourage irresponsible behaviour of these organisations in an effort to improve the transparency around their activities while trying to codify ways to implement compulsory regulation

In addition to governments, major information technology companies such as Apple, BAE Systems, Google, and Microsoft were also in attendance.
 
The meeting comes at a time when cyber spying and cyber espionage have increased substantially and is being conducted by both state and non-state actors to support a wide range of surveillance, espionage, monitoring, and other forms of cyber malfeasance.  

According to the British National Cyber Security Centre, the commercial cyber spying sector is growing fast enough to double in size every ten years.  

This comes on the heels of a UK Government Communications Headquarters (GCHQ) warning that more than 80 countries had purchased this type of technology over the past ten years, basing such findings on an aggregation of both classified and unclassified data. Indeed, this industry has proven quite profitable as more countries and organisations seek to outsource an invasive capability to exploit the digital space for their benefit.  

The currently unregulated spyware industry is estimated to be worth approximately USD 12 billion with no signs of slowing down.  The surveillance technologies offered are sophisticated and often leverage current vulnerability information to increase their effectiveness.  

Over the past year or so, the United States has taken a series of steps to try and rein in this industry.  Recently, the US Department of State issued new policy on the matter, which would empower the Department of State to impose visa restrictions on individuals associated with the misuse of commercial spyware.  This action comes nearly a year after the Biden Administration issued an Executive Order barring US government agencies from using commercial spyware.

The US was the first government to take on this industry when it sanctioned the NSO Group (as well as another Israeli company) whose Pegasus spyware had been linked to several incidents of domestic surveillance, targeting journalists, and monitoring political oppositionist individuals and groups.  

Amongst the nations signing this pledge were notable adversaries like China and Russia, but also included more democratic leaning governments like Germany, the United Kingdom, and the United States, all countries that have been linked to offensive cyber operations.  

Notably absent was Israel where several leading companies producing this technology are based and countries like Thailand, Mexico, Spain, and Hungary did not sign the agreement.

Oodaloop     |     Standard     |     CIGI Online     |     Forbidden Stories     |     The Guardian     |    

US News     |     Reuters     

Image: Chris Yang

You Might Also Read: 

Israeli Hacking Spyware In Widespread Use:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Threat Intelligence Exposes The Extent of Cyber Attacks
X Taking Payments From Terrorists »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Dutch Research Council (NWO)

Dutch Research Council (NWO)

The Dutch Research Council (NWO) is one of the most important science-funding bodies in the Netherlands and ensures quality and innovation in science.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

CyberCure

CyberCure

CyberCure provide specialised roles and services to manage your organisations cybersecurity requirements and professional advisory services in governance, risk and compliance.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.