International Initiative To Control Commercial Spyware

Uploaded on 2024-03-13 in FREE TO VIEW

Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta have signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools. This relatively inexpensive commercial spyware software can remotely infiltrate the most intimate spaces of a target’s digital life to steal their information and secrets.

Spyware tools can also be used by hackers-for-hire who carry out mercenary hacking campaigns on behalf of commercial clients.

Spyware firms often say their products are meant for use by governments for national security, but the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

Journalists, activists and dissidents the world over are well aware of how their communication devices can be infiltrated. Eight years after American whistle-blower Edward Snowden leaked the National Security Agency files, exposing mass surveillance programs being run at the time by the US government, the Pegasus Project revealed the stunning ways spyware tools had evolved and spread since then.

Now, a new international agreement, known as the Pall Mall Process, has been signed to collaborate on reigning in the “hacker for hire” commercial market, in which private interests sell tools and services to support offensive cyber activities.  

The declaration was signed by 35 nations at a conference hosted by both Britain and France to tackle the growing availability and use of spyware used to listen to phone calls, steal photos and remotely operate cameras and microphones. Under the Pall Mall Process, a joint commitment to act against an issue, the signatories will try to discourage irresponsible behaviour of these organisations in an effort to improve the transparency around their activities while trying to codify ways to implement compulsory regulation

In addition to governments, major information technology companies such as Apple, BAE Systems, Google, and Microsoft were also in attendance.
 
The meeting comes at a time when cyber spying and cyber espionage have increased substantially and is being conducted by both state and non-state actors to support a wide range of surveillance, espionage, monitoring, and other forms of cyber malfeasance.  

According to the British National Cyber Security Centre, the commercial cyber spying sector is growing fast enough to double in size every ten years.  

This comes on the heels of a UK Government Communications Headquarters (GCHQ) warning that more than 80 countries had purchased this type of technology over the past ten years, basing such findings on an aggregation of both classified and unclassified data. Indeed, this industry has proven quite profitable as more countries and organisations seek to outsource an invasive capability to exploit the digital space for their benefit.  

The currently unregulated spyware industry is estimated to be worth approximately USD 12 billion with no signs of slowing down.  The surveillance technologies offered are sophisticated and often leverage current vulnerability information to increase their effectiveness.  

Over the past year or so, the United States has taken a series of steps to try and rein in this industry.  Recently, the US Department of State issued new policy on the matter, which would empower the Department of State to impose visa restrictions on individuals associated with the misuse of commercial spyware.  This action comes nearly a year after the Biden Administration issued an Executive Order barring US government agencies from using commercial spyware.

The US was the first government to take on this industry when it sanctioned the NSO Group (as well as another Israeli company) whose Pegasus spyware had been linked to several incidents of domestic surveillance, targeting journalists, and monitoring political oppositionist individuals and groups.  

Amongst the nations signing this pledge were notable adversaries like China and Russia, but also included more democratic leaning governments like Germany, the United Kingdom, and the United States, all countries that have been linked to offensive cyber operations.  

Notably absent was Israel where several leading companies producing this technology are based and countries like Thailand, Mexico, Spain, and Hungary did not sign the agreement.

Oodaloop     |     Standard     |     CIGI Online     |     Forbidden Stories     |     The Guardian     |    

US News     |     Reuters     

Image: Chris Yang

You Might Also Read: 

Israeli Hacking Spyware In Widespread Use:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Threat Intelligence Exposes The Extent of Cyber Attacks
X Taking Payments From Terrorists »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Whistic

Whistic

Whistic is a cloud-based platform that uses a unique approach to address the challenges of third-party risk management.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

IgmGuru

IgmGuru

Igmguru offers certification online training courses for IT professionals and students. Get certified with high-in-demand job-oriented professional courses.

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji)

HLB Mann Judd (Fiji) (formerly known as HLB Crosbie & Associates) is a well-established firm of accountants and business advisers in Fiji.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.