International Initiative To Control Commercial Spyware

Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta have signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools. This relatively inexpensive commercial spyware software can remotely infiltrate the most intimate spaces of a target’s digital life to steal their information and secrets.

Spyware tools can also be used by hackers-for-hire who carry out mercenary hacking campaigns on behalf of commercial clients.

Spyware firms often say their products are meant for use by governments for national security, but the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

Journalists, activists and dissidents the world over are well aware of how their communication devices can be infiltrated. Eight years after American whistle-blower Edward Snowden leaked the National Security Agency files, exposing mass surveillance programs being run at the time by the US government, the Pegasus Project revealed the stunning ways spyware tools had evolved and spread since then.

Now, a new international agreement, known as the Pall Mall Process, has been signed to collaborate on reigning in the “hacker for hire” commercial market, in which private interests sell tools and services to support offensive cyber activities.  

The declaration was signed by 35 nations at a conference hosted by both Britain and France to tackle the growing availability and use of spyware used to listen to phone calls, steal photos and remotely operate cameras and microphones. Under the Pall Mall Process, a joint commitment to act against an issue, the signatories will try to discourage irresponsible behaviour of these organisations in an effort to improve the transparency around their activities while trying to codify ways to implement compulsory regulation

In addition to governments, major information technology companies such as Apple, BAE Systems, Google, and Microsoft were also in attendance.
 
The meeting comes at a time when cyber spying and cyber espionage have increased substantially and is being conducted by both state and non-state actors to support a wide range of surveillance, espionage, monitoring, and other forms of cyber malfeasance.  

According to the British National Cyber Security Centre, the commercial cyber spying sector is growing fast enough to double in size every ten years.  

This comes on the heels of a UK Government Communications Headquarters (GCHQ) warning that more than 80 countries had purchased this type of technology over the past ten years, basing such findings on an aggregation of both classified and unclassified data. Indeed, this industry has proven quite profitable as more countries and organisations seek to outsource an invasive capability to exploit the digital space for their benefit.  

The currently unregulated spyware industry is estimated to be worth approximately USD 12 billion with no signs of slowing down.  The surveillance technologies offered are sophisticated and often leverage current vulnerability information to increase their effectiveness.  

Over the past year or so, the United States has taken a series of steps to try and rein in this industry.  Recently, the US Department of State issued new policy on the matter, which would empower the Department of State to impose visa restrictions on individuals associated with the misuse of commercial spyware.  This action comes nearly a year after the Biden Administration issued an Executive Order barring US government agencies from using commercial spyware.

The US was the first government to take on this industry when it sanctioned the NSO Group (as well as another Israeli company) whose Pegasus spyware had been linked to several incidents of domestic surveillance, targeting journalists, and monitoring political oppositionist individuals and groups.  

Amongst the nations signing this pledge were notable adversaries like China and Russia, but also included more democratic leaning governments like Germany, the United Kingdom, and the United States, all countries that have been linked to offensive cyber operations.  

Notably absent was Israel where several leading companies producing this technology are based and countries like Thailand, Mexico, Spain, and Hungary did not sign the agreement.

Oodaloop     |     Standard     |     CIGI Online     |     Forbidden Stories     |     The Guardian     |    

US News     |     Reuters     

Image: Chris Yang

You Might Also Read: 

Israeli Hacking Spyware In Widespread Use:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Threat Intelligence Exposes The Extent of Cyber Attacks
X Taking Payments From Terrorists »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

National Cybersecurity and Communications Integration Center (NCCIC) - USA

National Cybersecurity and Communications Integration Center (NCCIC) - USA

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Hubraum

Hubraum

Hubraum is Deutsche Telekom’s tech incubator, helping startups to create new business opportunities in areas including data analytics, AI, robot process automation and cyber security.

Thomsen Trampedach

Thomsen Trampedach

Thomsen Trampedach offers a tailored-made brand protection solution to each customer using a proprietary enforcement automation and reporting tool and a multilingual enforcement team.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

iTRUSTXForce

iTRUSTXForce

iTRUSTXForce is a global provider of DigitalX (cybersecurity, privacy, and digital trust) services. We offer comprehensive services that focus on delivering outcomes for our clients.

DataKrypto

DataKrypto

DataKrypto’s advanced data encryption solutions protect data throughout its lifecycle.