International Initiative To Control Commercial Spyware

Uploaded on 2024-03-13 in FREE TO VIEW

Countries led by Britain, France and the United States and tech firms including Google, Microsoft and Meta have signed a joint statement recognising the need for more action to tackle malicious use of cyber spying tools. This relatively inexpensive commercial spyware software can remotely infiltrate the most intimate spaces of a target’s digital life to steal their information and secrets.

Spyware tools can also be used by hackers-for-hire who carry out mercenary hacking campaigns on behalf of commercial clients.

Spyware firms often say their products are meant for use by governments for national security, but the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

Journalists, activists and dissidents the world over are well aware of how their communication devices can be infiltrated. Eight years after American whistle-blower Edward Snowden leaked the National Security Agency files, exposing mass surveillance programs being run at the time by the US government, the Pegasus Project revealed the stunning ways spyware tools had evolved and spread since then.

Now, a new international agreement, known as the Pall Mall Process, has been signed to collaborate on reigning in the “hacker for hire” commercial market, in which private interests sell tools and services to support offensive cyber activities.  

The declaration was signed by 35 nations at a conference hosted by both Britain and France to tackle the growing availability and use of spyware used to listen to phone calls, steal photos and remotely operate cameras and microphones. Under the Pall Mall Process, a joint commitment to act against an issue, the signatories will try to discourage irresponsible behaviour of these organisations in an effort to improve the transparency around their activities while trying to codify ways to implement compulsory regulation

In addition to governments, major information technology companies such as Apple, BAE Systems, Google, and Microsoft were also in attendance.
 
The meeting comes at a time when cyber spying and cyber espionage have increased substantially and is being conducted by both state and non-state actors to support a wide range of surveillance, espionage, monitoring, and other forms of cyber malfeasance.  

According to the British National Cyber Security Centre, the commercial cyber spying sector is growing fast enough to double in size every ten years.  

This comes on the heels of a UK Government Communications Headquarters (GCHQ) warning that more than 80 countries had purchased this type of technology over the past ten years, basing such findings on an aggregation of both classified and unclassified data. Indeed, this industry has proven quite profitable as more countries and organisations seek to outsource an invasive capability to exploit the digital space for their benefit.  

The currently unregulated spyware industry is estimated to be worth approximately USD 12 billion with no signs of slowing down.  The surveillance technologies offered are sophisticated and often leverage current vulnerability information to increase their effectiveness.  

Over the past year or so, the United States has taken a series of steps to try and rein in this industry.  Recently, the US Department of State issued new policy on the matter, which would empower the Department of State to impose visa restrictions on individuals associated with the misuse of commercial spyware.  This action comes nearly a year after the Biden Administration issued an Executive Order barring US government agencies from using commercial spyware.

The US was the first government to take on this industry when it sanctioned the NSO Group (as well as another Israeli company) whose Pegasus spyware had been linked to several incidents of domestic surveillance, targeting journalists, and monitoring political oppositionist individuals and groups.  

Amongst the nations signing this pledge were notable adversaries like China and Russia, but also included more democratic leaning governments like Germany, the United Kingdom, and the United States, all countries that have been linked to offensive cyber operations.  

Notably absent was Israel where several leading companies producing this technology are based and countries like Thailand, Mexico, Spain, and Hungary did not sign the agreement.

Oodaloop     |     Standard     |     CIGI Online     |     Forbidden Stories     |     The Guardian     |    

US News     |     Reuters     

Image: Chris Yang

You Might Also Read: 

Israeli Hacking Spyware In Widespread Use:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Threat Intelligence Exposes The Extent of Cyber Attacks
X Taking Payments From Terrorists »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

aDolus Technology

aDolus Technology

aDolus delivers a robust solution for safeguarding against counterfeit or malicious software and firmware in mission-critical systems.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

Options Technology

Options Technology

Options is a global leader in financial technology, specialising in Capital Markets technology and enterprise-grade solutions.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.

Accompio

Accompio

Accompio offer comprehensive support in the digitalisation of your business processes.