www.computerweekly.com
Open in
urlscan Pro
2606:4700::6812:1ec0
Public Scan
Submitted URL: https://e.zmp.techtarget.com/click?Ec3RlcGhlbi5lZHdhcmRzQHNlY3UubHU/CeyJtaWQiOiIxNzA3MzkxNjYyMDM3MzJlN2RjNmQ5ZGE4IiwiY3QiOiJ0...
Effective URL: https://www.computerweekly.com/news/366569276/Dozens-of-surveillance-companies-are-supplying-spyware-to-governments-says-Google...
Submission: On October 14 via api from LU — Scanned from DE
Effective URL: https://www.computerweekly.com/news/366569276/Dozens-of-surveillance-companies-are-supplying-spyware-to-governments-says-Google...
Submission: On October 14 via api from LU — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://www.computerweekly.com/search
<form action="https://www.computerweekly.com/search" method="post" class="header-search">
<label for="header-search-input" class="visuallyhidden">Search the TechTarget Network</label>
<input class="header-search-input" id="header-search-input" type="text" placeholder="Search Computer Weekly">
<button aria-label="Search" class="header-search-submit"><i class="icon" data-icon="g"></i></button>
<ul class="ui-autocomplete ui-front ui-menu ui-widget ui-widget-content ui-corner-all" id="ui-id-1" tabindex="0" style="display: none;"></ul>
</form>Text Content
3
Trending Now
Computer Weekly – 12 March 2024: From grassroots to Wembley – how tech supports
English footballDownload NowView All3
X
3Hello, these 3 documents have been trending and as a member they are free to
you.
*
Computer Weekly – 12 March 2024: From grassroots to Wembley – how tech
supports English footballDownload Now
*
AWS vs Azure vs Google: 5 key benefits each for cloud file storageDownload
Now
*
Computer Weekly – 9 July 2024: How data drives decisions at BAE
SystemsDownload Now
Search the TechTarget Network
Join CW+
Login Register Cookies
* News
* In Depth
* Blogs
* Opinion
* Videos
* Photo Stories
* Premium Content
* Webinars
* Download 2024 IT salary survey
RSS
* IT Management
* IT leadership & CW500
* IT architecture
* IT efficiency
* Governance
* Innovation
* Legislation & regulation
* Operations & support
* Project management
* Strategy
* Supplier management
* Business issues
* Sponsored Communities
* Industry Sectors
* Healthcare IT
* Charity IT
* Business services IT
* Financial services IT
* Government & public sector IT
* Leisure & hospitality IT
* Manufacturing IT
* Media & entertainment IT
* Retail IT
* SME IT
* Telecoms & internet
* Transport & travel IT
* Utilities IT
* IT suppliers
* Technology Topics
Datacentre View All
* Clustering for high availability and HPC
* Containers
* Converged infrastructure
* Datacentre backup power and power distribution
* Datacentre capacity planning
* Datacentre cooling infrastructure
* Disaster recovery/security
* Green IT
* Performance, monitoring and optimisation
* Systems management
* DevOps
* IaaS
* Server and Operating Systems
* PaaS
* Virtualisation
* SaaS
* Desktop virtualisation platforms
Enterprise software View All
* AI and automation
* Blockchain
* Business applications
* Business intelligence
* Cloud applications
* Collaboration
* CRM
* Database
* ERP
* Financial applications
* HR software
* Middleware
* Microservices
* Windows
* Mobile
* Open source
* Operating systems
* SOA
* Software development
* Software licensing
* Virtualisation
* Web software
IT in Europe and Middle East View All
* IT in France
* IT in the Nordics
* IT in Benelux
* IT in Germany
* IT in Italy
* IT in Poland
* IT in Russia
* IT in Spain
* IT in the Middle East
* IT in Turkey
Information Management View All
* Big data
* Business intelligence and analytics
* BPM
* Content management
* Database management
* Quality/governance
* Data warehousing
* MDM/Integration
IT in Asia-Pacific View All
* IT in ASEAN
* IT in Australia & New Zealand
* IT in India
Internet View All
* Cloud
* E-commerce
* Internet infrastructure
* Social media
* Web development
IT skills View All
* Diversity in IT
* Training
* Jobs
* Management skills
* Technical skills
Hardware View All
* Chips & processors
* Printers
* Storage
* Data centre
* Mobile
* Networking
* PC
* Servers
IT security View All
* Antivirus
* Secure Coding and Application Programming
* Continuity
* Cloud security
* Data Breach Incident Management and Recovery
* Endpoint and NAC Protection
* Cybercrime
* IAM
* Risk management
* Network Security Management
* Data protection
* Compliance Regulation and Standard Requirements
* Security policy and user awareness
* Web Application Security
IT services View All
* Cloud
* Consultancy
* Outsourcing
* Hosting
* Offshore
* Startups
Mobile View All
* Laptop
* Mobile software
* Mobile networking
* Smartphone
* Tablet
Networking View All
* Datacentre networking
* Internet of Things
* Mobile
* Network hardware
* Network monitoring and analysis
* Network routing and switching
* Network security strategy
* Network software
* Software-defined networking
* Telecoms networks and broadband communications
* Unified communications
* VoIP
* WAN performance and optimisation
* Wireless
Storage View All
* AI and storage
* Cloud storage
* Containers and storage
* Data management
* Backup
* Compliance and storage
* Disaster recovery
* Flash and SSDs
* Hyper-convergence
* Object storage
* Disk systems
* Software-defined storage
* Storage switches
* Storage management
* Storage performance
* Tape storage
* Virtualisation and storage
Please select a category
* Datacentre
* Enterprise software
* IT in Europe and Middle East
* Information Management
* IT in Asia-Pacific
* Internet
* IT skills
* Hardware
* IT security
* IT services
* Mobile
* Networking
* Storage
* Follow:
*
*
*
* ComputerWeekly.com.br
* ComputerWeekly.de
* ComputerWeekly.es
* LeMagIT.fr
* MicroScope.co.uk
* Home
* Regulatory compliance and standard requirements
News
DOZENS OF SURVEILLANCE COMPANIES ARE SUPPLYING SPYWARE TO GOVERNMENTS, SAYS
GOOGLE
GOOGLE’S THREAT ANALYSIS GROUP HAS IDENTIFIED 40 COMPANIES INVOLVED IN SELLING
AND SUPPLYING SECURITY EXPLOITS AND SPYWARE SERVICES TO GOVERNMENTS
* Share this item with your network:
*
*
*
*
*
*
*
* *
*
*
*
By
* Bill Goodwin, Computer Weekly
Published: 07 Feb 2024 18:20
Dozens of surveillance companies are providing spyware technology used by
governments around the world to spy on the mobile phones of journalists, human
rights defenders, dissidents and political opponents.
Google’s Threat Analysis Group (TAG) has identified and is actively tracking up
to 40 companies involved in selling security exploits and surveillance
capabilities to governments with poor human rights records.
The trade extends beyond well-known spyware companies, such as Israel’s NSO
Group, Italy’s Cy4Gate and Intellexa in Greece, and includes an extended supply
chain of smaller companies that provide surveillance capabilities.
Google’s publication of the report coincided with a joint French and UK
initiative, known as the Pall Mall Process, agreed at an international
conference at Lancaster House in London, which aspires to introduce safeguards
for the use of commercial spyware.
According to Google, private sector companies – known as commercial surveillance
vendors (CSVs) – rather than government intelligence and law enforcement
agencies, are responsible for the majority of the most sophisticated hacking and
surveillance tools detected by Google’s TAG.
Out of 25 zero-day vulnerabilities – non-public security weaknesses that can
allow spyware to access private data on phones or laptops – identified by
Google’s researchers last year, it found 20 were being exploited by surveillance
suppliers.
Google is currently tracking 40 companies involved in supplying commercial
surveillance services to government, though it acknowledges it is impossible to
identify or count all organisations involved in the trade.
CHILLING IMPACT ON DEMOCRACY AND ELECTIONS
The ability of governments to buy electronic spying services off the shelf
shifts the risks of surveillance away from governments to the CSVs themselves
and increases the likelihood that spyware will be deployed against high-risk
individuals.
The report, which tells the personal stories of campaigners and activists who
have been targeted by government-sponsored spyware, finds the trade in spyware
has had a chilling effect on free speech and poses a threat to free and fair
elections.
Last year, for example, the TAG found that surveillance tools provided by
Intellexa, a Greek alliance of commercial surveillance suppliers, had exploited
elections and political candidates to trap targets in Indonesia and Madagascar.
The company’s Predator spyware was also used in Egypt to target opposition
politicians.
Government demands for spyware have led to lucrative contracts for companies and
individuals that make up the supply chains for commercial surveillance vendors,
previously leaked documents quoted by Google have shown.
A document published on a cyber crime forum, for example, revealed that
Intellexa offered Nova implants to a government client to infect 10 Android or
iOS phones simultaneously in the host country for €8m. For a further €1.2m,
clients could opt to infect phones from five additional countries outside the
host country.
READ MORE ABOUT SPYWARE
* Polish election questioned after Pegasus spyware used to smear opposition,
investigation finds.
* UK and France push for international agreement on spyware.
* NSO Group faces court action after Pegasus spyware used against targets in
UK.
* UK sale of surveillance equipment to Macedonia raises questions over export
licence policy.
Most customers pay to regularly re-infect their target phones with spyware to
avoid the risk of it being detected by remaining on the phone. But Intellexa
also offered the option of installing persistent infections, which remain on the
phone once it is shut down, for further large payments.
Other CSVs have worked with internet service providers to convince users to
install fake apps to gain access to customers’ data. One campaign identified by
TAG in 2021 found that victims in Italy and Kazakhstan were sent SMS messages
encouraging them to download fake Vodafone apps that gave the attackers access
to the content of their mobile phones.
CAT AND MOUSE GAMES
Google and other security researchers have disrupted the business models of
commercial surveillance vendors by discovering, disclosing and patching security
vulnerabilities used by spyware providers.
In April 2023, for example, Google disrupted Intellexa’s operations for 40 days
after it released patches to fix zero-day vulnerabilities used by its spyware
exploit. Although Intellexa developed a replacement zero-day exploit, that
survived for just a week before Google fixed the vulnerability.
Apple released a patch known as BlastDoor in its iOS 14 operating system update
to make it more difficult for attackers to develop zero-click exploits against
its iMessage text message service. Israeli spyware group NSO found a way around
the protection by delivering payloads as PDF files disguised as graphics files.
Apple addressed the problem in later updates.
CSVs have continued in business despite efforts to curb their activities by
governments and technology companies that have taken direct legal action against
them. The NSO Group, for example, continues to operate despite sanctions from
the US government and lawsuits from Meta and Apple.
Google argues that further action is needed to curb the spread of commercial
surveillance technologies and urges the US government to lead a diplomatic
effort with countries where commercial surveillance vendors operate, and with
those governments that use their service.
27 COUNTRIES BACK PALL MALL PROCESS
Google, along with Meta, Microsoft and BAE Systems Digital Intelligence, are
among a disparate group of 14 companies to support the Pall Mall Process, a UK
and French initiative to develop safeguards and guidelines for the use of
commercial surveillance services.
The Pall Mall Process, agreed during a two-day conference on 6 February 2023,
which was attended by 27 countries, calls for governments and private sector
organisations involved in surveillance to be held accountable if their
activities are not compatible with human rights law.
The document states that surveillance capabilities should be used with
“precision” to mitigate “unintended, illegal or irresponsible consequences”.
Governments and industry suppliers should carry out due diligence assessments to
ensure surveillance technology is used legally and responsibly, according to the
Pall Mall document, and its use should be lawful, necessary and proportionate.
The supply of surveillance capabilities, it argues, should be conducted
transparently so that users and suppliers understand the supply chains involved
in providing commercial surveillance and spyware.
DIGITAL RIGHTS GROUPS EXCLUDED
Notably absent from the supporters were a number of countries alleged to have
deployed commercial spyware, including Spain, Mexico, Serbia, Egypt and Jordan.
Israel, the home to NSO Group and other spyware developers, also did not attend
the conference.
Digital rights groups, including Amnesty International, Big Brother Watch, and
others that have campaigned against and researched spyware, also did not feature
among the list of attendees.
Visiting professor and privacy specialist Ian Brown commented on X: “This
process is really missing out on a huge section of stakeholders: the digital
rights groups who’ve been working closely on this issue for over a decade.”
France is due to hold a follow-up conference in 2024.
SUPPORTERS OF THE PALL MALL PROCESS ON COMMERCIAL SPYWARE
Countries Industry Academia and others
* African Union
* Australia
* Belgium
* Canada
* Czechia
* Denmark
* Estonia
* Finland
* France
* Germany
* Greece
* Gulf Cooperation Council
* Italy
* Japan
* Malaysia
* New Zealand
* Norway
* Poland
* Republic of Cyprus
* Republic of Ireland
* Republic of Korea
* Romania
* Singapore
* Sweden
* Switzerland
* UK
* USA
* BAE Systems Digital Intelligence
* ESET
* European Cyber Conflict Research Incubator CIC
* Google
* HackerOne
* Luta Security
* Margin Research
* MDSec
* Meta
* Microsoft
* NCC Group
* NextJenSecurity
* Sekoia.io
* YesWeHack
* Alejandro Pisanty
* Allison Pytlak, Stimson Center
* Atlantic Council
* CyberPeace Institute
* Gefona Digital Foundation
* GEODE (French Institute of Geopolitics, University Paris 8)
* ICT4Peace
* Professor Nnenna Ifeanyi-Ajufo, Leeds Beckett University
* Paris Peace Forum
* Royal Holloway, University of London
* Royal United Services Institute
* Shadowserver Foundation
READ MORE ON REGULATORY COMPLIANCE AND STANDARD REQUIREMENTS
* RUSSIA'S APT29 USING SPYWARE EXPLOITS IN NEW CAMPAIGNS
By: Alexander Culafi
* U.S. CRACKS DOWN ON COMMERCIAL SPYWARE WITH VISA RESTRICTIONS
By: Alexander Culafi
* SPYWARE VENDORS BEHIND 75% OF ZERO-DAYS TARGETING GOOGLE
By: Alexander Culafi
* UK’S MCPARTLAND CYBER REVIEW TO PROBE TRUST IN TECHNOLOGY
By: Alex Scroxton
Latest News
* AWS expands datacentre hardware recycling programme to Dublin
* Half of UK tech workers planning to leave role, finds Harvey Nash
* European Commission commits €865m funding for 5G, fibre networks
* View All News
Download Computer Weekly
* In The Current Issue:
* Government digital transformation will be challenged by the new era of
austerity
* AI disempowers logistics workers while intensifying their work
Download Current Issue
Latest Blog Posts
* Civo details FlexCore plug-&-play private (public-ish) cloud – Open Source
Insider
* What to expect from UiPath Forward & TechEd 2024 – CW Developer Network
* View All Blogs
Related Content
* UK’s McPartland Cyber Review to probe trust in ... – ComputerWeekly.com
* UK and France push for international agreement on ... – ComputerWeekly.com
* Google: Spyware vendors are driving zero-day ... – Security
Latest TechTarget resources
* CIO
* Security
* Networking
* Data Center
* Data Management
CIO
* For Sharp HealthCare, cloud technology comes with autonomy
Sharp HealthCare's cloud strategy spans public, private and SaaS platforms to
reduce vendor dependency and emphasizes knowledge ...
* DOJ focuses on AI in search, weighs Google breakup
While the DOJ assesses remedies for Google's illegal control over online
search, it's also heavily focused on AI and the future.
* Key technical debt reduction strategies
Suboptimal software fixes cost time and money as well as strain departments
throughout the organization. Here's how to develop ...
Security
* Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in
a third-party utility to breach Rackspace, the ...
* FTC orders Marriott to pay $52M and enhance security practices
The Federal Trade Commission says an investigation revealed that poor
security practices led to three data breaches at Marriott ...
* OpenAI details how threat actors are abusing ChatGPT
While threat actors are using generative AI tools like ChatGPT to run
election influence operations and develop malware, OpenAI ...
Networking
* What AI capabilities do network tools need?
AI networking tools have many beneficial capabilities. When evaluating AI
tools, engineers should prioritize the specific ...
* The future of Wi-Fi 7 adoption in enterprises
Wi-Fi 7 promises faster speeds and better performance, but complexities in
deployment and limited device compatibility have ...
* The push to make network engineering cool again
What does it mean to make networking cool again? To most network engineers,
it means building awareness about networking and ...
Data Center
* Data center providers design for severe weather surge
Data center providers are investing in resilient infrastructure and redundant
power to prevent extreme weather-related outages ...
* Dell expands AI Factory with new AMD servers
Dell adds to its AI Factory, extending its services and hardware to cover new
AMD-based servers in its push to provide ways to ...
* HCL vs. JSON: Configuration language uses, pros and cons
HCL and JSON are similar configuration languages. These languages are meant
for specific IaC scenarios, so companies should ...
Data Management
* 9 metadata management standards examples that guide success
Organizations looking to implement metadata management can choose from
existing standards that support archiving, sciences, ...
* Snowflake the engine for fintech firm's AI transformation
Specialist TS Imagine is using the data platform vendor's Cortex capabilities
to extract value from unstructured data and become ...
* Alation launches AI governance suite to meet rising need
With interest in generative AI increasing, the vendor's new suite aims to
help enterprises both mitigate risks as well as ...
* About Us
* Editorial Ethics Policy
* Meet The Editors
* Contact Us
* Our Use of Cookies
* Advertisers
* Business Partners
* Media Kit
* Corporate Site
* Contributors
* Reprints
* Answers
* E-Products
* Events
* In Depth
* Guides
* Opinions
* Quizzes
* Photo Stories
* Tips
* Tutorials
* Videos
* Computer Weekly Topics
All Rights Reserved, Copyright 2000 - 2024, TechTarget
Privacy Policy
Cookie Preferences
Cookie Preferences
Do Not Sell or Share My Personal Information
Close