Spyware is a flourishing business and runs under the government’s radar despite efforts to crack down on the very lucrative and invasive digital surveillance economy.
Google’s Threat Analysis Group (TAG) published a report on Tuesday (6 Feb) with a series of insights on commercial surveillance vendors (CSVs).
CSVs the focus of U.S. and Google sights
These CSVs exacerbate the effect of cyber-crime when their tools tumble into the wrong hands, or in some cases land in the wrong ones for the right price.
The search engine giant keeps tabs on forty of these surveillance tools that offer their spyware to government clients. At the base of the published report each known CSV is accompanied by a detailed list of their actions and pay-to-access software.
The TAG report found that almost half of the ‘0-Day’ exploits that hit Google and Android devices are software designed by entities that develop spyware.
A ‘0-Day’ exploit is a vulnerability in a system not detected and it essentially gives the developers of that system zero days to fix the metaphorical hole in the defenses.
TAG unearthed that 25 0-days happened across the last year, with 20 of those being caused by software developed by a CSV.
According to the TAG report, Google believes “it is time for government, industry and civil society to come together to change the incentive structure which has allowed these technologies to spread.”
In March of 2023 a joint statement was released by eleven nations as a shot across the bow to commercial spyware developers internationally.
”The misuse of these tools presents significant and growing risks to our national security, including to the safety and security of our government personnel, information, and information systems,” the joint statement read.
In a further strengthening of policy, the U.S. Secretary of State Anthony Blinken announced this week that visa restrictions would be applied to any individuals involved in the misuse of commercial spyware.
”The United States remains concerned with the growing misuse of commercial spyware around the world to facilitate repression, restrict the free flow of information, and enable human rights abuses,” said the release.
Blinken’s approach as Secretary of State mirrors that of Google, saying the U.S. “stands on the side of human rights and fundamental freedoms and will continue to promote accountability for individuals involved in commercial spyware misuse.”
Both the U.S. and the technology powerhouse have a dedicated approach to limit the impact CSVs can have on both the citizens United States and users globally, but it remains to be seen if spyware continues to be a presence in the background.
Featured image: Dall-E