Google has urged the US government and its allies to take stronger actions to regulate the spyware industry, which sell a line-up of surveillance software for the purpose of hacking into individuals' phones.
Pegasus, a spyware tool manufactured by Israeli firm NSO, has been found to have been used on several journalists and activists in India for the purpose of surveillance.
In the report on Tuesday, Google researchers highlighted that while NSO is widely recognised, numerous smaller firms are also contributing to the spread of spy technology for malicious purposes, according to Reuters.
The researchers from Google's TAG threat-hunting team said in the report, "Demand from government customers remains strong and our findings underscore the extent to which commercial spyware vendors have proliferated hacking and spyware capabilities that weaken the safety of the Internet for all."
It added, "The private sector is now responsible for a significant portion of the most sophisticated tools we detect."
The release of the Google report coincides with the United States' announcement of a revised visa restriction policy targeting individuals accused of exploiting commercial spyware. The policy enables the imposition of restrictions on individuals suspected of involvement in the misuse of commercial spyware, as well as those who aid and profit from such activities.
"Limiting spyware vendors' ability to operate in the U.S. helps to change the incentive structure which has allowed their continued growth," Google said.
Spyware companies frequently claim that their products are intended for governmental use in the interest of national security. However, over the past decade, the technology has been consistently used to infiltrate the phones of individuals within civil society, political opposition, and journalism circles.
The industry has come under heightened scrutiny following revelations of the Israeli firm NSO's Pegasus spyware being discovered on the devices of numerous individuals worldwide, including human rights advocates.
In 2019, WhatsApp, a messaging application owned by Facebook, alerted the Indian government about a vulnerability in its code. The company, which filed a lawsuit against NSO, informed the government that approximately 1,400 individuals worldwide, including 121 Indians, had been targeted by such surveillance.
Last year, the United States and several of its allies pledged to collaborate in efforts to restrain the surveillance software industry. The commitment came after reports emerged that at least 50 US government employees across 10 countries had been targeted by spyware.
Google researchers identified a list of companies offering diverse services to breach phone security, continually adapting to circumvent the latest security measures implemented by Apple and Google for their iOS and Android operating systems.
Among them are Italian firms Cy4Gate and RCS Labs, the Greek company Intellexa, and lesser-known entities such as Negg Group from Italy and Variston from Spain.
Wikileaks archive reveals extensive communication over several years between the Italian spyware company, the Hacking Team, and intermediaries based in India.
These correspondences reveal explicit references to the clientele represented by these intermediaries, notably various state police forces and the cabinet secretariat.
Spanning from 2011 during the UPA II government's tenure to 2015 under the BJP-led government of Narendra Modi, these emails provide a window into the dynamics of surveillance technology transactions during this period.
The spyware developed by the Hacking Team also went by the names Galileo, Da Vinci, and the Remote Control System Intelligence module.
Comments