Google calls out spyware firms and advocates for tighter regulation

Google researchers named a roster of companies that offer a range of services to break into phones. PHOTO ILLUSTRATION: ST FILE
Updated
Feb 06, 2024, 07:17 PM
Published
Feb 06, 2024, 06:28 PM

SAN FRANCISCO - Internet giant Google on Feb 6 named what it said are some of the worst offenders in the surveillance software industry, calling on the United States and its allies to do more to rein in the sale and misuse of spy tools.

Spyware companies often say their products are meant for the use of governments for national security, but the technology has been repeatedly found to have been used to hack into the phones of civil society, political opposition and journalists in the last decade.

The industry has faced increasing scrutiny since Israeli company NSO’s Pegasus spyware was found on the phones of various people globally, including human rights defenders.

In a report on Jan 6, Google researchers said that while NSO is better known, there are dozens of smaller companies contributing to the dangerous proliferation of spy technology.

The findings by Alphabet’s Google are significant because the company has some of the best visibility into hacking campaigns globally, given the vast breadth of its online offerings.

“Demand from government customers remains strong, and our findings underscore the extent to which commercial spyware vendors have proliferated hacking and spyware capabilities that weaken the safety of the Internet for all,” researchers from Google’s TAG threat-hunting team said in the report.

“The private sector is now responsible for a significant portion of the most sophisticated tools we detect.”

The US and several of its allies in 2023 committed to work towards curbing the surveillance software industry, after at least 50 US government employees in 10 countries were found to have been targeted by spyware.

The Google researchers named a roster of firms that offer a range of services to break into phones and have been evolving to bypass the latest security measures by Apple and Google for their phone operating systems iOS and Android.

They include the Italian companies Cy4Gate and RCS Lab, Greek company Intellexa, and the lesser-known Italian company Negg Group and Spain’s Variston.

Negg Group’s website says the company is focused on cyber security, but Google said its software was found to have been used to spy on people in Italy, Malaysia and Kazakhstan.

Variston made software that infected users’ devices via the browsers Google Chrome, Mozilla Firefox or iOS apps, Google said, adding that another company, Protected AE – also known as Protect Electronic Systems – used a similar targeting technique.

The five companies either did not respond to requests for comment, or could not be reached.

The Google report comes a day after the US announced a new visa restriction policy for those it said were misusing commercial spyware, allowing the placing of restrictions on individuals believed to have been involved in the abuse of commercial spyware, as well as for those who facilitate such actions and benefit from it. REUTERS

More On This Topic
S’pore academic among at least 50 targeted by spyware campaign between Feb and June: Report
Apple users urged to update devices to prevent breach by Pegasus spyware

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top