Google calls out spyware firms and advocates for tighter regulation (updated)
06/02/2024 14:06
(Updates first paragraph with details, Google comment on visa
restrictions in final paragraph)
By Zeba Siddiqui
Feb 6 (Reuters) -
Internet giant Google GOOGL.O on Tuesday called out a
series of surveillance software companies that it said were
enabling the use of dangerous hacking tools, and urged the
United States and its allies to do more to rein in the spyware
industry.
Spyware firms often say their products are meant for the use
of governments for national security. However, the technology
has been repeatedly found to have been used to hack into the
phones of civil society, political opposition and journalists in
the last decade. The industry has faced increasing scrutiny
since the Israeli firm NSO's Pegasus spyware was found on the
phones of various people globally, including human rights
defenders.
In a report on Tuesday, Google researchers said that
while NSO is better known, there are dozens of smaller firms
helping the proliferation of spy technology for malicious uses.
The findings by Alphabet Inc's GOOGL.O Google are
significant because the company has some of the best visibility
into hacking campaigns globally, given the vast breadth of its
online offerings.
"Demand from government customers remains strong and our
findings underscore the extent to which commercial spyware
vendors have proliferated hacking and spyware capabilities that
weaken the safety of the Internet for all," researchers from
Google's TAG threat-hunting team said in the report.
"The private sector is now responsible for a significant
portion of the most sophisticated tools we detect."
The United States and several of its allies committed last
year to work toward curbing the surveillance software industry,
after at least 50 U.S. government employees in 10 countries were
found to have been targeted by spyware.
The Google researchers named a roster of firms that offer a
range of services to break into phones, and have been evolving
to bypass the latest security measures by Apple AAPL.O and
Google for their phone operating systems iOS and Android.
They include the Italian firms Cy4Gate and RCS Labs, Greek
company Intellexa, and the lesser-known Italian company Negg
Group and Spain's Variston.
Negg Group’s website says the company is focused on
cybersecurity, but Google said its software was found to have
been used to spy on people in Italy, Malaysia, and Kazakhstan.
Variston made software that infected user’s devices via the
browsers Google Chrome, Mozilla Firefox or iOS apps, Google
said, adding that another company, Protected AE -- also known as
Protect Electronic Systems -- used a similar targeting
technique.
The five companies either did not respond to requests for
comment, or were not reachable.
The Google report comes a day after the United States
announced a new visa restriction policy for those it said were
misusing commercial spyware, allowing the placing of
restrictions on individuals believed to have been involved in
the abuse of commercial spyware, as well as for those who
facilitate such actions and benefit from it.
"Limiting spyware vendors' ability to operate in the U.S.
helps to change the incentive structure which has allowed their
continued growth," Google said in a statement.
(Additional reeporting by Christopher Bing in Washington;
Editing by Chizu Nomiyama)
((zeba.siddiqui@tr.com;))