Google urges for stricter regulation of spyware companies and their advocates.
(Reuters) – Internet giant Google on Tuesday called out surveillance software companies it said were enabling the use of dangerous hacking tools, urging the United States and its allies to do more to crack down on the spyware industry.
Spyware companies often say their products are intended for use by governments for national security. However, the technology has been repeatedly used to hack the phones of civil society, the political opposition and journalists over the past decade. The industry has come under increasing scrutiny since the Israeli NSO’s Pegasus spyware was found on the phones of many people worldwide, including human rights defenders.
In a report released Tuesday, Google researchers said that while NSO is better known, there are dozens of smaller companies that help the spy technology spread for nefarious purposes.
Alphabet Inc’s Google’s findings are significant because the company has the world’s highest visibility in hacking campaigns, given its vast online presence.
“Demand from government customers remains strong, and the findings underscore the extent to which commercial spyware vendors have increased hacking and spyware capabilities that make the Internet less secure for everyone,” researchers from Google’s TAG threat hunting team said in the report.
“The private sector is now responsible for a significant portion of the most advanced tools we detect.”
The U.S. and several of its allies pledged last year to crack down on the surveillance software industry after at least 50 U.S. government employees in 10 countries were found to have been targeted by spyware.
Google researchers named a number of companies that offer various services for hacking phones and have evolved to bypass Apple and Google’s latest security measures for their phone operating systems iOS and Android.
They include Italy’s Cy4Gate and RCS Labs, Greece’s Intellexa, and the lesser-known Italy’s Negg Group and Spain’s Variston.
Negg Group’s website says the company focuses on cybersecurity, but Google said its software has been used to spy on people in Italy, Malaysia and Kazakhstan.
Variston made software that infects users’ devices through Google Chrome, Mozilla Firefox or iOS browsers, Google said, adding that another company, Protected AE, also known as Protect Electronic Systems, used a similar targeting technique.
Five companies either did not respond to requests for comment or were unavailable.
Google’s report comes a day after the United States announced a new policy to restrict visas for those it says have misused commercial spyware. This allows for restrictions to be placed on individuals believed to be involved in the misuse of commercial spyware, as well as those who facilitate and profit from such activities.
“Limiting the ability of spyware vendors to operate in the United States will help change the incentive structure that has allowed them to continue to grow,” Google said in a statement.
(Additional reporting by Christopher Bing in Washington; Editing by Chizu Nomiyama)