[ad_1]
Recently, more than 35 countries signed a new international agreement to cooperate to control the “hacker-for-hire” commercial market, in which private interests sell tools and services to support offensive cyber activities. In line with the Pall Mall Process, a shared commitment to act on issues, the signatories will work to deter irresponsible behavior by these organizations, to increase transparency of their activities, while working to establish mandatory oversight and instill accountability Methods. In addition to the government, major information technology companies such as Apple, BAE Systems, Google and Microsoft also attended the meeting. The meeting comes amid a significant increase in cyber espionage activities, which are being conducted by state and non-state actors to support widespread surveillance, espionage, surveillance and other forms of cyber violations. Notably absent is Israel, home to the headquarters of several leading companies in the technology, and countries such as Thailand, Mexico, Spain and Hungary have not signed on to the agreement.
According to the UK’s National Cyber Security Centre, the size of the commercial cyber espionage sector is doubling every decade. It comes after Britain’s Government Communications Headquarters (GCHQ) warned that more than 80 countries had purchased such technology over the past decade, a finding based on aggregation of classified and unclassified data. In fact, the industry has proven to be quite lucrative as more countries and organizations seek to outsource invasive capabilities to exploit the digital space for their own benefit. It is true that some of these purchases support law enforcement entities, although a large number of customers use these tools in suspected human rights abuses and may be abused by government and private sector interests to support data theft and other espionage-related activities.
To make matters worse, the entire unchecked industry is currently worth an estimated $12 billion and shows no signs of slowing down. The ease of purchasing corporate tools and services and the various associated price points significantly lowers the threshold for any government, agency or even private sector organization to immediately have the ability to conduct nefarious activities against targets and competitors. The monitoring techniques provided are highly sophisticated and often exploit current vulnerability information to increase their effectiveness. Given that many vendors’ tools exploit 20 of the 25 zero-day vulnerabilities discovered by Google Threat Analysis in 2023, it’s no surprise that access to these technologies is in such high demand.
Over the past year or so, the United States has taken a series of measures to try to curb the industry. Recently, the U.S. State Department issued a new policy on this matter, which will authorize the State Department to impose visa restrictions on individuals related to the abuse of commercial espionage software. The action comes nearly a year after the Biden administration issued an executive order banning U.S. government agencies from using commercial spyware. Also during this period, the United States and 48 other governments supported compliance with the Guiding Principles on Government Use of Surveillance Technology to demonstrate their commitment to democratic principles and respect for human rights. Although not legally binding, the joint statement highlights how these governments will build guardrails within their respective systems to ensure that commercial spyware is used within the bounds of civil liberties and the rule of law. Finally, it should be noted that the United States was the first government to take action against the industry, sanctioning NSO Group (as well as another Israeli company) whose Pegasus spyware was linked to multiple domestic surveillance incidents against journalists and media outlets related. Surveillance of political opposition individuals and groups.
However, despite this progress, a number of events have shown that some countries would rather cross the gray line. Poland recently admitted that it used the Pegasus spy tool under its previous government. The FBI obtained private-sector surveillance technology despite an executive order barring U.S. government agencies from acquiring it, although it claims it did not knowingly use the tool. So even if countries are changing their policy stance on these tools, it may take some time to socialize within their internal bureaucracies to ensure they are not exploited by their intelligence and law enforcement assets. Their strict policing of their own ranks will help demonstrate how serious they are about reducing the use of these weapons.
The multinational coalition is reminiscent of similar gestures of solidarity on contentious global issues. In 2015, G20 members agreed to an anti-hacking commitment in which all countries ensure the safe use of information and communications technologies through the principle of respecting and protecting privacy from unlawful interference. Among the countries that have signed the pledge are prominent adversaries such as China and Russia, but also more democratic-leaning governments such as Germany, the United Kingdom and the United States, which have been linked to offensive cyber operations. Unfortunately, the historic multinational commitments were all show and lacked substance or follow-up. They have not resulted in any changes in state behavior, nor have states suspected of breaching commitments been reprimanded for violating commitments they had agreed to. This leaves little confidence that current promises to rein in the hacker-for-hire market will have any discernible impact on the industry beyond obvious penalties.
The agreement is certainly an encouraging first step toward gaining some control over the commercial spyware market. However, so far, little is known about how these governments intend to carry out this mission. How will they track the sales of such technology, who buys it, and how it is used. Enforcement will be extremely important and will need to be done with caution, especially in democracies that must combine the freedoms of individuals and private corporations. Additionally, it is important to understand how governments will define, classify and punish potential violations, and whether standards will be consistent across all signatories or will be left entirely to the discretion of each government. Transparency is critical to ensuring that democratic governments represent democratic principles and to create accountable nations that adhere to standards that curb commercial espionage abuse.
The continued demand for this technology points to a belief that cyberspace is still the Wild West, and that having the capability but not needing it is better than not having the necessary tools and you need it. This is a great opportunity for governments to regain people’s trust and the only way they can demonstrate their commitment to reducing uncontrolled use of this technology, rather than going back to “make the rules for you, not for I make the rules” way.
related
[ad_2]
Source link