



Google said Tuesday it is tracking at least 40 companies involved in creating spyware and other hacking tools that are sold to governments and deployed against high-risk users, including journalists, human rights activists and dissidents. Announced.

Vendors have developed a slew of tools and tricks to break into mobile phones, laptops, and other devices, and have become a major thorn in the side of tech giants like Google and Apple.

In a report released Tuesday, Google says the company will take stronger action against U.S. and other governments against companies whose spyware vendors, many of which have yet to garner headlines or condemnation on a global scale. I asked.

The report was released a day after U.S. Secretary of State Anthony Blinken announced new visa restrictions for people involved in exploiting commercial spyware. It also coincided with the UK and France holding a diplomatic conference in London and announcing new international commitments to tackle the proliferation of spyware tools.

A Google spokesperson told Recorded Future News that the company's report is not related to this announcement, but the move is among several steps Congress is taking to address the spyware issue. He said that is part of what he is hoping for.

“Until recently, a lack of accountability has allowed the spyware industry to spread dangerous surveillance tools around the world. Restricting spyware vendors' ability to operate in the United States will allow spyware vendors to continue to grow.” “This will help change the incentive structure that has remained in place,” they said.

Google's experience fighting spyware vendors dates back to 2017, when it discovered the NSO Groups Chrysaor malware targeting Android smartphones. Since then, the company has exposed the activities of multiple vendors including his Variston, RCS Labs, and Candiru.

Many of Google's reports outline past disclosures about several major spyware companies, including NSO Group, Candiru, Cy4Gate, DSIRF, Intellexa, Negg, PARS Defense, QuaDream, RCS Lab, Variston, and WintegoSystems.

Google noted that these companies are outpacing governments in developing advanced hacking capabilities. NSO Group, Candiru, Cytrox and Intellexa have been sanctioned by US authorities in recent years.

The United States recently sanctioned Israeli spyware maker NSO Group, as well as Candiru, Cytrox, and Intellexa.

Spyware companies typically defend their work by pointing to its use in law enforcement and counterterrorism, but Google has found that its tools are among the weakest in society, based on extensive research into companies' efforts to hack Google products. He said he found that it was often directed at people in positions of power.

Although spyware targets fewer users than other types of cyber threat activity, the subsequent impact is much more far-reaching. Google said this type of intensive targeting threatens free speech, press freedom, and election integrity around the world.

As a threat actor, [commercial surveillance vendors] Half of all known zero-day exploits used against Google products and Android ecosystem devices pose a potential threat to Google users. [commercial surveillance vendors].

The 40 vendors we track vary in their level of exposure and sophistication. These companies not only sell applications and tools to hack devices, but they also typically provide access to proprietary vulnerabilities in their products that enable the use of spyware technology.

Companies are building relationships with governments to deliver not only known vulnerabilities and exploits for vulnerabilities that involve one or zero clicks, but also a range of zero-day exploits that take advantage of vulnerabilities that defenders don't yet know exist. I am.

In 2023, Google's Threat Analysis Group (TAG) found 25 zero-days actively exploited in the wild, 20 of which were being exploited by commercial surveillance vendors.

CSV operates with deep technical expertise and offers paid tools that bundle exploit chains designed to penetrate the defenses of the devices of your choice, spyware, and necessary infrastructure, all on individual devices. Collect the necessary data from. researchers said.

Government customers who purchase this tool want to collect different types of data about their highest-value targets, including passwords, SMS messages, emails, location information, phone calls, and even audio and video recordings. Masu. To collect this data, CSVs often develop spyware that targets mobile devices.

The report cites a New York Times and Amnesty International investigation that found that spyware company Intellexa offered customers the ability to install spyware implants on 10 Android or iOS devices for 8 million. Prices increase depending on whether the device is located within government borders or in another country. The company guaranteed him one year of maintenance against spyware infections and promised to roll out new zero-day exploits once other patches were applied.

Employees may visit government facilities to perform spyware operations and offer to extract all kinds of data on the devices.

The problem, according to Google, is that there is currently a voracious demand from governments to buy this kind of technology, which could lead to more vendors emerging if news organizations become too scrutinized. This means that there is a high possibility that the name will be changed.

The report includes specific profiles of five vendors and several victims in Mexico, Russia, and El Salvador who were harmed by the spying tools sold by these companies.

Google said it is trapped in a game of whack-a-mole that makes it difficult for spyware vendors to discover and disclose new vulnerabilities, forcing them to spend time developing new exploit chains.

Google praised the U.S. government for imposing sanctions and called on other countries to extend these restrictions as well.

But Google says the U.S. needs more transparency, including setting more transparency requirements for the domestic surveillance industry and setting an example for other governments by reviewing and disclosing the historical use of these tools. He added that ways to increase this should also be considered.

Google also said the United States should limit the ability of spyware vendors to operate in the United States and receive investment from the United States.

We urge the U.S. government to work with governments in countries that have problematic vendors and those using these tools to build support for measures to limit the damage caused by this industry. We urge you to lead diplomatic efforts to

Jonathan Greig

Jonathan Greig is a breaking news reporter for Recorded Future News. Jonathan has been working all over the world as a journalist since 2014. Before he returned to New York City, he worked for news organizations in South Africa, Jordan, and Cambodia. He previously covered cybersecurity for ZDNet and TechRepublic.

Sources 1/ https://Google.com/ 2/ https://therecord.media/google-spyware-vendors-are-behind-half-of-all-zero-days

