The Companies Helping Governments Hack Citizens' Phones: a 'Thriving' Industry (fastcompany.com) 8
Fast Company notes that "the deadly impacts of Pegasus and other cyberweapons — wielded by governments from Spain to Saudi Arabia against human rights defenders, journalists, lawyers and others — is by now well documented. A wave of scrutiny and sanctions have helped expose the secretive, quasi-legal industry behind these tools, and put financial strain on firms like Israel's NSO Group, which builds Pegasus.
"And yet business is booming." New research published this month by Google and Meta suggest that despite new restrictions, the cyberattack market is growing, and growing more dangerous, aiding government violence and repression and eroding democracy around the globe.
"The industry is thriving," says Maddie Stone, a researcher at Google's Threat Analysis Group (TAG) who hunts zero-day exploits, the software bugs that have yet to be fixed and are worth potentially hundreds of millions to spyware sellers. "More companies keep popping up, and their government customers are determined to buy from them, and want these capabilities, and are using them." For the first time, half of known zero-days against Google and Android products now come from private companies, according to a report published this month by Stone's team at Google. Beyond prominent firms like NSO and Candiru, Google's researchers say they are tracking about 40 companies involved in the creation of hacking tools that have been deployed against "high risk individuals."
Of the 72 zero-day exploits Google discovered in the wild between 2014 and last year, 35 were attributed to these and other industry players, as opposed to state-backed actors. "If governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over," reads the report.
The Google findings and a spyware-focused threat report published by Meta a week later reflect an increasingly tough response by Big Tech to an industry that profits from breaking into its systems. The reports also put new pressure on the US and others to take action against the mostly unregulated industry.
"In its report, Google describes a 'rise in turnkey espionage solutions' offered by dozens of shady companies..."
Thanks to Slashdot reader tedlistens for sharing the article.
"And yet business is booming." New research published this month by Google and Meta suggest that despite new restrictions, the cyberattack market is growing, and growing more dangerous, aiding government violence and repression and eroding democracy around the globe.
"The industry is thriving," says Maddie Stone, a researcher at Google's Threat Analysis Group (TAG) who hunts zero-day exploits, the software bugs that have yet to be fixed and are worth potentially hundreds of millions to spyware sellers. "More companies keep popping up, and their government customers are determined to buy from them, and want these capabilities, and are using them." For the first time, half of known zero-days against Google and Android products now come from private companies, according to a report published this month by Stone's team at Google. Beyond prominent firms like NSO and Candiru, Google's researchers say they are tracking about 40 companies involved in the creation of hacking tools that have been deployed against "high risk individuals."
Of the 72 zero-day exploits Google discovered in the wild between 2014 and last year, 35 were attributed to these and other industry players, as opposed to state-backed actors. "If governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over," reads the report.
The Google findings and a spyware-focused threat report published by Meta a week later reflect an increasingly tough response by Big Tech to an industry that profits from breaking into its systems. The reports also put new pressure on the US and others to take action against the mostly unregulated industry.
"In its report, Google describes a 'rise in turnkey espionage solutions' offered by dozens of shady companies..."
Thanks to Slashdot reader tedlistens for sharing the article.
Re: (Score:2)
Well, Israel are our 'friends' so any espionage has the tacit support of our king, prime minister and intelligence partners within the 5-eyes community, surely?
If not, shouldn't they pressure Bibi to restrain Pegasus?
Re: GoFundMe (Score:4, Informative)
Well, given that you're just a coward, I'd wager nobody would come to kick in your mom's basement door. Mostly because nobody cares what you think.
Nobody cares what I think either, so I mostly just remind trolls of their place in the world now.
I'm just brave enough to do it logged the fuck in.
"logged the fuck in" (Score:2)
>> "logged the fuck in"
Does that mean you keep a log of your fucks ? with all details ?
Talking about the NSO group as if.. (Score:3)
Is this a surprise? (Score:3)
1) How many of these companies might as well be extensions of a government
2) How many governments willingly break their own laws to steal citizen data without legal cause
The fact that these tools are then used by people/governments who are alleged to murder people that disagree with them is irrelevant to the companies involved. Most will sell to anyone with the money in the end, because money is everything. Even those with a theoretical stop because of ideology will end up selling to someone they hate because of a third party intermediary.
In the end it should be noted that many of these companies have multiple motives. That means these tools should be considered just as dangerous for the person/agency using them to gain data.
Seems antithetical to geekery (Score:2)