Sotera Digital Security’s Post

The EU is asleep at the wheel when it comes to dealing with #spyware, and now its lawmakers are becoming targets of this spying technology - I wrote about it for Euronews along with my brilliant European Digital Rights colleague. Read!!! ⤵ https://lnkd.in/gHunFxqt "The incoming EU lawmakers have a choice: confront and act against the menace of spyware to ensure our safety and the integrity of our democracy, or become its next targets."

This week, Google's Threat Analysis Group released a report into commercial spyware vendors (CSVs). Key takeaways from the report include the growing numbers of CSV providers, the use of these tools against journalists, dissidents, human rights defenders and political opponents and the use of 'zero day' vulnerabilities by this threat actor category. The report concludes that 'if governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over. The private sector is now responsible for a significant portion of the most sophisticated tools' detected by Google.   CSVs ultimately lower the barrier to entry into offensive cyber activity, enabling states without a developed cyber capability or robust regulatory frameworks to nevertheless engage in cyber-enabled activity. While there are some legitimate uses to commercial spyware, such as to aid law enforcement investigations, there is a growing amount of evidence highlighting state use of CSV products to target and intimidate key parts of civil society for wider political purposes, namely journalists, political opposition figures and human rights advocates. The Pegasus revelations confirm that democracies, as well as more autocratic states, also utilised spyware in this manner.   States’ recent efforts to discourage spyware proliferation are hamstrung by loopholes, a lack of regulatory, oversight and enforcement capability and failure to develop a robust international consensus regarding use of commercial tooling. Initiatives to curb the spyware market by sanctioning individual companies are unlikely to have a significant effect, given the increasing diversity of the market and evidence of corporate 'rebranding' to avoid scrutiny and legal action. Ultimately, the use of CSVs and their products represents a growing threat to a wide section of society, with the potential for use cases to expand to include public and private sector entities as well as individuals. #threatintelligence #cybersecurity

🚨 The Brussels #spyware scandal that shocked us last month makes it evident: EU's current approach to spyware is not cutting it. 😨 #Spyware can turn a phone into a real-time spying device, even remotely activating the microphone & camera. Our journalists and lawmakers are increasingly becoming targets of this nefarious #surveillance technology, which is endagering EU #democracy ❌ The European Media Freedom Act #EMFA, passed yesterday by the European Parliament, claims to protect journalists and media workers. Despite its lofty ambitions, the law falls short of this goal - especially when it comes to safeguarding them from spyware. In fact, it may end up promoting the use of spying tools against journalists 👀 We ask: When will the EU finally stop twiddling its thumbs on spyware and take action? Read our take in Euronews ⤵ https://lnkd.in/gZTvh3tJ

Current and former Polish officials face probe of alleged spyware abuse. Why it matters: 1. A Polish spyware scandal reflects the rise of illicit government surveillance globally, with prior scandals in Spain, Greece, Hungary, and Serbia. The Polish probe provides hope for accountability, setting a precedent on an international stage. 2. A former ruling party stands accused of leveraging commercial spyware against opponents during election periods playing into fears of electoral interference. The legal proceedings will serve as an essential signal to assure European democracies against the misuse of spyware. 3. Mercenary spyware's vast reach is underlined by Apple’s warning to users in 92 countries against potential invasions. Therefore, the investigation's outcome could impact surveillance standards and counteractions against spyware across jurisdictions. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/eXRg5asb

#Pegasus Spyware Targeted #iPhones of Reporters and Activists in #Jordan The iPhones of around thirty journalists, activists, human rights lawyers, and members of civil society in Jordan were targeted with #NSO Group's Pegasus spyware, as revealed by Access Now and the #citizenlab . Out of these 35 individuals, nine have been publicly acknowledged as targets, with six having their devices infiltrated by the spyware tool. These infections are believed to have occurred between 2019 and September 2023. Access Now highlighted that in certain instances, the culprits pretended to be journalists, reaching out to victims under the guise of conducting interviews or requesting quotes. Within their messages, they inserted malicious links containing Pegasus #spyware. Additionally, Access Now reported that some victims were repeatedly targeted with Pegasus spyware, illustrating the persistent and ongoing nature of this focused #surveillance effort. The #Israeli company has faced scrutiny for not enforcing robust human rights protections before providing its cyber intelligence technology to #government clients and law enforcement agencies, purportedly for the purpose of combatting terrorism and serious crimes. #hackers #Telegram #latestnews #cybernews #Facebook #ransomware #cybercriminals #cybersecurity #CyberSharks source: https://lnkd.in/g9q7fDTp

🕵️♂️ Poland's Prime Minister, Donald Tusk is revealing the illegal use of Pegasus spyware by the previous government. This incident underscores the delicate balance between national security and personal privacy, highlighting the need for stringent regulations and oversight on surveillance technologies. As professionals, it's crucial to advocate for responsible tech use, ensuring that advancements serve to protect citizens' rights rather than infringe upon them. https://lnkd.in/dtUypqQe #Cybersecurity #EthicsInTech #DigitalPrivacy

⚠️ Individuals are facilitating financial benefit by misusing of spyware technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government. Read here: https://lnkd.in/dRFZa58a #SimpleCyber #CyberNews #cybersecurity #spyware

Four things we learned when US spy chiefs testified to Congress US intelligence leaders gave their most recent — and frank — assessment of global cyber threats Cyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intelligence agency’s latest global risk assessment. In the last few years, the U.S. government turned its attention to the government spyware industry, currently made of companies like NSO Group and Intellexa, and previously Hacking Team and FinFisher. In its annual report, the intelligence community wrote that, “from 2011 to 2023, at least 74 countries contracted with private companies to obtain commercial spyware, which governments are increasingly using to target dissidents and journalists.” https://lnkd.in/gyp3TiQW #CyberSecurity #cyberwar #surveillance #AI #spyware #disinformation

'Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy' explores the role of investigators in exposing spyware and in linking their use to governments targeting dissenters. Read the review @bindinghook https://lnkd.in/e_-qWHZK