The Pegasus scandal broke into the public eye three years ago and has been widely reported in the media ever since. Yet, the surveillance industry has not been fixed. On the contrary, the spyware problem seems to worsen as time passes.
In light of these issues, civil society organizations and business organizations have written an open letter on Tuesday, September 3 encouraging European regulators to take more decisive action to combat the threats posed by the overuse of spyware to fight the dangers it brings.
In the opinion of the experts, it is a non-negotiable issue - the EU Commission needs to come up with a legal framework that includes "a ban on the manufacturing, exporting, selling, importing, acquiring, transferring, servicing, and using of spyware inside the EU."
There is a loose definition of spyware in computer science, but it is generally considered to be malicious software that enters a user's computer, gathers data about them, and relays that data to a third party without their knowledge or consent.
Additionally, there are legitimate software programs, such as consumer monitoring software, that collect and use information from user's computers to provide users with advertisements that are relevant to them
It is however worth noting that malicious spyware is specifically designed to take advantage of the theft of personal information to make money.
There is no doubt that spyware can gather and collect private data, which leaves them open to data breaches and the misuse of their personal information, regardless of whether the person using their information is legitimate or not.
The result of spyware campaigns is that devices and networks are slower, delaying daily user activities and resulting in increased costs.
Understanding the way spyware works is an important part of preventing issues when using it in both business and personal settings.
A crucial aspect of spyware which makes it so dangerous is the fact that it can be very difficult to detect, yet pretty easy to inject. This fact makes it one of the key strengths of spyware.
This is an excellent example of a zero-click attack, called Pegasus since users can harvest it without leaving a trace on any device that becomes infected. There is no security software, not even the best VPN or antivirus apps, that can fully protect users against this growing threat, which makes it impossible for their use alone to be helpful.
In the future, it would be reasonable to argue that spyware may one day be one of the most crucial tools available to governments for the purpose of national security.
As of yet, however, there has been a longer list of authorities that have abused the accessibility of the service.
A report claims that Mexico became the first organization to purchase the Israeli cyber-intelligence firm NSO Group's powerful technology in 2011 to support the country's fight against narco-trafficking to help the country combat the drug problem. According to the investigative team of Pegasus, more than a dozen Mexican journalists and activists had their phones found to be infected with the virus in 2017.
It is believed that over 50,000 phones all over the world were compromised during the Pandora's box incident in 2021. The phone that belonged to the journalist Jamal Khashoggi, who was assassinated inside the Saudi Arabian consulate in Istanbul in 2018, is one of the ones included in these records. In the course of the investigation, it was revealed that over 46 countries around the world bought this very intrusive tool, including at least 14 different nations in the European Union.
In a new investigation into the use of so-called Predator spyware a few years later, a more in-depth analysis showed that the EU spyware problem is worse than originally thought. It is most likely because the tool was not just used across the EU as a spying tool for journalists, politicians, and activists, but because it was developed, distributed, and exported by EU-based firms based in France, Ireland, and Greece, most of which operate in at least 25 countries around the world.
Its hard to comprehend how the spy industry is still allowed to function as one of the most lucrative fields of business today. It seems that even Google is concerned that this outbreak of information warfare could pose a threat to free speech, free press, and the integrity of elections throughout the world.
As an example, many companies are turning to what is known as bossware to improve the monitoring of their remote workers in an effort to make sure they are on top of things.
Work productivity monitoring applications, though legal in many countries, raise significant concerns regarding the potential for abuse. These tools, originally designed to track employee performance, have also opened the door to misuse. While the specific regulations around such software vary depending on jurisdiction, the risk of unethical usage persists across the board.
Particularly alarming is the potential for these applications to be weaponized by malicious actors, including hackers, stalkers, and even criminals. The accessibility of these technologies, which often do not require extensive technical knowledge to operate, leaves many individuals exposed to cyber threats. In more personal contexts, such as domestic abuse, an abusive partner could use such an app to exert control, spy on communications, or track movements, further exacerbating the dangers of spyware.
This growing concern is reflected in recent statistics. A study by the security firm Avast reported a staggering 329% increase in mobile stalkerware usage since 2020. Such figures highlight the expanding threat posed by spyware, not only in corporate environments but also in everyday life.
Further complicating matters is the blurred line between the use of spyware by governments and its regulation. The New York Times recently conducted an investigation revealing that, although the Biden administration has officially banned the use of hacking tools created by the Israeli firm NSO, there remain ongoing efforts by U.S. authorities to find a legal avenue for their utilization. This suggests that while some forms of spyware are deemed unacceptable for certain uses, governments may still be inclined to leverage them under particular circumstances, thereby setting a complex precedent for how these tools should be governed.
The international community has begun addressing this issue. On February 6, 2024, the United Kingdom and France spearheaded an international agreement aimed at curbing the human rights abuses associated with spyware. This joint effort seeks to establish policies that regulate the deployment of intrusive cyber tools in a manner that is both legal and responsible. However, despite these efforts, skepticism remains about whether such regulations will be sufficient to prevent the harm caused by spyware.
In 2022, the European Data Protection Supervisor (EDPS) raised significant concerns about the impact of modern spyware on individual privacy. The EDPS emphasized that the unprecedented level of intrusiveness offered by such technology "threatens the essence of the right to privacy" due to its ability to infiltrate the most intimate aspects of daily life. In their view, the use of spyware is fundamentally incompatible with European Union (EU) law, further underscoring the challenges of regulating this highly invasive technology.
The most effective way to manage the threat of spyware is through prevention. However, avoiding spyware installation isn't always straightforward. Cybercriminals can exploit vulnerabilities in even trusted websites, allowing them to infect a user's computer without any interaction. In such scenarios, relying solely on avoiding suspicious downloads or attachments is insufficient protection.
To safeguard against spyware, individuals are advised to use robust internet security solutions that include reliable antivirus and antimalware detection features. In addition to standard protection, these solutions should offer proactive defences, such as real-time monitoring and detection of potential threats. For users whose systems have already been compromised, many security providers offer specialized spyware removal utilities, designed to identify and eliminate spyware from infected devices. It is crucial, however, to ensure that these utilities are obtained from reputable security providers, as some fraudulent software tools masquerade as spyware removal programs while actually embedding spyware themselves.
While several free antivirus options are available, it is important to recognize their limitations. A free trial can be useful for assessing a product's capabilities, but for comprehensive protection, especially against spyware, users should consider investing in a full-featured internet security suite. Features like virtual encrypted keyboards for securely entering financial information, strong anti-spam filters, and cloud-based detection systems can provide critical layers of defence, reducing the risks posed by spyware schemes.
At end, while productivity monitoring apps and spyware can serve legitimate purposes, their potential for abuse, combined with their increasing use, underscores the need for stringent regulation, heightened awareness, and proactive security measures to protect against both corporate misuse and individual harm.
