\n<\/p>\n
For more than a decade, makers of government spyware<\/a> have defended themselves from criticism by saying that their surveillance technology is intended to be used only against serious criminals and terrorists, and only in limited cases.\u00a0\u00a0<\/p>\n The evidence gathered from dozens, if not hundreds of documented instances of spyware abuse all over the world, however, shows that neither of those arguments are true.\u00a0\u00a0<\/p>\n Journalists, human rights activists, and politicians have repeatedly been targeted in both repressive regimes and democratic countries. The latest example is a political consultant who works for left-wing politicians in Italy, who came out as the most recently confirmed victim<\/a> of Paragon spyware in the country.\u00a0<\/p>\n This latest case shows that spyware is proliferating far beyond the scope of what we have typically considered to be \u201crare\u201d or \u201climited\u201d attacks targeting only a few people at a time.\u00a0<\/p>\n \u201cI think that there is some misunderstanding at the heart of stories about who gets targeted by this kind of government spyware, which is that if you are targeted, you are Public Enemy Number One,\u201d Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, who has studied spyware for years, told TechCrunch.\u00a0\u00a0<\/p>\n \u201cIn reality, because targeting is so easy, we have seen governments use surveillance malware to spy on a broad range of people, including relatively minor political opponents, activists, and journalists,\u201d said Galperin.\u00a0<\/p>\n There are several reasons that explain why spyware often ends up on the devices of people who, in theory, should not be targeted.\u00a0\u00a0<\/p>\n The first explanation lies in the way that spyware systems work. Generally, when an intelligence or law enforcement agency purchases spyware from a surveillance vendor \u2014 like NSO Group, Paragon, and others \u2014 the government customer pays a one-time fee to acquire the technology, and then lower additional fees for future software updates and tech support.\u00a0\u00a0<\/p>\n The upfront fee is usually based on the number of targets that the government agency can spy on at any moment in time. The more targets, the higher the price. Previously leaked documents<\/a> from the now-defunct Hacking Team show that some of its police and government customers could target anywhere from a handful of people to an unlimited number of devices at once.\u00a0<\/p>\n While some democratic countries typically had fewer targets that they could surveil in one go, it wasn\u2019t uncommon to see countries with questionable human rights records with an extremely high number of concurrent spyware targets.\u00a0\u00a0<\/p>\n Giving such a high number of concurrent targets to countries with such strong appetites for surveillance all but guaranteed that the governments would target far more people outside the scope of just criminals and terrorists.\u00a0<\/p>\n \t\t\tDo you have more information about government spyware? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a> You also can contact TechCrunch via SecureDrop<\/a>.\t\t<\/div>\n Morocco<\/a>, the United Arab Emirates<\/a> (twice<\/a>), and Saudi Arabia<\/a> (several<\/a> times<\/a>), have all been caught targeting journalists and activists over the years. Security researcher Runa Sandvik, who works with activists and journalists<\/a> who are at risk of being hacked, curates an ever-expanding list of cases of spyware abuse around the world<\/a>.\u00a0\u00a0<\/p>\n Another reason for the high number of abuses, especially in recent years, is that spyware \u2014 such as NSO\u2019s Pegasus or Paragon\u2019s Graphite \u2014 makes it extremely easy for government customers to successfully target whoever they want. In practice, those systems are essentially consoles where police or government officials type in a phone number, and the rest happens in the background.\u00a0\u00a0<\/p>\n John Scott-Railton, a senior researcher at The Citizen Lab who has investigated spyware companies and their abuses for a decade, said that government spyware carries a \u201chuge abuse temptation\u201d for government customers.\u00a0\u00a0<\/p>\n Scott-Railton said spyware \u201cneeds to be treated like the threat to democracy and elections that it is.\u201d\u00a0<\/p>\n The general lack of transparency and accountability has also contributed to governments brazenly using this sophisticated surveillance technology without fear of consequences.\u00a0<\/p>\n \u201cThe fact that we have seen targeting of relatively small fish is particularly concerning because it reflects the relative impunity that the government feels in deploying this exceptionally invasive spyware against opponents,\u201d Galperin told TechCrunch.\u00a0<\/p>\n In terms of victims getting accountability, there is some good news.\u00a0\u00a0<\/p>\n Paragon made a point of very publicly cutting ties with the Italian government<\/a> earlier this year, arguing that the country\u2019s authorities refused help from the company in investigating abuses allegedly involving its spyware.\u00a0\u00a0<\/p>\n NSO Group previously revealed in court<\/a> that it disconnected 10 government customers in recent years for abusing its spyware technology, although it refused to say which countries. And it\u2019s unclear if those include the Mexican or Saudi government, where there have been countless documented cases of abuse.\u00a0\u00a0<\/p>\n On the customer side, countries like Greece<\/a> and Poland<\/a> have launched investigations into spyware abuses. The United States, during the Biden administration, targeted some spyware makers such as Cytrox, Intellexa<\/a>, and NSO Group<\/a> by imposing sanctions on the companies \u2014 and their executives<\/a> \u2014 and putting them on economic blocklists. Also, a group of mostly Western countries led by the U.K. and France<\/a> are trying to use diplomacy to put the brakes on the spyware market.\u00a0\u00a0<\/p>\n It remains to be seen if any of these efforts will curb or limit in any way what is now a global multibillion-dollar market, with companies more than happy to supply advanced spyware to governments with a seemingly endless appetite to spy on pretty much everyone they want to.\u00a0\u00a0<\/p>\n<\/div>\nContact Us<\/h4>\n