Globally, the practice of new and interesting cyber-surveillance is becoming increasingly frequent in 2022.
According to a new study, the growing overlap between the world’s arms trade and the secretive surveillance industry could harm US national security and lead to even more abuse unless more accountability is put in place, which could lead to even more abuse.
It comes from the American think tank, the Atlantic Council, and it gives an in-depth look at a growing, cross-continental surveillance industry that makes billions of dollars but mostly stays out of the public eye. NSO Group and other companies that hire hackers have been accused of using their power for bad things for years now, but now countries are trying to figure out how to deal with this primarily unknown industry growing for years.
ISS World, a trade show for cyber-surveillance, and France’s Milipol, an exhibition for guns and tanks, are two places where hacking is the fastest-growing business, along with guns and tanks.
People who did this study looked at marketing materials from 224 surveillance companies, found out where these companies were advertising and found out how many surveillance tools were sold.
They also say that many companies that sell their products around the world, especially to people who don’t like NATO, are “irresponsible proliferators” who should get more attention from policymakers.
Among them are Israeli companies like Cellebrite, which makes tools for hacking phones and forensics, and countries like the US, Russia, and China that buy them. When China tried to crack down on Hong Kong, the company played a big part. When Bangladeshi “death squads” used their technology, they came under fire.
The report states that national security concerns should be raised by all customers when these companies start selling their goods to both NATO members and their enemies.
In the report, 75% of companies sell cyber-surveillance and intrusion products outside their continent. Winnona DeSombre, a fellow with the Atlantic Council’s Cyber Statecraft Initiative, says that these sales show that there could be problems with oversight.
Most of these businesses don’t seem willing to self-regulate, says the woman who spoke to the group.
When DeSombre labels companies like these “irresponsible proliferators,” he wants to get lawmakers worldwide to put more regulations on them.
When these companies start to sell their products to both NATO members and their enemies, it should make all customers think about their national security.
In the last few years, governments have tried to get more involved in some ways. There were stricter rules on surveillance technology in the EU last year, intending to open the industry. And in the previous month, the US has made it more challenging to sell intrusion tools. It was one of many companies that the US put on a “blacklist” because of accusations that spyware it sold to foreign governments was used to target journalists, businesspeople and activists, as well as embassy workers. NSO Group is one of the companies on the list. NSO has always said that it doesn’t do anything wrong and that it strictly investigates abuse and turns off customers who do it.
However, one of the report’s authors says that it is crucial to understand the accurate scale of what is going on.
“The most important thing to remember from this paper is that we are dealing with an industry,” says Johann Ole Willers, a fellow at the Norwegian Institute of International Affairs (NUPI) Center for Cyber Security Studies and the author of the paper. That is a significant thing to know, and it’s not enough to go after NSO Group.
There is a warning from the UN that you should
Mercenaries are becoming more common in cyberspace, which UN human rights experts say is bad for people.
The chair of a United Nations working group on the issue said in a statement: “It is clear that cyberactivities can cause violations both in armed conflicts and in peacetime, which means that a wide range of rights are at stake.” “The right to life, economic and social rights, freedom of expression and privacy, as well as the right to self-determination” are some of the things that the group wants to protect.
There are many ways to hide what you do in the cyber-surveillance industry. Shell companies and resellers are standard, and both sellers and buyers use many tools to hide their interactions.
“The public doesn’t know enough about the industry to tell the bad companies from the good ones,” says DeSombre.
A report says that the recent indictment of former US intelligence officers who worked for the United Arab Emirates shows that spying abilities developed by countries that are friends can be used for other things. The United Arab Emirates then used hacking tools and skills that the US government made to spy on hundreds of people, including many Americans.
Use and abuse it
People who study ecosystems have ideas for how governments might learn to understand and control this growing one. There should be more “know your customer” rules in the industry so that every seller can better understand how potential customers might use or abuse a hacking tool, they say.
In their paper, the researchers say that NATO countries, which host many of the most important cyber-surveillance trade events, should limit the attendance of irresponsible vendors at arms fairs. There should also be more international cooperation to get rid of loopholes in export laws that let vendors evade controls and sell to authoritarian regimes, the people who say this say. Finally, they want people to name and shame irresponsible sellers and buyers.
There are a lot of private companies who are willing to act irresponsibly, says the report. These companies could make marketing tools that authoritarian regimes or non-Nato allies could use as tools of oppression.
The report says that there will be “a growing number of private corporations” who see no harm in boosting the cyber arsenals of major Western adversaries, only profit.
edited and proofread by nikita sharma