Faced with growing threats of cyberattacks, 35 states and many large companies have signed an agreement called the Pall Mall Process. Their goal: to fight against the use of spyware for commercial purposes.
Computer espionage is a real scourge that spares no country. Especially since it is now industrialized. Many specialized companies develop and market spyware – spyware – designed to steal all messages, photos, personal and banking details but also to divert calls, trigger the microphone or camera of the devices they infect ( computers and mobile phones mainly).
Initially, these digital spies were intended exclusively for government agencies which used them for political, strategic or security purposes. But, today, it is very easy to obtain it, in particular with the development of generative AI for the general public, which makes it easier to get started in hacking and is a great help for coding, including malware. As a result, some smart guys use it to spy on those around them or to sell their victims’ data on the Internet in order to replenish their wallets. Knowing that people and organizations with bad intentions also use it…
The most famous spyware is undoubtedly Pegasus, which led to one of the biggest espionage cases. Tens of thousands of smartphones have been infected, including those of journalists and human rights defenders. To prevent things from degenerating and becoming out of control, to the point of threatening global security, France, England and the United States hosted a conference on February 6 that brought together around thirty countries. as well as large companies, like Microsoft, Google and Meta. All have, during this initiative called Pall Mall Processsigned a joint statement recognizing the need to take more measures to combat the availability and malicious use of spyware, as reported The Hacker News.
Pall Mall Process: a coalition to better control spyware
Among the signatories of this agreement are Belgium, Australia, Japan, Canada, Germany, Singapore and New Zealand. Israel, home to a number of private sector offensive actors (PSOA) and commercial surveillance solution providers (CSV), such as Candiru, Intellexa (Cytrox), NSO Group – behind Pegasus – and QuaDream , is not on the list of countries that participated in the event. This is also the case for Hungary, Mexico, Spain and Thailand, which have been linked to spyware problems in the past.
Participants highlighted the significant threat that spyware poses to national security and human rights. For them, “uncontrolled diffusion” of cyberespionage tools could lead to “an involuntary escalation in cyberspace“as well as an increase in”potential number of state and non-state actors with access” to spyware. Indeed, spying tools can also be used by mercenary hackers who carry out hacking campaigns on behalf of commercial clients. Spyware makers often claim their products are intended for use by governments for national security, but the technology has been repeatedly found over the past decade to have been used to hack journalists’ phones, activists, lawyers, human rights defenders, dissidents, political opponents and other members of civil society. According to the National Cyber Security Center (NCSC), it is estimated that thousands of people are targeted by spyware campaigns each year.
Also, the agreement commits all signatories to use these tools legally and responsibly, accurately, to strengthen monitoring and to be more transparent with companies that legally market spyware. An action that coincides with the US State Department’s announcement to refuse to issue visas to people it considers to be involved in the misuse of spyware technology.