US Expands Anti-Spyware Alliance with New Governments to Safeguard American Personnel

The Biden administration is pleased to announce that six new countries have joined a US-led agreement aimed at combating phone-hacking spyware. US officials have informed CNN that they are constantly uncovering new instances of American government personnel being targeted by this technology, which is considered a significant national security and counterintelligence concern.

"We are actively and diligently working to discover and verify additional cases," a US National Security Council official informed CNN.

A year ago, the Biden administration reported that 50 US government personnel were suspected or confirmed targets of spyware. According to an NSC official, this number has increased since then, but the exact growth in cases was not disclosed. The official emphasized that the risks to counterintelligence and national security from this technology remain high.

Spyware is a type of malicious software that can infiltrate mobile phones, allowing unauthorized access to turn them into listening devices and gather information from contacts. The market for commercial spyware has seen a significant expansion in the past decade, with companies from various countries, such as Israel and North Macedonia, offering their services to willing government buyers.

A significant aspect of the US strategy to combat spyware is persuading its allies to avoid doing business with spyware companies that may target US diplomats or conduct surveillance on dissidents and journalists within the US.

Two countries, Poland and Ireland, which have been linked to spyware abuse in the past, have recently joined the anti-spyware pact. This development is being highlighted by US officials as a positive indication of the increasing global effort to address the widespread misuse of surveillance technology. The Prime Minister of Poland has stated that the previous government utilized spyware on a significant number of individuals. Additionally, the US Treasury Department recently imposed sanctions on an Ireland-based company for its alleged involvement in the spyware industry.

According to the White House, Finland, Germany, Japan, and South Korea are among the other countries joining the pledge to combat spyware. The announcement will be made this week in Seoul at the Summit for Democracy, an annual gathering of democratic governments around the world.

Last year, eleven countries, including the US and its “Five Eyes” allies, signed onto the pledge. The pledge vows that “any commercial spyware use by our governments is consistent with respect for universal human rights, the rule of law, and civil rights and civil liberties.”

Senior counterintelligence and national security officials raised concerns over two years ago when they found out that many US government personnel were being targeted by commercial spyware. This included twelve State Department employees in Africa whose iPhones were hacked using spyware from NSO Group, an Israeli company, as reported by CNN.

Some governments may be using spyware on US personnel to gather intelligence on their phones or to monitor their citizens meeting with US diplomats, according to a NSC official. The official chose not to disclose the names of the governments involved.

The danger is significant, as some spyware companies have strong ties to foreign governments or are directly controlled by them, the NSC official stated. However, the official did not provide further details.

At least 74 countries have partnered with private companies to purchase commercial spyware, according to the US intelligence agencies' annual threat assessment released this month.

A comprehensive study across the US government has been initiated to assess the threat of spyware to US interests. This includes investigating whether US intelligence and law enforcement agencies are engaging in contracts with spyware firms that other governments are utilizing to spy on US diplomats.

The Biden administration's review found no widespread use of commercial spyware in the federal government, according to a rare interview with an official. However, US officials were concerned about spyware vendors aggressively promoting their hacking tools to different US agencies, as reported by CNN.

For instance, in 2022, the FBI acknowledged purchasing a testing license for NSO Group's Pegasus software. The bureau clarified that they have not utilized Pegasus in any investigations.

Concerned about the lack of transparency regarding the use of commercial spyware by US government agencies, the White House took action last year. An executive order was issued to prohibit agencies from using spyware that poses a national security threat or is involved in human rights violations.

A National Security Council (NSC) official emphasized the importance of not assuming that the use of such tools can be kept secret within a system. The official highlighted the example of the FBI purchasing a trial license for Pegasus, a spyware tool that has reportedly been used by other countries on American diplomats.

The Biden administration has imposed sanctions and visa restrictions on spyware vendors and prohibited US companies from engaging in business with them. However, its ability to curb the thriving spyware market is limited.

According to US officials and researchers monitoring these companies, spyware firms frequently operate under obscure corporate structures to sustain their operations. In an effort to address this issue, White House officials recently held discussions with US venture capital firms to caution them about the potential consequences of their investments contributing to the expansion of spyware.

“We are concerned about capital flowing in — and capital that folks may not realize is actually being used to fuel risks to Americans,” the NSC official said.

Editor's P/S:

The widespread