By James Pearson and Raphael Satter
BELFAST/WASHINGTON (Reuters) – British officials are sounding the alarm over the widespread abuse of surveillance software and hackers-for-hire, saying that thousands of people were being targeted each year by an industry they described as posing an increasingly unpredictable threat.
Britain’s National Cybersecurity Centre (NCSC), part of its GCHQ eavesdropping spy agency, said in a report published on Wednesday that the mercenary hacking market was offering products that were on par with government hacking groups.
“There is another new front opening, as we see more and more adversaries able to buy and sell sophisticated cyber tools and spyware like Pegasus,” senior British minister Oliver Dowden told an NCSC conference in Belfast on Wednesday, referring to spyware made by Israel’s NSO Group.
“These are the types of tools that we used to only see in a handful of powerful state actors, and which can cause serious damage,” Dowden added.
In a statement, NSO repeated its longstanding assertion that its technology was used “for the sole purpose of fighting crime and terror”.
Reuters has previously documented how the company’s software was used to target the phones of American diplomats and European Union officials.
Journalists and researchers have catalogued a string of other alleged abuses. On Tuesday, Canadian internet watchdog group Citizen Lab published a report which said that NSO had been caught using newly discovered hacking tools to break into iPhones belonging to Mexican human rights defenders in 2022.
The NCSC also warned about hackers-for-hire, mercenary spies whose activities it said “raise the likelihood of unpredictable targeting or unintentional escalation”.
The report comes as some in the surveillance industry see regulation coming down the pipe and are taking steps to try to shape it.
In a letter sent last week to the American Bar Association, NSO General Counsel Shmuel Sunray lobbied against a proposed ABA resolution calling for a moratorium on the purchase, sale or use of commercial spyware, arguing that companies with an “established human rights compliance programme” – which NSO says it has – should be exempted from any such ban.
The ABA declined comment.