More than half of the world’s governments now have access to commercial spyware capable of infiltrating computers and phones to extract sensitive data, as reported by U.K. intelligence.
The U.K. National Cyber Security Centre is expected to present its findings, indicating that the threshold to obtain this type of surveillance technology has decreased. This ease of access potentially exposes U.K. citizens, companies, and essential infrastructure to foreign governments and hackers using spyware.
The number of countries with such hacking tools has risen to 100, compared to the 80 reported by U.K. intelligence in 2023.
Commercial spyware, such as NSO Group’s Pegasus and Paragon’s Graphite, is often developed by private companies. They take advantage of security weaknesses in phone and computer software to breach devices and capture the data inside. Despite claims by governments that spyware is only used for top criminal and terror suspects, security experts and human rights advocates have consistently warned that it is misused to target dissenters and political opponents, including journalists.
U.K. intelligence reports an expansion in victimology, now including bankers and affluent business figures.
Richard Horne, head of the U.K. National Cyber Security Centre, mentioned at the CYBERUK conference in Glasgow that British companies are “failing to grasp the reality of today’s world,” according to a prepared speech obtained by TechCrunch.
Horne noted that the majority of significant cyberattacks against the U.K. stem from foreign adversarial states rather than criminal gangs.
The U.K., along with several other nations, continues to face China-linked breaches aimed at stealing sensitive information, surveilling prominent individuals, and laying the groundwork for possible disruptive attacks to impede a Western military response in anticipation of a potential Chinese invasion of Taiwan.
The U.K. spyware threat not only comes from governments but also from cybercriminals with access to these tools. Earlier this year, a hacking toolkit known as DarkSword, which included multiple exploits for modern iPhones and iPads, was leaked online. These tools enabled anyone to create websites that could compromise Apple users who hadn’t updated to the latest mobile software.
The release of these hacking tools demonstrated, once again, that even tightly controlled hacking tools developed by and for governments can leak and spiral out of control, endangering millions of people with malicious cyberattacks.