View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Google calls for tighter regulation of Pegasus and other spyware as EU devices compromised

Tech giant says it is tracking 30 vendors selling spyware and that more could be done to hinder them.

By Claudia Glover

Google’s top security specialist says the US government should impose tighter regulation on spyware such as Pegasus, which can be used to covertly monitor mobile devices. The call came as it was revealed the Pegasus software, produced by Israeli company NSO Group, has likely been used to spy on devices belonging to European Union officials.

Google says the US government should make a further crackdown on spyware. (Photo by zamrznutitonovi/iStock)

Shane Huntley, who heads up the company’s Threat Intelligence Group (TAG) said restrictions placed on NSO Group were a positive step, but told a hearing of the US House Intelligence Committee on Wednesday that a full ban on the procurement of commercial spyware technologies should be introduced in the US, and that the government should consider applying further sanctions to vendors who produce the technology.

NSO Group was placed on the US “entity list” last year, which means US companies are limited from doing business with it on national security grounds.

Spyware is a particularly effective and evasive malware that is capable of hacking into any device, to access its camera and microphone and stored data. Pegasus is the most high-profile example of the technology, with a global investigation last year finding it being used by authoritarian regimes to covertly track political opponents, activists and journalists. It has since been revealed that devices belonging to government officials in the UK, France and Spain are among those that have been targeted by the software.

Huntley said TAG “is actively tracking more than 30 vendors, with varying levels of sophistication and exposure, selling exploits or surveillance capabilities to government-backed actors”. He added: “We have publicly taken action to discover and counter exploits and malware produced by Equus, Cytrox, Candiru and RCS Labs, amongst others.”

Committee chair Adam Schiff added that when it comes to Pegasus “we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of the lesser known but equally potent competitors”.

European Union staff ‘phones compromised by Pegasus’

Meanwhile it emerged this week that phones belonging to prominent EU officials may have been compromised by Pegasus.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

In a letter seen by Reuters, EU Justice Commissioner Didier Reynders says “indicators of compromise” by Pegasus were discovered on his device and phones belonging to European Commission employees. An investigation of the devices was trigged after Apple warned Reynders last year that his phone may have been hit by spyware, according to the letter dated 25 July.

Earlier this year the EU formed a committee to investigate the use of spyware in Europe, and last week it announced that an investigation found that 14 European member states had licensed NSO Group technology.

Addressing a hearing of the committee last month, NSO Group’s general counsel Chaim Gelfand said the company had “made mistakes”, but defended its efforts to ensure the company’s software is not misused, saying: “We’re trying to do the right thing and that’s more than other companies working in the industry.” He added “Every customer we sell to, we do due diligence on in advance in order to assess the rule of law in that country. But working on publicly available information is never going to be enough.”

Read more: Spyware threatens human rights and cybersecurity

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.