Britain sounds alarm on spyware, mercenary hacking market

British officials are sounding the alarm over the widespread abuse of surveillance software and hackers-for-hire, saying that thousands of people were being targeted each year by an industry they described as posing an increasingly unpredictable threat.

Britain's National Cybersecurity Centre (NCSC), part of its GCHQ eavesdropping spy agency, said in a report published on Wednesday that the mercenary hacking market was offering products that were on par with government hacking groups.

"There is another new front opening, as we see more and more adversaries able to buy and sell sophisticated cyber tools and spyware like Pegasus," senior British minister Oliver Dowden told an NCSC conference in Belfast on Wednesday, referring to spyware made by Israel's NSO Group.

"These are the types of tools that we used to only see in a handful of powerful state actors, and which can cause serious damage," Dowden added.

Western officials have long warned of cyber threats from rival powers such as Russia or China, but the proliferation of hack-for-hire firms is attracting growing concern.

On Tuesday, Canadian internet watchdog group Citizen Lab published a report which said that NSO had been caught using newly-discovered hacking tools to break into iPhones belonging to Mexican human rights defenders in 2022.

Last year Google exposed a number of such firms, including the Indian company BellTroX, which Reuters revealed was trying to swing lawsuits on behalf of private investigators.

At least some in the spyware industry see regulation coming down the pipe and are taking steps to try to shape it.

In a letter sent last week to the American Bar Association, NSO General Counsel Shmuel Sunray lobbied against a proposed ABA resolution calling for a moratorium on the purchase, sale or use of commercial spyware, arguing that companies with an "established human rights compliance program" should be exempted from any such ban.

NSO has long touted its human rights policy despite repeated allegations that its software has been used abusively, including to spy on victims of human rights violations.

NSO did not immediately return an email seeking comment on the Citizen Lab report or its communications with the American Bar Association.