During the keynote at the SANS Cyber Threat Intelligence Summit on Monday, Citizen Lab senior researcher Bill Marczak discussed the ongoing challenges in the fight against spyware proliferation. Marczak highlighted the relentless efforts of spyware vendors to adapt their technologies and practices, hindering the progress made by organizations like Citizen Lab in combating the abuse of such surveillance tools.
Citizen Lab, based at the University of Toronto’s Munk School, has become a leading authority in the field of commercial spyware and surveillance technology for mobile devices. Marczak emphasized that defending against the threat posed by such spyware, often employed by governments to target human rights activists and journalists, is increasingly challenging and necessitates government regulations.
One of the main obstacles faced by Citizen Lab is the constant evolution of spyware technologies, with vendors adapting and changing tactics to continue the use of spyware. Marczak cited the example of NSO Group, a significant player in the spyware market, which developed the infamous Pegasus spyware used against U.K. government officials in 2022. He explained that the continuous support and updates provided by vendors are essential for the proliferation of spyware capabilities among governments, even those with limited technical expertise.
The misuse of commercial spyware for political purposes was another focal point in Marczak’s address. He highlighted the significant case of abuse in 2018 when NSO Group’s Pegasus was linked to the murder of Saudi journalist Jamal Khashoggi. While the lawsuit filed in connection with Khashoggi’s murder was later dismissed, a forensic investigation revealed infections of Pegasus on the mobile phones of Khashoggi’s associates. Marczak reiterated the importance of continuous support and maintenance provided by spyware vendors, creating a network of companies enabling the abuse of spyware technology.
Citizen Lab’s investigations often involve tracking spyware through IP address scans and fingerprinting. Marczak shared the challenges faced in these efforts, including instances where spyware vendors changed their servers to return blank responses, making it more difficult to track their activities. He also highlighted the role of mobile forensics in researching spyware threats, emphasizing the need for careful analysis due to the evolving tactics of spyware vendors and device manufacturers.
While mobile technology companies have made progress in mitigating the spyware threat, Marczak stressed the importance of developing enduring tactics through policy and regulation. He cited recent government actions, such as the U.S. ban on the purchase and use of NSO products, as encouraging steps in the fight against spyware proliferation. However, he cautioned that these efforts are not guaranteed and underscored the need for more enduring tactics to combat the abuse of spyware technology.
In conclusion, Marczak’s keynote shed light on the ongoing challenges faced by organizations like Citizen Lab in combating the proliferation and abuse of commercial spyware. While progress has been made, the continuous adaptation of spyware technologies and practices by vendors poses a significant obstacle, emphasizing the need for enduring policy and regulatory measures to address the spyware threat.