People who can't seem to do anything are taking their talents to the fight against digital threats. On Wednesday, the House Intelligence Committee held a public hearing to discuss the threat of cyber espionage. Lawmakers were told by experts and victims that blacklisting abusive spyware makers would bankrupt them. Digital forensics researchers told Congress that federal agencies should not do business with problem companies. Obtaining federal contracts is the ultimate prize for any defense contractor. It would have an impact if this opportunity was removed. Companies like the NSO Group have made a killing by selling tools that can be used to spy on people. Evidence shows that these companies are actually using their products to snoop on journalists, lawyers, political activists, and high-level politicians. NSO is the most well known company in the industry, but it is not the only one. It's broke as well. The number of new victims is increasing. A senior member of the European Union and several high-ranking staff of the European Parliament may have been targeted with sophisticated spyware last year. The hearing happened on Wednesday. The most compelling part of Wednesday's hearing was testimony provided by Carine Kanimba, an activist who discovered last summer that her phone had been contaminated with a type of malicious software. The story of Paul Rusesabagina, the former manager of Htel des Mille Collines, was adapted into a movie. Rusesabagina and his wife adopted Kanimba and her sister after their parents were killed in the genocide and Rusesabagina has been an outspoken critic of the government ever since. Rusesabagina was sentenced to 25 years in prison for his alleged connections to a terrorist group after he was kidnapped in the summer of 2020.“Terrifying:” NSO Spyware Victim Shares Details
When Kanimba launched a campaign to free her father, she was unaware that she was being watched by the NSO Group, which can track nearly every move someone makes on a phone and in the real world. Last summer, a digital forensics investigation showed that Kanimba's phone had been compromised for over a year. Kanimba said that her experience with being tracked had been frightening and that she had lost her sense of security. She kept going.
“I am frightened by what the Rwandan government will do to me and my family next. It is horrifying to me that they knew everything I was doing, precisely where I was, who I was speaking with, my private thoughts and actions, at any moment they desired.”
Unless there are consequences for countries that abuse this technology, no one will be safe.
Experts called to testify before Congress made a number of suggestions about how to address the threat. John Scott-Railton, a researcher with the University of Toronto's Citizen Lab, provided most of the possible solutions. According to Railton, the best way to curb bad behavior is to go after the financial backers of the firms.
If NSO Group goes bankrupt, there will be other companies that will try to fill the gap. The U.S. financial sector is poised to set fire to our collective cybersecurity and privacy if it sees the mercenary spyware industry as a growth market.
The NSO Group has been struggling since it was blacklisted by the U.S. government because of its ties to abusive clients. The company was placed on the EAR Entity List in November of last year. U.S. companies are not allowed to provide services to the blacklisted company if they don't have a license. The decision to shut out NSO has resulted in serious financial trouble for both businesses.
It is not clear if Congress will act on Scott-Railton's suggestions or what legislation to protect against the most toxic offenders will look like.