Federal officials are increasingly being targeted by commercial spyware, raising alarm for lawmakers

Commercial spyware is being used to target US officials overseas in what has become an increasingly dangerous landscape for device cybersecurity.

Jim Hines, a Democratic representative from Connecticut, confirmed to Bloomberg News in December that he had received a letter from the State and Commerce Departments the previous month, informing him of the ongoing threat.

The letter came in response to a September letter coauthored by Himes that asked the federal government to take action against commercial spyware.

“Spyware technology has sort of moved beyond our ability to ensure that the communications of our diplomats are protected, or even the locations and contacts and photographs of our diplomats are protected,” Himes told Bloomberg. “And that’s obviously a huge vulnerability.”

Biden administration officials wrote in the letter to Himes, according to the Washington Post, that the White House is weighing executive action against spyware providers, though they are running up against some roadblocks as certain elements of the federal government are turning to commercial spyware themselves. The order would “prohibit US Government operational use of commercial spyware that poses counterintelligence or security risks to the United States or risks of being used improperly,” the officials wrote.

“Right now, the companies that are most well-known in public are the ones that have taken steps that would be contrary to these parts of the executive order,” the officials wrote.

Bellerophon soars. Attacking phones is a particularly effective tactic on the part of adversaries at the state level. The amount of personal information stored on the devices makes them juicy targets. That’s where groups like Israeli spyware firm NSO Group, creator of the infamous and dangerous Pegasus spyware, come in—providing software that makes hacking a commercial enterprise.

As IT Brew reported last year, the spyware targets the phones of journalists and dissidents.

“Today, as we’ve all moved our worlds onto our phones, one of the biggest and most hard-to-defend-against threats against high-risk people of any sort are threats around mobile phone security and mobile malware,” John Scott-Railton, Citizen Lab senior researcher, told IT Brew in October.

NSO Group is currently being sued for Pegasus by reporters from El Salvador paper El Faro and others who claim the firm’s technology violates federal anti-hacking statutes. Carrie DeCell, an attorney at the Columbia University Knight First Amendment Institute, which is representing the plaintiffs, told the Washington Post that the suit is going forward in large part to expose the actors behind the spying.

“We do view the use of spyware against members of the press in particular as one of the biggest threats to democracy and independent press freedom today,” DeCell said.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].