Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management
4 More EU Nations Join US-Led Initiative to Counter Spyware
Austria, Estonia, Lithuania and the Netherlands Join the Coalition Formed in MarchFour more European Union nations have joined a United States government-led initiative launched in March to tackle spyware misuse globally. The move came amid growing criticism of the European Commission's failure to curb the EU's prolific spyware market.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
Austria, Estonia, Lithuania and the Netherlands are the latest EU nations to join the Biden administration's coalition to prevent the proliferation of spyware, the U.S. Department of State said on Sunday.
Signatory countries are encouraged to take several steps to curb spyware abuses, including affirming their commitments to expansive information-sharing programs on commercial spyware and preventing the export of software and technologies that could be used for malicious cyber activities (see: US Expands Global Coalition on Commercial Spyware Misuse).
With Sunday's announcement, 21 countries have joined the U.S.-led coalition, which also includes Finland, France, Germany, Ireland, Japan, Lithuania, Norway, Poland, Sweden and Switzerland in the EU.
Lawmakers in the EU and the U.S. fear that hacking tied to spyware poses a threat to free speech and privacy, especially in the hands of authoritarian governments that use spyware tools against dissidents and activists.
"It is good news that EU countries are committing to counter the proliferation of spyware by joining international initiatives, including this one led by the U.S.," Gregory Nojeim, a senior counsel at the Center for Democracy and Technology, said about the new coalition members from the EU. "It is crucial that these commitments translate into concrete action at the EU level," Nojeim added.
Although an EU parliamentary committee in 2023 published an extensive report on the spyware abuses in the EU and called on the European Commission to impose measures such as restrictions on spyware exports and imports, the EU regulatory agency has been criticized for its inaction (see: European Commission Failing to Tackle Spyware, Lawmakers Say).
Sophie in 't Veld, a former Dutch member of the European Parliament who acted as rapporteur of an investigation into spyware abuse in the EU, said the inaction largely stems from the EU's lack of "political will" to address the issue despite glaring cases of spyware abuse within the trading block.
"It is very obvious that the national governments in the EU and the commission have zero appetite to fix the issue of spyware," in 't Veld told Information Security Media Group, adding that the EU should adopt more stringent measures akin to U.S. sanctions to tackle commercial spyware abuses in the region.
These include expanded sanctions imposed by the U.S. Treasury last week on five individuals, including the owner of the Intellexa Consortium, a Greece-based spyware firm known for its role in developing, operating and distributing commercial spyware technology. In March, the U.S. Treasury sanctioned five commercial spyware companies, including Intellexa (see: US Announces First-Ever Sanctions Against Commercial Spyware).
In February, the Department of State announced visa restrictions against individuals involved "in the misuse of commercial spyware."
Despite the U.S. sanctions, researchers at Recorded Future uncovered new activities from Intellexa in recent months. Although the government actions resulted in a "noticeable reduction" in Intellexa's activities for a brief period, the operators of the company responded by fortifying their infrastructure and adding new layers of complexity to evade detection, paving the way for a resurgence, Recorded Future said.