GCHQ headquarters
An aerial view of Government Communications Headquarters in Cheltenham. IMAGE: U.K. Ministry of Defence

More than 80 countries have purchased spyware, British cyber agency warns

More than 80 countries have purchased spyware over the past decade, Britain’s cyber agency revealed in an intelligence assessment released Wednesday.

The GCHQ’s National Cyber Security Centre warned that the proliferation of these commercial hacking tools and services was increasingly lowering the barrier-to-entry for state and non-state actors in cyberspace.

The assessment, published during the CyberUK conference in Belfast, was based on a fusion of “classified intelligence, industry knowledge, academic material and open source” information.

While some of the countries have purchased these tools for legitimate law enforcement purposes, others have used them “to target journalists, human rights activists, political dissidents and opponents and foreign government officials.”

Earlier on Wednesday, senior British minister Oliver Dowden singled out the Pegasus spyware developed by NSO Group as an example of the threats facing Britain.

Dowden also warned that state-aligned but not state-controlled actors in Russia were complicating the ways that Britain could respond to cyber threats.

The National Cyber Security Centre (NCSC), a part of GCHQ, said that “spyware, hackers for hire and access to other cyber capabilities are expected to be in growing demand globally.”

At the same time, the agency noted that its policy priority was “tackling commercial cyber proliferation and ensuring all cyber capabilities are developed, sold and used in a way that is legal, responsible and proportionate.”

Jonathon Ellison, the director of resilience and future tech at NCSC, said: “Our new assessment highlights that the threat will not only become greater but also less predictable as more hackers for hire are tasked with going after a wider range of targets, and off-the-shelf products and exploits lower the barrier to entry for all.

“To maintain safety in cyberspace it is crucial these capabilities are managed with a responsible, proportionate and legally sound approach, and working with international partners, the UK is determined to address this rising challenge,” Ellison added.

The assessment found that the growing marketplace for hackers-for-hire and spyware “increases the risk of unpredictable targeting or unintentional escalation.”

It warned that any oversight of the sector will “almost certainly lack international consensus, be difficult to enforce, and subject to political and commercial influence.”

The need to tackle the threat posed by commercial spyware was stressed in March in a joint statement issued by the governments of Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the UK and the U.S.

That followed President Joe Biden signing an executive order banning federal agencies from using commercial spyware that could pose security risks to the U.S. or has already been misused by foreign actors.

The executive order, which had been in development for months, seeks to address a growing number of incidents of spyware abuse abroad as well as reports of it being used improperly to target U.S. officials, government systems and ordinary citizens.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.