In today’s digital age, civil society is facing a serious threat in the form of invasive malware and surveillance technology that has the potential to cause irreparable harm.
These malicious tools can infiltrate systems and compromise sensitive information, posing a grave risk to privacy, security, and freedom.
The widespread use of such technologies poses a significant challenge to individuals, organizations, and governments worldwide as they struggle to keep pace with the evolving threat landscape and protect themselves from cyber-attacks.
These systems have been used, among other things, to suppress human rights defenders and media workers, but such cases are only the tip of an iceberg that still goes largely unseen.
That’s because investigating these digital weapons remains very hard technically.
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
- Real-time Detection
- Interactive Malware Analysis
- Easy to Learn by New Security Team members
- Get detailed reports with maximum data
- Set Up Virtual Machine in Linux & all Windows OS Versions
- Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
Also, there is so much secrecy about who buys them from whom, which makes perfect sense when you consider what they are designed for.
Security analysts at Amnesty International recently criticized the lack of openness in this area, as they urged that it stops communities from understanding just how many abuses against their rights might be happening with help from these kinds of tools.
Besides this, they also discovered that Indonesia has been emerging as a hub for highly invasive spyware.
Indonesia As an Emerging Hub
This investigation has uncovered a hidden ecosystem of suppliers, middlemen, and resellers that sold and deployed highly intrusive spyware and surveillance technology in Indonesia from 2017 to 2023.
The said supplies were sourced from firms such as:-
- Q Cyber Technologies
- Intellexa
- Saito Tech
- FinFisher
- Raedarius
- Wintego Systems
Among the proofs provided are imports made by state institutions, malicious domains that imitate opposition groups or media platforms, and intermediaries that use nominee company owners to hide the actual supply chains.
Identifying individual targets is impossible due to the secrecy surrounding spyware.
However, this study shows how dual-use exports threatening civil society with severe human rights abuses are not controlled.
To counter illegal surveillance activities within Indonesia’s shrinking civil space, it is important that transparency must be increased while accountability is promoted around trade related to these systems, which monitor citizens unlawfully.
If transparency is to be established in the global surveillance market, significant jurisdictional obstacles need to be overcome.
Amnesty International sought to investigate the spyware ecosystem in Indonesia by analyzing commercial trade data that revealed descriptions of suspicious shipments.
They then cross-referenced this information with leaked product brochures and archived reseller sites, as well as building on previous research that tracked where these tools were being deployed.
Surveillance technologies like invasive spyware that cannot be audited for human rights compliance pose severe risks to freedoms of assembly, expression, and privacy.
Indonesia lacks adequate legal safeguards regulating spyware deployment, enabling potential abuse by authorities against civil society.
Highly invasive commercial spyware granting unlimited device access violates privacy so severely it is incompatible with human rights standards, according to experts.
Amnesty International urges banning such tools and imposing a moratorium on the exportation of surveillance tech until a robust human rights-protecting regulatory framework exists globally.
Recommendations
Here below we have mentioned all the recommendations:-
- Cease production, sale, and export of invasive spyware without safeguards.
- Conduct human rights due diligence across the value chain.
- Cease activities causing human rights impacts, and terminate use in high-risk states.
- Provide remediation to victims of unlawful surveillance.
- Ensure transparency on surveillance technology transfers.
- Ban the sale of highly invasive, unauditable spyware.
- Investigate licenses, unlawful targeting, and offer remedy.
- Enforce export controls on dual-use surveillance tech.
- Implement human rights regulatory framework for surveillance.
- Enact legislation with safeguards against abuses.
- Require human rights due diligence by companies.
- Ensure robust EU export control implementation.
- Transpose the Corporate Sustainability Directive robustly.
- Investigate spyware purchases and potential abuses.
- Refrain from purchasing uncontrolled spyware.
- Ban highly invasive, unauditable spyware.
- Enact surveillance law with safeguards, oversight, and remedy.
- Moratorium on spyware until the framework is implemented.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide