Threat Intel Solutions

 [Arielle Waldman](/author/arielle-waldman), Features WriterApril 11, 2025 4 Min Read  Source: Nico El Nino via Alamy Stock Photo [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall)[](https://www.reddit.com/submit?url=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall&title=Pall%20Mall%20Process%20Progresses%20but%20Leads%20to%20More%20Questions)[](mailto:?subject=Pall Mall Process Progresses but Leads to More Questions&body=I%20thought%20the%20following%20from%20Dark%20Reading%20might%20interest%20you.%0D%0A%0D%0A%20Pall%20Mall%20Process%20Progresses%20but%20Leads%20to%20More%20Questions%0D%0Ahttps%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fpall-mall) Earlier this month, 21 governments signed the voluntary Pall Mall Process accord to address the proliferation of commercial spyware, marking the latest effort to disrupt the use of and impose stricter regulations for commercial spyware. But it is still too soon to know what the pact’s effects will be.France and the UK hosted the second conference for the [international initiative](https://www.darkreading.com/endpoint-security/world-govs-sign-spyware-responsibility-pledge), which launched in February. Nations signed the Code of Practice for States, which outlines policy commitments and recommendations around four principal pillars: accountability, accuracy, oversight, and transparency Commercial spyware abuse is an ongoing threat. Governments have expanded use of commercial spyware beyond criminals and terrorists to target human rights activists, journalists, and other political figures. As an example, NSO Group’s Pegasus spyware was linked to the 2018 assassination of Saudi journalist Jamal Khashoggi, allegedly by the Saudi government. Vendors also contribute to the problem by claiming ignorance, and some [constantly adapt tactics](https://www.techtarget.com/searchsecurity/news/366568215/Citizen-Lab-details-ongoing-battle-against-spyware-vendors) to allow the proliferation of spyware use. Enforcement Concerns——————–The Pall Mall Process represents a dialogue and commitment among countries to disrupt the commercial cyber-intrusion capabilities (CCICs) market, but that means enforcement is nonbinding and dependent on the participants.Related:[Organizations Lack Incident Response Plans, but Answers Are on the Way](/cyberattacks-data-breaches/shortcomings-improvements-incident-response-plans)Although the initiative is entirely voluntary, it does help define the issue and get countries on the same page about best practices. For example, the lawful use of commercial spyware must be heavily vetted before approved and licensure is monitored, says Dispersive vice president Lawrence Pingree. ‘Unfortunately, without more teeth -[i.e., some actual law or mandate-], it’s mostly just great guidance,’ Pingree says.The global initiative seeks to create a framework, but it’s not complete, says Evan Dornbush, former network operator for the NSA, who’s attending and participating in the Pall Mall Process.’The challenge here is that CCICs — a term that encompasses spyware — though legal to create and legal to sell may require certain authorizations to use that have never been standardized,’ Dornbush says. ‘For example, what happens if a government acts illegally? What happens if a government user loses technology and ends up causing damage to a government’s citizens?’ Questions Remain—————-Another implementation concern is that the Pall Mall Process is not backed by those conducting spyware, cyber espionage, cybercrime, or other similar activities. Additionally, the commercial perpetrators are often located in countries beyond international law or regulatory enforcement, says Tony Anscombe, chief security evangelist at ESET.Related:[How Economic Headwinds Influence the Ransomware Ecosystem](/cyberattacks-data-breaches/how-economic-headwinds-influence-ransomware-ecosystem)’When 21 countries group together and agree to a set of principles that may affect those conducting such activities, you likely only have one side in the room,’ Anscombe says. ‘For instance, it’s like marriage counseling with only one party taking part.’The next phase of the process will refine the Code of Practice — and potentially other countries will sign up — but many questions remain. For example, how can a vendor be aware of what its customers are doing with the spyware? Additionally, laws among countries differ, which makes it difficult to universally define responsible behavior.’The next phase will address industry criteria, which may shape up to create parallel and bifurcated markets,’ Dornbush says. ‘If any industry player adheres to the criteria, it can sell to Pall Mall Process nations. If it does not, it cannot. Businesses will have to determine how valuable the Pall Mall Process market is.’ Though the US was involved in the process, it did not join the other nations in signing on April 3 and 4. But that could change, according to the State Department, which says the US intends to join the call to support the Pall Mall Process Code of Practice.Related:[Cybercrime Forces Local Law Enforcement to Shift Focus](/cyberattacks-data-breaches/cybercrime-forces-local-law-enforcement-to-shift-focus)Zero-Day Hunt————-Last year, Google’s Threat Analysis Group published a report that highlighted commercial surveillance vendors (CSVs) role in zero-day exploitation. Google [attributed half of the known zero-day exploits](https://www.techtarget.com/searchsecurity/news/366569061/Google-Spyware-vendors-are-driving-zero-day-exploitation) used against its products to CSVs. Subsequently, the vendor called for more government action.’The goals of the Pall Mall Process is to align with our efforts to thwart spyware vendors in order to protect online users,’ a Google spokesperson says. ‘Its focus on transparency is key to exposing the operations of these actors, holding them accountable and limiting their use of tools that are often used to target high-risk users, like political dissidents, human rights activists, journalists, and academics.’Vulnerability researchers who find or develop and then sell zero-day exploits also comprise part of the market. However, those researchers have a predictable seven-year work cycle before success starts to taper. This could present problems regarding spyware’s legal use.The overall number of individuals capable of discovering these hard-to-find vulnerabilities has been consistent. Researchers are ramping in, while other researchers are ramping out at the same time, says Katie Moussouris, founder and CEO of Luta Security, who has been involved in drafting and spoke at Pall Mall Process events.’It’s always going to be this game of having to find individuals who are somewhere in that seven-year period of being at the top of their game, and you’re constantly going to find new individuals who have these talents and are capable of finding these things,’ Moussouris says. ‘In terms of using this software, in the legal sense, it’s used against terrorists. It’s used against people who traffic human beings. There are good uses. We should all actually be concerned about the fact that there’s a limited supply of humans who can provide this.’ [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall)[](https://www.reddit.com/submit?url=https://www.darkreading.com/cyberattacks-data-breaches/pall-mall&title=Pall%20Mall%20Process%20Progresses%20but%20Leads%20to%20More%20Questions)[](mailto:?subject=Pall Mall Process Progresses but Leads to More Questions&body=I%20thought%20the%20following%20from%20Dark%20Reading%20might%20interest%20you.%0D%0A%0D%0A%20Pall%20Mall%20Process%20Progresses%20but%20Leads%20to%20More%20Questions%0D%0Ahttps%3A%2F%2Fwww.darkreading.com%2Fcyberattacks-data-breaches%2Fpall-mall) About the Author—————- [Arielle Waldman](/author/arielle-waldman) Features Writer , Dark Reading Arielle Waldman is a Boston-based features writer for Dark Reading covering all things cybersecurity. [See more from Arielle Waldman](/author/arielle-waldman) Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. [Subscribe](https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi) More Insights Webinars* [My Server is Secure. Why Should I Bother about my Mobile App?](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_guas12&ch=SBX&cid=_upcoming_webinars_8.500001539&_mc=_upcoming_webinars_8.500001539)Apr 15, 2025* [VPNs, RMMs, and Beyond: How Are Attackers Adapting?](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_goog82&ch=SBX&cid=_upcoming_webinars_8.500001544&_mc=_upcoming_webinars_8.500001544)Apr 16, 2025* [Identifying Third-Party Risk Using Threat Intelligence](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_bits16&ch=SBX&cid=_upcoming_webinars_8.500001538&_mc=_upcoming_webinars_8.500001538)Apr 17, 2025* [Top 5 Most Dangerous Security Vulnerabilities](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_okta39&ch=SBX&cid=_upcoming_webinars_8.500001537&_mc=_upcoming_webinars_8.500001537)Apr 22, 2025* [Find and Fix Application Vulnerabilities… At Cyber Speed](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7896&ch=SBX&cid=_upcoming_webinars_8.500001549&_mc=_upcoming_webinars_8.500001549)Apr 23, 2025[More Webinars](/resources?types=Webinar) Events* [-[Conference-] Black Hat USA – August 2-7 – Learn More](https://www.blackhat.com/us-25/?_mc=we_bhas25_drcuration&cid=_session_16.500330)Aug 2, 2025[More Events](/events)You May Also Like*** ** * ** ***[Cyberattacks -& Data BreachesSalt Typhoon: A Wake-up Call for Critical Infrastructure](https://www.darkreading.com/cyberattacks-data-breaches/salt-typhoon-wake-up-call-critical-infrastructure) [Cyberattacks -& Data BreachesChina-Backed Hackers Backdoor US Carrier-Grade Juniper Routers](https://www.darkreading.com/cyberattacks-data-breaches/china-hackers-backdoor-carrier-grade-juniper-mx-routers) [Cyberattacks -& Data BreachesAPT ‘Blind Eagle’ Targets Colombian Government](https://www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government) [Cyberattacks -& Data BreachesNorth Korea’s Lazarus Pulls Off Biggest Crypto Heist in History](https://www.darkreading.com/cyberattacks-data-breaches/north-korea-lazarus-crypto-heist)

Related Tags:
NAICS: 923 – Administration Of Human Resource Programs

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

NAICS: 51 – Information

NAICS: 928 – National Security And International Affairs

APT-C-36

Blind Eagle

Associated Indicators: