The US is now the largest investor in commercial spyware

https://arstechnica.com/security/2025/09/the-us-is-now-the-largest-investor-in-commercial-spyware/

89•furcyd•1h ago

Comments

RianAtheer•1h ago

Wow, didn’t know the U.S. is now the top investor in commercial spyware clearly a big push for cyber defense and global intelligence edge. Essentially, it’s about maintaining an edge in cyber operations and national security. The U.S likely sees commercial spyware not just as a tool for spying, but as a strategic investment to keep up with global cyber threats.

OutOfHere•55m ago

US and Israel are the the global cyber threat.

SilverElfin•49m ago

What about China? Salt typhoon was just one among many actual attacks, not just threats, connected back to the Chinese state.

OutOfHere•48m ago

Yes, but with rare exceptions, China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China. Meanwhile, the US and Israel are well known to target individuals both domestically and around the world irrespective of their affiliation.

ImJamal•36m ago

They have the power to arrest people in China. Any Chinese outside of China could have their family still in China arrested.

SilverElfin•33m ago

What is power? Like legally? China definitely has international policing outposts that are meant to cast their power outside their borders.

https://www.nytimes.com/2023/01/12/world/europe/china-outpos...

hirvi74•14m ago

> China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China.

I am not certain that is necessarily true. At least, not if one is originally from China.

https://www.publicsafety.gc.ca/cnt/trnsprnc/brfng-mtrls/prlm...

lmz•6m ago

Telling someone their family is going to get it if they keep doing what they do is quite some distance away from... straight up bombing them.

soperj•47m ago

What attacks from the US have you heard of?

autoexec•24m ago

Does microsoft windows count?

Honestly, I imagine that other nations should be very concerned about the small number of US based companies creating all the CPUs which could easily be backdoored. Same for the blackbox wireless chipsets our phones depend on too.

That and so many of the companies that people depend on are in the US (Google, Amazon, social media, Apple, MS, etc) since you have to think that the US government is collecting massive amounts of data from those places.

linkregister•53m ago

Investment in these firms does not equate to improved national security. Existing US government programs exceed the capabilities of these firms. A purpose for contracting with these firms is to evade the significant legal oversight present in the NSA, CIA, and FBI computer network exploitation programs.

esalman•1h ago

The former number one, and current number two, is anyone's guess.

My home country does not have formal diplomatic ties with them, yet we purchased and deployed surveillance tech from this country.

We live in a truly dystopian nightmare.

hparadiz•1h ago

Aka enterprise security solutions

OutOfHere•47m ago

Hacking personal devices goes way beyond enterprise security. It is cybercriminal behavior.

tptacek•31m ago

Enterprises are generally not customers of serious CNE vendors.

evanjrowley•20m ago

This is a big step beyond just enterprise EDR/MDM

OutOfHere•56m ago

I see multiple ex-employers listed at https://staging--atlantic-council-spyware.netlify.app/ | https://mythicalbeasts.dfrlab.org/. I strongly advise avoiding all prospective employers that use these services as they're practically guaranteed to hack your phone.

Report: https://www.atlanticcouncil.org/in-depth-research-reports/re...

Dataset: https://github.com/ac-csi/mythical-beasts

Group_B•40m ago

Gotta love the good old US of A. I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still. An amazing world we live in.

kubb•38m ago

At least you have freedom… in some sense.

generalizations•35m ago

I suspect that in the very near future, the latter will dramatically decrease and the former dramatically increase. I wonder how that tradeoff will be perceived.

falcor84•30m ago

What do you mean? What would lead to government surveillance decreasing?

wil421•23m ago

No he means crime will dramatically decrease and surveillance will increase. I’d be inclined to agree.

jrochkind1•20m ago

Don't worry, the crime wont' actually decrease either.

hansvm•20m ago

Maybe. If we use our powers too capriciously then they'll deter behaviors other than criminal behaviors. Like that boat of alleged drug traffickers we recently blew up -- that looks more likely to discourage boating within 1000 miles of the US than any particular crime.

mrtesthah•27m ago

The problem is that when laws no longer apply to certain individuals in our government, we no longer have rule of law at all, because a law is inherently universal. The US is rotting from the head.

roughly•27m ago

> I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still.

One might be tempted towards the conclusion that dystopian surveillance doesn't materially impact crime rates and that if we want to solve the latter, we need a different solution than the former.

bamboozled•38m ago

“Freedomware”

tptacek•31m ago

This data set is missing even several pretty well-known CNE vendors.

The bigger question is: why would you expect the US not to be the largest investor? CNE vendors are tech companies. The US is the largest investor in tech companies.

howmayiannoyyou•4m ago

Good. I want my tax dollars allocated to penetrating every and any system my country's adversaries may use to undermine our interests or threaten our people. And, I want maximum penalties, civil and criminal, for any person or company who misuses these systems for personal or political gain. Also, I'd like to see mandatory statutory civil damages for any vendor creating and/or selling/providing these systems who does so in a negligent or malicious manner, same as we provide for other high risk products and services.

Nvidia Is a National Security Risk

New video at UFO hearing appears to show missile striking and bouncing off orb

Every Keystroke You Make: A Tech-Law Measurement and Analysis of Event Listeners

NASA bars Chinese citizens from its facilities, networks

Over the last two years, the sea level has dropped by 3 mm

Candidozyma Auris

Walmart's bet on AI depends on getting employees to use it

Reality Is Ruining the Humanoid Robot Hype

Show HN: Historian – bridge from InfluxDB 1.x/2.x to 3.0 with Parquet and DuckDB

The Evil Genius Who Invented Propaganda

MotoE, electric bike world championship, going on hiatus due to lack of interest

Where does your glass come from?

Racial/institutional biases in accessing paywalled articles and scientific data

Show HN: Which Airbnb did your friends stay in?

David Foster Wallace on 9/11, as Seen from the Midwest

The Murder of Charlie Kirk Didn't Help Anyone

A deep dive into Cellebrite: Android support as of February 2025

Nano-switch achieves first directed, gated flow of excitons

Apple 40W Dynamic Power Adapter with 60W Max

Happiest Countries in the World for 2025, According to a New Report

Form16x — Parse tax PDFs into JSON with regime comparison and optimization

Orange rivers signal toxic shift in Arctic wilderness

Refrag: Rethinking RAG Based Decoding

Show HN: Uniprof – Universal CPU profiler for humans and AI agents

The British War on Slavery

A therapist's colophon on a WebGL renderer and privacy-first analytics

Windows KASLR Bypass – CVE-2025-53136

Is there clear proof of AI in Trump's video statement?

When and How to Trust the Experts

CelebArt