Government hacking: How countries surveil their own citizens

Building facade with columns and an eye.

Governments waging cyberattacks against state-level adversaries is a frequent modern-day offensive tactic, but it’s equally common for intelligence and law-enforcement agencies to exploit vulnerabilities in everyday devices and apps to spy on their own citizens.

Government hacking has the potential to be far more intrusive than other forms of hacking, thanks to governments’ access to resources and contacts that a private group, regardless of how sinister, would probably never be able to match.

[Get more privacy tips. Sign up for the ExpressVPN Blog Newsletter.]

Examples of governments hacking their own citizens

There are numerous known examples of governments infiltrating devices and communications of their own citizens. 

It was recently discovered that the FBI had been operating the supposedly encrypted messaging app Anom since 2019, building a master key into its architecture. This allowed the agency to copy the messages exchanged on the platform. More than 800 people were arrested worldwide in connection with drugs and threats to kill people.

In a similar fashion, French and Dutch law enforcement agencies said they had infiltrated Encrochat, a popular provider of encrypted communications services and devices. Their subterfuge allowed the surveillance of over 100 million messages. Coordinated efforts between Belgian, Dutch, and French authorities also brought down Sky ECC, formerly the world’s largest encrypted phone services, by penetrating its network. 

It’s not all about drug runners and other highly illegal activity. In many countries, dissidents and activists of all kinds are frequent targets of their own governments.

For example, sophisticated spyware was found on the phones of prominent Mexican activists, including human rights lawyers, journalists, and civil rights advocates, since at least 2011. The Mexican government purchased nearly 80 million USD worth of spyware tech in a series of transactions spread across three federal agencies. 

The software, known as Pegasus, is able to penetrate smartphones and live undetected on infected devices. It quietly operates in the background, covertly monitoring calls, texts, emails, and calendar entries. The spyware is also able to execute a payload that switches on the microphone and camera at will, recording and relaying information back to a remote server.

Read more: A huge drug bust raises questions about dark web anonymity

I’m a nobody. How does government hacking affect me?

There are two ways government hacking could affect you, even if you’re not in a drug cartel or a dissident. 

The first one is software vulnerabilities that are discovered might go unpatched because of government interests. If you are using this software, the lack of action on the part of the government could put you at risk.

The U.S. government operates within a set of guidelines called the Vulnerabilities Equities Process (VEP). Under the VEP, the government reserves the right to examine each new vulnerability and determine whether or not to disclose it. If the government feels it can exploit this vulnerability for its own strategic purposes, it may very well keep the details private.

In this situation, there’s nothing preventing a different hacker group, one with malicious intentions, from discovering the pre-existing vulnerability too and targeting those it sees fit. While the government may have achieved some of its objectives, it’s definitely possible that ordinary people are affected as collateral damage.

The other way government hacking affects you is simply a matter of principle—the one that says you should enjoy privacy. Your business is yours, even if it’s not incriminating.

Read more: Nothing to hide? Speak for yourself.

Government hacking creates a market for spyware apps

In some cases, a government may choose to contract out the task of infiltrating a device or jailbreaking a system. 

That’s exactly what the FBI did when it tried to crack the iPhone of the San Bernardino shooter. Initial attempts to persuade Apple to build an encryption backdoor were rebuffed. The FBI tried to hack into it with its internal resources, but didn’t meet much success. Eventually, it paid 900,000 USD for a tool from an unnamed third party to break into the phone and examine its contents.

Read more: 8 ways the NSA spies on you

The government’s own hacking tools can be stolen

Cybersecurity breaches at government agencies aren’t unheard of, and when federal agencies start to develop proprietary hacking tools, they run the risk of exposing them to other bad actors. And that’s when public safety takes a big hit.

A mysterious hacker group called the Shadow Brokers stole secrets from the NSA in 2013 after hacking into an external staging server hosted by the agency. Since then, the hackers have publicly released multiple tools developed by the NSA, contributing to the WannaCry ransomware attack, and infecting devices in over 100 countries.

What can I do to stay private?

What can you do to keep your communications private when governments can break into even encrypted services? Not a whole lot! It might be worth looking into Matrix, a chat app said to be used by governments and spies to communicate with each other. But otherwise, messaging apps that are end-to-end encrypted still provide sufficient challenges for hackers of all kinds.

To boost your online security, a VPN is an excellent bet. VPNs provide an encrypted connection to the internet, one that is virtually uncrackable by hackers and other malicious entities. 

Also read: 6 ways to improve your online privacy and security

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.