

In addition to top-level commercial spyware vendors like NSO Group and Cytrox, there is a burgeoning secondary tier of suppliers composed of boutique spyware firms, hacker-by-night operations, exploit brokers, and similar groups.Israel is the leading exporter of spyware and digital forensics tools documented in the global inventory: fifty-six out of seventy-four governments have procured commercial spyware and digital forensics technologies from firms that are either based in or connected to Israel, such as NSO Group, Cellebrite, Cytrox, and Candiru.Autocratic regimes are much likelier to purchase commercial spyware or digital forensics than democracies: forty-four regimes classified as closed autocracies or electoral autocracies procured targeted surveillance technologies between 20, contrasted with thirty electoral democracies or liberal democracies.Between 20, at least seventy-four governments contracted with commercial firms to obtain spyware or digital forensics technology, according to data collected by Carnegie’s global inventory of commercial spyware and digital forensics ( ).It highlights several factors driving the industry, including elevated demand for intrusion technology from government clients and private customers, as well as inconsistent political will from democratic governments to crack down on these technologies.

This paper explores the resilience of the commercial spyware market and offers ideas about how to limit the spread of invasive cyber surveillance tools. The global spyware and digital forensics industry continues to grow despite public backlash following an array of surveillance scandals, many linked to NSO Group’s Pegasus program.
