More than 14,500 individuals across 128 countries were alleged buyers in a single spyware operation that the Australian Federal Police traced in 2022 — a startling number that captures how surveillance tools once reserved for states have flooded the consumer market.
From zero-click exploits to microphone activation: what commercial spyware does
The software labelled in the source material as "spyware" is designed to collect data from a device without the user's knowledge and to send that data to an unauthorised party. Infection methods run the gamut from deceptive links to zero‑click attacks, which can compromise a device without any user interaction. Once installed, highly invasive variants permit unrestricted access: tracking a victim’s location; obtaining conversations, including on end‑to‑end encrypted apps; reading emails; and activating a device’s microphone to eavesdrop on nearby speech. The source notes capabilities once reserved for intelligence services have been commercialised and are now available to anyone with an internet connection, a digital payment method and a motive.
Markets and evidence: Telegram groups, AI Forensics, and academic findings
Research published in March by AI Forensics examined 2.8 million messages across 16 Telegram groups and documented a thriving economy of digital abuse. That analysis found advertisements for professional hacking services — promising access to phone galleries, social media infiltration and automated spying bots — alongside more than 18,000 references to surveillance tools and over 82,000 abusive images and videos. Earlier and parallel work cited in the source includes 2024 findings from Citizen Lab showing technology used in transnational repression by states including Iran, China, Russia and Azerbaijan, and ASPI’s 2022 reporting on covert campaigns by the Chinese Communist Party that targeted Asian women.
Australia’s legal and operational response: gaps exposed by the AFP case
The Australian Federal Police’s 2022 investigation illustrates both the scale of demand and the difficulty of legal enforcement. The AFP alleged a developer had sold spyware to more than 14,500 people worldwide, identifying 201 buyers in Australia. Fourteen Australian purchasers were named as respondents on domestic violence orders, and 11 of those individuals purchased the tool either during an active domestic violence order or within two years of one being issued. Under current Australian law, purchasing spyware is not itself an offence, though installing it is a crime — a distinction the source highlights as hard to police at scale and one that places the burden of proof on victims rather than on suppliers.
Policy moves, funding and individual mitigation in Australia
The federal government announced A$104 million for domestic violence support in 2022, with A$55 million directed at technology measures such as wiping GPS trackers from victims’ phones and removing hidden cameras. Australia’s Online Safety Act and state-based laws prohibit sharing images or videos without consent. The source also lists practical, device-level steps individuals can take: keep devices updated, watch for unusual performance changes, and enable "lockdown mode" on certain devices to reduce attack surface at the expense of some functionality. Still, the AFP’s multi‑year, international coordination — involving about a dozen agencies — to bring a single developer to account is offered in the source as evidence that current frameworks and resourcing are not calibrated to the volume and urgency of the threat.
What this means for technologists, policymakers, and survivors
- Technologists and security teams: Vendors of commercial surveillance tools such as Spyic and CocoSpy (named in the source) are under scrutiny because their products can turn any smartphone into a surveillance device; the source argues such vendors should be required to demonstrate legitimate use cases and the security of data they collect. The source also warns that commercially available tools may themselves be prone to data breaches.
- Policymakers and regulators: The source recommends stricter import and distribution controls on commercial spyware, and greater investment in law enforcement capacity — including proactive intelligence capabilities — to handle technology‑facilitated abuse at scale.
- Survivors and frontline services: Organisations supporting victims are identified as early detectors of new surveillance methods. The source urges national security agencies to engage more intensively with those frontline groups because they often hold the first intelligence about emerging tools being used against clients.
The record presented in the source is stark: espionage‑grade capabilities have moved into consumer markets, advertising and private messaging groups, and domestic settings. The policy prescriptions it advances are concrete — tighter controls on imports and distribution, vendor accountability on legitimate use and data security, and dedicated law enforcement resourcing and intelligence — but the enforcement challenges are also concrete: the AFP needed years and cross‑border coordination to pursue a single developer. If the burden of proof remains on victims and the market remains loosely regulated, the source argues, the structural problem of technology‑facilitated coercive control will keep widening.
