In a startling revelation that casts a harsh spotlight on the shadowy world of private surveillance technology, new evidence unearthed by Amnesty International suggests that Intellexa, a company known for its sophisticated ‘Predator’ spyware, may have provided its own staff with direct, remote access to the surveillance systems of its government clients. This alleged capability means that Intellexa employees could have potentially viewed the personal data of individuals whose phones were compromised by the company’s potent spyware.
The findings, published on Thursday by Amnesty International in collaboration with a consortium of international media partners – including the Israeli newspaper Haaretz, the Greek news site Inside Story, and the Swiss outlet Inside IT – are based on a trove of leaked materials. These documents range from internal company memos and sales pitches to instructional videos, painting a concerning picture of the operational realities behind mercenary spyware.
A Direct Line to Sensitive Data?
The most alarming discovery centers on the alleged use of TeamViewer, a common, off-the-shelf remote access tool, by Intellexa staffers. According to Amnesty’s report, this tool was allegedly used to gain remote entry into the surveillance systems of at least some of Intellexa’s government clientele. This capability would grant Intellexa personnel the ability to navigate and potentially download information from systems that governments use to monitor targets.
A leaked training video, a crucial piece of evidence in Amnesty’s exposé, purportedly showcases privileged sections of the Predator spyware system. This includes not only the user interface or dashboard but also the ‘storage system containing photos, messages and all other surveillance data gathered from victims of the Predator spyware.’ Amnesty International released screenshots from this video, though not the full footage, illustrating the sensitive nature of the data contained within these systems.
Real Targets, Real Surveillance
Further deepening the concern, the leaked video appears to depict ‘live’ attempts to infect targets with Predator spyware. The researchers at Amnesty International based this assessment on detailed information present in the video, including specifics from at least one infection attempt targeting an individual in Kazakhstan. The footage reportedly contained crucial identifiers such as the infection URL, the target’s IP address, and the specific software versions of the victim’s phone – information typically associated with active surveillance operations.
Challenging Industry Norms and Stated Policies
This alleged direct access by spyware makers directly contradicts the long-held assertions of companies in this sector, such as NSO Group and the now-defunct Hacking Team. These firms have consistently maintained that they do not access the data collected by their spyware or gain entry into their customers’ surveillance systems once a sale is complete. There are pragmatic reasons for this stance:
- Mitigating Legal Liability: By distancing themselves from the collected data, spyware makers aim to avoid potential legal repercussions should their technology be used unlawfully by government clients.
- Shifting Responsibility: The industry narrative often emphasizes that once the spyware is sold, the government customer bears full responsibility for its deployment and the ethical implications of its use.
- Protecting Client Operations: Government agencies, understandably, wish to keep the details of their sensitive investigations – including the identities and personal information of their targets – confidential and out of the hands of private, potentially foreign-based companies.
Skepticism from Within the Industry
The implications of Amnesty’s findings are so significant that even figures within the spyware industry expressed surprise and skepticism. Paolo Lezzi, CEO of Memento Labs, another spyware developer, told TechCrunch that such remote access by a spyware vendor would be highly unusual and that ‘No [government] agency would accept it.’ Lezzi suggested that the leaked video might be depicting a ‘demo environment’ for training purposes rather than actual access to a live customer system.
While Lezzi acknowledged that some customers have requested access to their systems from Memento Labs, this is typically only granted for critical technical troubleshooting and is done under strict supervision, with access revoked immediately after the issue is resolved. ‘They enable us to have TeamViewer access for the necessary time and under their supervision we carry out the intervention and leave,’ he explained.
Amnesty International Stands Firm
Despite the industry skepticism, Amnesty International remains convinced that the leaked video provides evidence of access to live Predator surveillance systems. Donncha Ó Cearbhaill, head of Amnesty’s security lab, which conducted the technical analysis of the leaked material, confirmed that a query was made during the training call about whether it was a demo environment. According to Ó Cearbhaill, the instructor explicitly stated that it was indeed a ‘live customer system.’
Broader Implications for Privacy and Security
The potential for Intellexa staff to have visibility into who their government clients were spying on raises profound concerns about both security and privacy. Amnesty International articulated these worries in their report: ‘These findings can only add to the concerns of potential surveillance victims. Not only is their most sensitive data exposed to a government or other spyware customer, but their data risks being exposed to a foreign surveillance company, which has demonstrable issues in keeping their confidential data stored securely.’
This suggests a multi-layered risk: individuals targeted by Predator spyware are already vulnerable to state surveillance, but the alleged access by Intellexa itself introduces an additional point of potential data exposure and misuse, particularly given the company’s purported security vulnerabilities.
Tal Dilian: A Controversial Figure in the Spyware Landscape
Intellexa could not be reached for comment on these allegations. However, a lawyer speaking on behalf of Intellexa’s founder, Tal Dilian, vehemently denied any wrongdoing. The lawyer stated that Dilian ‘has not committed any crime nor operated any cyber system in Greece or anywhere else.’
Tal Dilian is no stranger to controversy within the government spyware industry. Sources have described him as a figure who operates with a notable lack of discretion, a stark contrast to the meticulous caution typically required in this sensitive field. One industry veteran commented that Dilian ‘moves like an elephant in a crystal shop,’ implying a perceived recklessness in his business dealings.
Adding to the scrutiny, in 2024, the U.S. government imposed sanctions on Tal Dilian and his business partner, Sara Aleksandra Fayssal Hamou. These sanctions were a direct response to allegations that Intellexa’s spyware had been used to target Americans, including U.S. government officials, journalists, and policy experts. This marked a significant escalation, being the first time the U.S. government, which had previously taken action against NSO Group, specifically targeted an individual involved in the spyware trade.
The sanctions render it illegal for American companies and individuals to engage in any commercial relationship with Dilian and Hamou, effectively cutting them off from U.S. markets and partnerships.
In response to reporting by Haaretz, Dilian reportedly accused journalists of being ‘useful idiots’ in an ‘orchestrated campaign’ designed to damage him and his company, suggesting that the narrative against him had been ‘fed into the Biden administration.’
The Evolving Landscape of AI, DevSecOps, and Digital Security
These revelations from Intellexa underscore the critical and often opaque role that artificial intelligence and sophisticated software play in modern intelligence gathering and surveillance. The intersection of AI-driven spyware, Development Security Operations (DevSecOps) practices, and the ethical considerations of data science is becoming increasingly complex.
For businesses and government agencies alike, understanding the security posture of their technology vendors is paramount. The alleged vulnerabilities in Intellexa’s operational model highlight the need for rigorous vetting of third-party tools and services, especially those that handle sensitive personal data. From the perspective of cybersecurity architects and data scientists, the case serves as a stark reminder of the potential risks associated with remote access tools and the importance of robust access control mechanisms and continuous monitoring.
Furthermore, the ethical debates surrounding mercenary spyware and its use by state actors are intensifying. As technology advances, the lines between national security, corporate interests, and individual privacy continue to blur, demanding greater transparency and accountability from all stakeholders involved in the development and deployment of surveillance technologies. This ongoing saga with Intellexa and Predator spyware is likely to fuel further discussions on regulation, oversight, and the fundamental human right to privacy in an increasingly connected world.