A recent investigation by Amnesty International has uncovered shocking evidence that spyware maker Intellexa had remote access to some of its government customers’ surveillance systems, allowing company staff to view the personal data of individuals whose phones had been hacked with its Predator spyware. This revelation has significant implications for the security and privacy of those targeted by government surveillance, as it suggests that their sensitive data may be exposed not only to the government agency conducting the surveillance but also to the foreign company providing the spyware.
The evidence, which includes internal company documents, sales and marketing materials, and training videos, shows that Intellexa staff could access the surveillance systems of at least some of its customers via TeamViewer, a widely available remote access tool. A leaked training video reveals the company’s ability to view the dashboard of a customer’s surveillance system, including the storage system containing photos, messages, and other surveillance data gathered from victims of the Predator spyware. The video also appears to show live infection attempts against real targets, including detailed information about the target’s device and location.
This level of access is unusual in the spyware industry, where companies typically claim to have no visibility into their customers’ systems or data. Spyware makers like NSO Group and Hacking Team have long maintained that they do not have access to the data of their customers’ targets, nor do they have access to their customers’ systems. This is partly due to concerns about potential legal liability and the need to maintain the secrecy of sensitive investigations. However, the evidence suggests that Intellexa may have had a more intimate relationship with its customers’ systems than is typical in the industry.
The implications of this discovery are significant, as it raises concerns about the security and privacy of individuals who may be targeted by government surveillance. Not only may their data be exposed to the government agency conducting the surveillance, but it may also be accessible to the foreign company providing the spyware. This could have serious consequences, particularly if the company has a history of insecure data storage or if the data is mishandled in some way.
The investigation has also shed light on the activities of Intellexa’s founder, Tal Dilian, who has been the subject of controversy in the past. Dilian has been accused of operating with a lack of discretion and has been sanctioned by the US government for allegedly using his company’s spyware against Americans, including government officials, journalists, and policy experts. The sanctions, which were imposed in 2024, make it illegal for American companies and nationals to have any commercial relationship with Dilian or his business partner, Sara Aleksandra Fayssal Hamou.
In response to the allegations, Dilian has accused journalists of being “useful idiots” in an “orchestrated campaign” to hurt him and his company. However, the evidence uncovered by Amnesty International suggests that there may be more to the story than Dilian is letting on. The fact that Intellexa staff had remote access to customer surveillance systems raises serious questions about the company’s business practices and the potential risks to individuals who may be targeted by its spyware.
As the use of spyware becomes increasingly common, it is essential to consider the potential risks and consequences of this technology. The discovery that Intellexa had remote access to its customers’ surveillance systems highlights the need for greater transparency and accountability in the spyware industry. It also underscores the importance of protecting the security and privacy of individuals who may be targeted by government surveillance, and ensuring that companies like Intellexa are held to the highest standards of data protection and security. Ultimately, the use of spyware must be subject to rigorous oversight and regulation to prevent abuses of power and protect human rights.
No Comments