The Biden administration added two European-based coding firms controlled by an Israeli former general to the Commerce Department’s blacklist on Tuesday, its latest effort to try to curb a spyware industry that has spiraled out of control in recent years.
The two companies, Intellexa and Cytrox, are at the center of a political scandal in Greece, where government officials have been accused of using their hacking tools against journalists and political opponents.
Under the terms of the blacklist, American companies are largely barred from doing business with the designated firms, a move designed to starve them of the American technology — such as servers and cloud storage — they need to continue operations. In November 2021, the White House listed the Israeli company NSO Group, the best known provider of hacking tools.
Both Intellexa and Cytrox are controlled by Tal Dilian, a former general in Israeli military intelligence who was forced to retire from the Israel Defense Forces in 2003 after an internal investigation raised suspicions that he was involved in financial mismanagement, according to three former senior officials. officers in the Israeli military.
He eventually moved to Cyprus, a European Union island nation that has become a favorite destination in recent years for surveillance firms and cyber intelligence experts.
The Greek authorities launched an investigation last year into the use of Intellexa’s main hacking tool, Predator, by the country’s spy agency. A separate investigation was launched after a New York Times report discovered that Greece had licensed Predator to be exported to at least one African country, Madagascar.
Predator was mainly used against local politicians and journalists, but a Times investigation found that the spyware was also used against a US citizen who at the time worked as a manager for Meta while a Greek spy agency had a bug on her.
Like the better known Pegasus, made by NSO, Predator spy can penetrate mobile phones and extract videos, photos and emails, and can turn the phones into surveillance devices to spy on their users.
Europe has shown limited appetite for accountability over the use of Predator and other tools, even as investigations have been launched into how the spyware was allowed to be deployed domestically and exported to countries that include Sudan and Madagascar.
The immediate impact of the decision to blacklist Mr Dilian’s companies is unclear, especially if he is able to avoid US restrictions by buying critical technology from other countries.
Unlike NSO, which is based in Israel, Mr. Dilian’s companies are not subject to Israeli regulations, and the former general was able to exploit the scandals surrounding NSO’s Pegasus abuses to his advantage. When the Israeli government began limiting the number of nations to which NSO could sell its products, Mr. Dilian filled the void by selling his competing spyware to those countries.
Mr. Dilian enters and leaves Israel as he chooses, and members of his team have been aggressive in trying to recruit top hackers from Israel-based firms. A significant number of hacking experts in Israel have recently received offers to work for Mr. Dilian’s firms, according to four people in the Israeli cyber industry.
Earlier this year, the White House issued an executive order that restricts federal agencies from using spy tools that have been misused by governments to spy on dissidents, human rights activists and journalists. Days later, a group of nations at the Summit for Democracy signed a joint letter declaring its commitment to curb the abuses of the hacking tools.
It is not a blanket ban. For example, the White House allowed the Drug Enforcement Administration to use another Israeli-made spy program – known as Graphite – in its operations against drug traffickers.
Even with increasing attention from Western governments to the dangers of commercial spyware, hacking tools continued to proliferate. Speaking to reporters on Monday, a senior administration official said that one purpose of the decision to blacklist the hacking firms was to scare off potential investors who might anticipate a profit in the industry.
Ronen Bergman contributed reporting from Tel Aviv, and Matina Stevis-Gridneff from Brussels and Athens.