The Biden administration added two European-based hacking firms controlled by a former Israeli general to the Commerce Department’s blacklist on Tuesday, the latest effort to try to rein in a spyware industry that has spiraled out of control in recent years.
Two firms, Intellexa and Cytrox, are at the center of a political scandal in Greece, where government officials are accused of using their hacking tools against journalists and political opponents.
Under the blacklisting rules, American companies are largely prohibited from doing business with designated firms, which are designed to starve them of US technology — such as servers and cloud storage — they need to keep operating. In November 2021, the White House blacklisted the Israeli firm NSO Group, a well-known supplier of hacking tools.
Both Intelexa and Cytrox are controlled by former Israeli military intelligence general Tal Dillion, who was forced to retire from the Israeli Defense Forces in 2003 after an internal investigation raised suspicions that he was involved in the embezzlement of funds. Officers in the Israeli military.
He eventually moved to the European Union island nation of Cyprus, which in recent years has become a favored destination for surveillance agencies and cyber-intelligence experts.
Greek authorities last year launched an investigation into the country’s spy agency’s use of Intellexa’s primary hacking tool, Predator. A separate investigation was launched after a New York Times report revealed that Greece had licensed the Predator to at least one African country, Madagascar.
Predator was primarily used against local politicians and journalists, but a Times investigation found the spyware was also used against a US citizen who was wiretapped by a Greek spy agency while working as Meta’s manager at the time.
Like the better-known Pegasus made by NSO, Predator spyware can break into mobile phones and extract videos, photos and emails, turning the phones into surveillance devices to spy on their users.
Europe has shown limited appetite for accountability over the use of Predator and other tools, even as it launches investigations into how spyware was allowed to be deployed domestically and exported to countries that include Sudan and Madagascar.
The immediate impact of Mr. Dillion’s decision to blacklist the companies is unclear, especially if they are able to circumvent American sanctions by buying critical technology from other countries.
Unlike NSO based in Israel, Mr. Dilian’s organizations are not subject to Israeli regulations and the former general was able to use the scandals surrounding the NSO’s misuse of Pegasus to his advantage. When the Israeli government began limiting the number of countries NSO could sell its products to, Mr. Dillion filled the void by selling his competing spyware to those countries.
Mr. Dilian enters and leaves Israel, and his team members try to recruit top hackers from Israeli-based firms. A significant number of hacking experts in Israel have recently accepted offers to work for Mr. Dillion’s firms, according to four people in the Israeli cyber industry.
Earlier this year, the White House issued an executive order barring federal agencies from using spyware tools that governments have misused to spy on dissidents, human rights activists and journalists. A few days later, a group of nations at the Democracy Summit signed a joint letter declaring their commitment to curbing the misuse of hacking tools.
This is not a blanket ban. For example, the White House has authorized the Drug Enforcement Administration to use another Israeli-made spyware product — called Graphite — in operations against drug traffickers.
Despite increasing attention from Western governments to the dangers of commercial spyware, hacking tools continue to proliferate. Speaking to reporters on Monday, a senior administration official said one of the goals of the decision to blacklist hacking firms was to scare off potential investors looking to profit in the industry.
Ronen Bergman Contributed reporting from Tel Aviv, and Matina Stewis-Gridneff From Brussels and Athens.
