U.S. Blacklists Israeli-owned Cyber Arms Firms

Haaretz.co

Intellexa, an alliance of digital intelligence firms run by an ex-Israeli intel officer, and Cytrox, which produces their Predator spyware, added to U.S. ‘entity list’ which already includes Israel’s NSO and Candiru

Intellexa Co-CEO Tal Dilian at his house in Limassol, Cyprus, in 2020.Credit: Yiannis Kourtoglou / REUTERS
A group of Israeli-owned digital surveillance firms operating from Europe were added on Tuesday to a U.S. blacklist of companies acting against American interests, in the latest attempt by the White House to curb the international proliferation of military-grade spyware.

The U.S. Commerce Department added Intellexa and Cytrox, both owned by different Israeli nationals, among them the former military intelligence officer Tal Dillia, to its economic trade “entity list.”

Intellexa, which is registered in Greece and has related entities in Ireland and North Macedonia, serves as a one-stop-shop for state surveillance needs. Both firms were at the center of a massive political storm in Greece.

Attempts by Haaretz to reach representatives from Cytrox and Intellexa were not successful.

Last year, as part of the Biden administration’s efforts to counter the misuse of commercial spyware, two firms operating out of Israel – NSO Group and Candiru – were also added to the list in 2021, which prevents them from doing business with U.S. bodies.

The decision to place NSO and Candiru on the blacklist was a watershed moment for Israeli cyber firms. After years in which Israel pushed the firms as part of Prime Minister Benjamin Netanyahu’s “cyber diplomacy,” the U.S. started pushing back after misuse of spyware like NSO’s Pegasus by client states – including against American diplomats in Africa.

Israel understood the message and decided to drastically curb its cyber exports, dropping the list of countries to which such technologies can be exported from over 130 to barely over 30, almost all of which are Western democracies.

Since then, the Israeli offensive cyber market has faced a massive squeeze, with a list of firms shutting down, among them Nemsis, Kela, Magen and QuaDream, which closed shop after Israel refused to let it sell its spyware to Morocco, which was a previous client of NSO but was cut off after misusing Pegasus.

Ironically, sources say this helped those Israelis operating outside of Israeli regulations – first and foremost Intellexa, which headhunted teams let off from Israeli firms buckling from lack of new sales.

A senior Israeli source part of a prominent Israeli offensive spyware firm told Haaretz that the decision to add the EU-based firms on the U.S. blacklist is different than the decision to sanction NSO and Candiru. “These two firms operated under strict Israeli oversight and regulation by the Defense Ministry. The decision to blacklist them backfired and actually led Israel to crack down on firms they were already regulating and thus actually sparked a brain drain.

“By adding NSO and Candiru to the blacklist, the Americans pushed people to think creatively and move their operations outside of Israel. This also pushed people to Intellexa, which is not regulated. The decision to sanction them now makes sense – it shows that even if you try to operate abroad, it doesn’t matter if it’s from a tax haven or a spyware regulation haven – the U.S. will find you and stop you.”

A Haaretz investigation published last summer revealed Intellexa was picking up all the deals Israel had refused to authorize – selling their digital surveillance wares to countries like Ukraine. Simultaneously, sources suggested that alongside countries in which Israeli firms were once allowed to work – such as Mexico, Ghana, Colombia and Greece – Dilian-linked firms have also inked deals with clients in Saudi Arabia, Oman, Malaysia, Indonesia and Sri Lanka.

Haaretz investigation also revealed the sale of digital tools to a militia in Sudan. In 2017, in Skopje, North Macedonia, Rotem Farkash, who founded Cytrox, the company that developed the infamous Predator spyware, with millions of dollars in initial funding from the state-owned Israel Aerospace Industries (IAI). Cytrox was later acquired by Intellexa, and was merged into the alliance of digital surveillance firms founded in Cyprus and Greece by Tal Dilian, a former commander of Israeli army intelligence select technology unit.

As early as 2019, the Greek government began testing the Predator spyware technology, though they had not formulated a legal framework for using it. Thanasis Koukakis, an investigative journalist, was one of the first victims of its use. According to the investigation, a preliminary agreement was drafted in March 2022. But one month later the “Greek Watergate” scandal would erupt, revealing widespread use of Predator against Greek politicians and business executives, and the agreement with North Macedonia was never signed.