Press "Enter" to skip to content

Spyware firm Intellexa hit with US sanctions after Cyprus Confidential exposé

The United States has sanctioned notorious spyware consortium Intellexa, as well as its two key leaders, for their roles in the development and operation of surveillance software that has targeted American citizens.

The Treasury Department’s Tuesday announcement accused Intellexa of enabling “the proliferation of commercial spyware and surveillance technologies around the world, including to authoritarian regimes” Intellexa’s spyware, known as Predator, has been used to covertly surveil U.S. officials, journalists, and policy experts, Treasury said.

The U.S. sanctions targeted five companies in the Intellexa group, as well as the company’s founder, Tal Dilian, and one of the group’s key leaders, Sara Hamou, who were sanctioned as individuals. The Treasury Department described Dilian as “the architect behind [Intellexa’s] spyware tools,” and Hamou as “a corporate off-shoring specialist.”

Dilian and Hamou’s partnership was the focus of an ICIJ exposé in November as part of the Cyprus Confidential investigation. Leaked documents revealed how Dilian and Hamou used Cyprus as a hub for their cyber-surveillance business, exploiting the island’s lax regulatory oversight to create one of the world’s most notorious spyware companies. ICIJ reporting also revealed the critical role Hamou, a lawyer based in Cyprus and Dilian’s ex-wife, played in concealing the activities and ownership of Dilian-connected spyware firms. Hamou managed legal issues related to implementing surveillance projects in Europe, the Middle East and Asia.

SPYWARE

The spy, the lawyer and their global surveillance empire

Nov 15, 2023
IMPACT

FBI called in to help Cyprus investigate Russian sanctions dodging

Dec 04, 2023
FAQS

Frequently asked questions about the Cyprus Confidential investigation

Nov 15, 2023

The Intellexa group includes a network of companies stretching across Europe. The companies sanctioned by the Treasury Department are based in Greece, Ireland, North Macedonia, and Hungary. Two of these companies were placed on a blacklist by the U.S. Commerce Department in 2023 that largely prohibited U.S. firms from doing business with them.

The companies were at the core of a 2023 Greek political scandal, when top officials were accused of utilizing surveillance capabilities to undermine political opponents and journalists.

Intellexa’s Predator spyware enables access to personal data stored on or transmitted through a phone, such as text messages or photos. Predator is the hard-to-detect predecessor of the formidable Pegasus spyware, and has been found in at least 25 countries.

Intellexa previously sold Predator spyware to countries including Germany and Switzerland, as well as others, including some marred by human rights violations, such as Qatar and Congo, researchers found.

Do you have a story about corruption, fraud, or abuse of power?

ICIJ accepts information about wrongdoing by corporate, government or public services around the world. We do our utmost to guarantee the confidentiality of our sources.

LEAK TO ICIJ

A 2023 investigation by news outlets working with the European Investigative Collaborations group found that Vietnamese officials tried to hack U.S. politicians and journalists using Predator spyware. The attempt appears to have been unsuccessful.

U.S. officials said that Tuesday’s sanctions against Intellexa mark the first time that individuals and entities had been sanctioned for the misuse of spyware, and marks an escalation from visa restrictions and commercial embargoes issued in recent months. The move is part of a Biden administration push to highlight the threat posed by commercial spyware in the run-up to the third Summit for Democracy later this month.

“Today’s actions represent a tangible step forward in discouraging the misuse of commercial surveillance tools, which increasingly present a security risk to the United States and our citizens,” Brian Nelson, the U.S. Treasury undersecretary for terrorism and financial intelligence, said in a statement.

As a result of the sanctions, U.S. companies and individuals are prohibited from dealing with Hamou and Dilian, as well as the sanctioned companies, either through involvement in financial transactions with them or by providing them with material or technological support.

ICIJ reporting found that Hamou was instrumental in building Dilian’s global spyware empire, and that she has sat on the boards of more than 20 companies with ties to Dilian, and has held ownership stakes in at least three of those firms.

A lot of problematic mercenary spyware actors have dealings with Intellexa. Right now they are wondering about their own prospects, and they should be concerned. — Citizen Lab researcher John Scott-Railton

Scant information is publicly available on Hamou, save a few online blogs where Hamou discusses her role as co-founder in skincare brand, Medovie. As of March 5, she had deactivated her public LinkedIn profile.

John Scott-Railton, a senior researcher at Citizen Lab called the sanctions “a massive blow,” and said they will likely have ripple effects across the globe.

“A lot of problematic mercenary spyware actors have dealings with Intellexa. Right now they are wondering about their own prospects,” he said, “and they should be concerned.”

Published by: icij.org