author photo
By Cam Sivesind
Wed | Nov 29, 2023 | 10:51 AM PST

The findings of the Predator Files paint a damning picture of an industry operating in the shadows, exploiting loopholes in EU regulations, and evading accountability for its actions. The Intellexa alliance's spyware products have been used to target journalists, activists, and political opponents, enabling governments and other entities to track their movements, intercept their communications, and even manipulate their online activities.

"Just like with Pegasus and a few other surveillance technologies, the Predator Files point to a whole surveillance system that can be purchased for a few million Euros. This gives countries that previously had outdated or minimal surveillance capabilities a much more modern set of monitoring tools," said Col. Cedric Leighton, USAF (Ret.), CNN Military Analyst, and Chairman, Cedric Leighton Associates, LLC. "Intellexa seems to function like a holding company, pulling several different vendors into a global network. This business model is fairly common throughout the Middle East and in parts of Europe. Intellexa is reportedly divided into 12 corporate entities that are headquartered in several different countries, including Greece, Switzerland, Cyprus, Ireland, and the British Virgin Islands. According to the Irish Times, the main shareholder of this company has an address in Ajman, one of the United Arab Emirates."

[RELATED: Senior EU Officials Targeted with NSO Spyware]

EU regulation falls short

The Predator Files investigation exposes the glaring weaknesses of the EU's regulatory framework for surveillance technologies. Despite the introduction of the General Data Protection Regulation (GDPR) in 2018, the EU has failed to effectively control the proliferation of powerful surveillance tools like those developed by the Intellexa alliance.

The report highlights several key shortcomings in the GDPR, including its limited scope, its reliance on self-regulation, and its lack of enforcement mechanisms. These shortcomings have allowed companies like Intellexa to operate with impunity, exporting their spyware to countries with repressive regimes and using opaque business practices to obscure their activities.

"The Predator Files report underscores the widespread availability of advanced surveillance tools, once exclusive to nation-states, to various actors. This raises the risk of their misuse against journalists, activists, and dissidents," said Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start.

"The European Union's current regulatory frameworks, like GDPR, are not fully equipped to tackle the challenges posed by these covert and transnational surveillance technologies, creating a regulatory gap. There's a pressing need for specialized laws to regulate the sale and export of these tools, with stringent vetting and transparent reporting, to prevent their misuse by repressive regimes. The threat extends beyond the EU, with the U.S. and other countries also at risk, necessitating international cooperation and regulation. Awareness and engagement from the public and civil society, along with collaboration between the media, NGOs, and cybersecurity experts, are crucial in combating the misuse of surveillance technologies and advocating for stronger regulations."

More commentary from Col. Leighton

"It's noteworthy that the founder of Intellexa, Tal Dilian, is a former Israeli intelligence officer.  He's not the only former Israeli intelligence officer engaged in the commercialization of surveillance capabilities," Col. Leighton said. "The tools Intellexa and its subsidiaries sell do provide significant monitoring capabilities that were previously the province of sophisticated intelligence and law enforcement organizations, but these tools cannot access encrypted traffic in apps such as WhatsApp or Telegram.  What they can potentially do, however, is determine who communicated the encrypted data, who received it, and how much traffic there was within a targeted group."

"One of the most pernicious capabilities of Intellexa's Predator software is its ability to remotely turn on the camera and microphone of a targeted mobile device," he added. "This can be accomplished without the device's owner noticing the compromise."

A call for urgent action

The Predator Files serves as a stark reminder of the urgent need for stronger EU regulation of surveillance technologies. The report's findings call for a comprehensive overhaul of the GDPR, including stricter export controls, enhanced transparency requirements, and robust enforcement mechanisms.

"In addition to the European media investigation of Intellexa and its technology, over the summer the U.S. State Department called the company's activities 'contrary to the national interests of the United States,'" Col. Leighton said. "The group was 'trafficking in cyber exploits' and U.S. businesses and government entities were prohibited from doing business with it."

"In 2021, about 86% of Intellexa's sales were in the Middle East. This is reflective of a trend that has existed over at least the past 50 years in which Middle Eastern countries purchase commercially available surveillance and intelligence technologies as opposed to developing their own," he added. "The Predator spyware itself was reportedly developed by a North Macedonian company named Cytrox. Cytrox is now part of Intellexa."  

In addition to regulatory reforms, the Predator Files also highlights the importance of public awareness and civil society engagement in addressing the surveillance crisis. By exposing the harmful practices of companies like Intellexa, the EIC and Amnesty International have empowered citizens to demand accountability and hold their governments responsible for protecting their security and privacy rights.

The Predator Files is a wake-up call for the EU and its member states. It is a call to action to address the glaring inadequacies of existing surveillance regulations and to implement measures that protect the fundamental rights of citizens in the digital age. The future of privacy and freedom of expression in Europe depends on it.

"Intellexa's corporate structure appears to be evolving in response to the changing commercial and regulatory landscape. One can expect it to evolve further in light of the EIC media network's findings," Col. Leighton said. "The Predator monitoring software can be launched from mobile platforms such as vans or drones. As long as it can get to and exploit a Wi-Fi or cellular signal, it can potentially intercept sensitive communications. As a result, dissidents and journalists are far more vulnerable to data exploitation efforts than they were just a few years ago."

Comments