Intellexa’s Unprecedented Access to Government Surveillance Data Raises Alarming Concerns
Recent revelations have unveiled that Intellexa, a sanctioned spyware manufacturer, possessed remote access to the surveillance systems of certain government clients. This access enabled Intellexa’s personnel to view personal data from individuals whose devices were compromised using their Predator spyware. This information comes from a comprehensive report by Amnesty International, which analyzed leaked internal documents, sales materials, and training videos from Intellexa.
A particularly concerning discovery is that Intellexa staff could remotely access client surveillance systems via TeamViewer, a widely-used remote desktop application. A leaked training video showcases the Predator spyware’s dashboard and a storage system containing sensitive data—such as photos and messages—collected from victims. Amnesty International’s report highlights that the video appears to depict live infection attempts, including one targeting an individual in Kazakhstan, complete with specific details like the infection URL and the target’s IP address.
Traditionally, companies supplying spyware to government agencies, such as NSO Group and the now-defunct Hacking Team, have asserted that they do not access their clients’ data or systems. This stance is maintained to avoid legal liabilities and to ensure that clients retain full responsibility for the use of the spyware. Moreover, government agencies are typically reluctant to share sensitive investigative details with external private entities.
Paolo Lezzi, CEO of spyware firm Memento Labs, emphasized that such remote access is highly irregular. He stated, No [government] agency would accept it, expressing skepticism about the authenticity of the leaked video, suggesting it might depict a demo environment rather than a live system. Lezzi noted that while some clients have requested remote support, his company only provides it under strict supervision and for the duration necessary to resolve technical issues.
Amnesty International, however, is convinced that the video shows access to a live Predator surveillance system. Donncha Ó Cearbhaill, head of Amnesty’s security lab, pointed out that during the training session, an attendee inquired if the environment was a demo, to which the instructor confirmed it was a live customer system.
The implications of Intellexa’s access are profound. Potential surveillance victims not only face data exposure to their own governments but also to a foreign surveillance company with questionable data security practices. This situation amplifies concerns about privacy and data protection.
Intellexa’s founder, Tal Dilian, has been a contentious figure in the spyware industry. In 2024, the U.S. government imposed sanctions on Dilian and his associate, Sara Aleksandra Fayssal Hamou, alleging that Intellexa’s spyware was used against Americans, including government officials and journalists. These sanctions prohibit American entities from engaging in business with Dilian and Hamou.
Dilian has refuted these allegations, claiming that journalists are part of an orchestrated campaign against him and his company. He asserts that he has not committed any crimes nor operated any cyber systems in Greece or elsewhere.
The broader context reveals a growing scrutiny of spyware manufacturers. In 2024, the U.S. government expanded sanctions against Intellexa, targeting additional individuals and entities associated with the company. The Treasury Department stated that Intellexa’s Predator spyware had been used to target U.S. government officials, journalists, and opposition politicians.
Furthermore, in 2023, the U.S. government added Intellexa and Cytrox to its economic denylist, citing their involvement in trafficking cyber exploits that threaten privacy and security worldwide. This action reflects a concerted effort to curb the proliferation of commercial spyware and its misuse.
The Intellexa case underscores the urgent need for stringent oversight and regulation of the spyware industry. The potential for abuse and the violation of individual privacy rights necessitate a reevaluation of how such technologies are developed, sold, and deployed. As governments and organizations grapple with these challenges, the balance between national security interests and the protection of civil liberties remains a critical and contentious issue.
