US blacklists spyware makers over security threats

ISTANBUL (AA) – The US on Tuesday blacklisted Europe-based spyware companies Intellexa and Cytrox over “threatening the privacy and security of individuals and organizations worldwide.”

Four entities – Intellexa S.A. in Greece, Cytrox Holdings Crt in Hungary, Intellexa Limited in Ireland, and Cytrox AD in North Macedonia – were added to “the Entity List for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide,” said the Commerce Department’s Bureau of Industry and Security in a statement.

According to the statement, the department “targets these entities’ ability to access commodities, software, and technology that could contribute to the development of surveillance tools that pose a risk of misuse in violations or abuses of human rights.”

Israeli daily Haaretz reported that both companies are “owned by different Israeli nationals, among them the former military intelligence officer Tal Dillia.”

On Tuesday, US State Department spokesperson Matthew Miller confirmed in a statement that “four foreign commercial spyware entities (are being added) to the Entity List for engaging in activities contrary to the national security or foreign policy interests of the United States.”

“The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. government personnel and their families,” the statement added. “The misuse of these tools globally has also facilitated repression and enabled human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor and target activists and journalists.”

According to a 2021 report by the University of Toronto's Citizen Lab: “Cytrox was reported to be part of Intellexa, the so-called ‘Star Alliance of spyware,’ which was formed to compete with NSO Group, and which describes itself as ‘EU-based and regulated, with six sites and R&D labs throughout Europe’.”

In 2021, the US added two companies from Israel NSO Group and Candiru to its trade blacklist because they sold spyware to foreign governments who used it to target government officials and journalists.

The report said two Egyptians were hacked with Predator spyware, built and sold by spyware developer Cytrox. “We conducted Internet scanning for Predator spyware servers and found likely Predator customers in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia,” it added.

In May, the European Parliament’s PEGA Committee, which is investigating the use of spyware in its member countries, said that Greek Prime Minister Kyriakos Mitsotakis is responsible for the surveillance scandal that rocked the country’s political scene last summer.

On Aug. 8, 2022, Mitsotakis acknowledged that opposition politician Nikos Androulakis was wiretapped by Greece’s intelligence agency but denied knowledge of the operation.

The scandal first emerged on Aug. 4, when Panagiotis Kontoleon, then-head of the EYP intel agency, told a parliamentary committee that the agency had been spying on financial journalist Thanasis Koukakis.

On Aug. 5, Kontoleon, along with the general secretary of the prime minister’s office, Grigoris Dimitriadis, resigned.