

SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
To donate by check, phone, or other method, see our More Ways to Give page.


Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
Highly invasive spyware from consortium led by a former senior Israeli intelligence official and sanctioned by the US government is still being used to target people in multiple countries, a joint investigation published Thursday revealed.
Inside Story in Greece, Haaretz in Israel, Swiss-based WAV Research Collective, and Amnesty International collaborated on the investigation into Intellexa Consortium, maker of Predator commercial spyware. The "Intellexa Leaks" show that clients in Pakistan—and likely also in other countries—are using Predator to spy on people, including a featured Pakistani human rights lawyer.
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
🚨Intellexa Leaks:"Among the most startling findings is evidence that—at the time of the leaked training videos—Intellexa retained the capability to remotely access Predator customer systems, even those physically located on the premises of its govt customers."securitylab.amnesty.org/latest/2025/...
[image or embed]
— Vas Panagiotopoulos (@vaspanagiotopoulos.com) December 3, 2025 at 9:07 PM
Predator works by sending malicious links to a targeted phone or other hardware. When the victim clicks the link, the spyware infects and provide access to the targeted device, including its encrypted instant messages on applications such as Signal and WhatsApp, as well as stored passwords, emails, contact lists, call logs, microphones, audio recordings, and more. The spyware then uploads gleaned data to a Predator back-end server.
The new investigation also revealed that in addition to the aforementioned "one-click" attacks, Intellexa has developed "zero-click" capabilities in which devices are infected via malicious advertising.
In March 2024, the US Treasury Department sanctioned two people and five entities associated with Intellexa for their alleged role "in developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts."
"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the department said at the time.
Those sanctioned include Intellexa, its founder Tal Jonathan Dilian—a former chief commander of the Israel Defense Forces' top-secret Technological Unit—his wife and business partner Sara Aleksandra Fayssal Hamou; and three companies within the Intellexa Consortium based in North Macedonia, Hungary, and Ireland.
In September 2024, Treasury sanctioned five more people and one more entity associated with the Intellexa Consortium, including Felix Bitzios, owner of an Intellexa consortium company accused of selling Predator to an unnamed foreign government, for alleged activities likely posing "a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."
The Intellexa Leaks reveal that new consortium employees were trained using a video demonstrating Predator capabilities on live clients. raising serious questions regarding clients' understanding of or consent to such access.
"The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs—allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes," said van Bergen.
"If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware," he added.
Dilian, Hamou, Bitzios, and Giannis Lavranos—whose company Krikel purchased Predator spyware—are currently on trial in Greece for allegedly violating the privacy of Greek journalist Thanasis Koukakis and Artemis Seaford, a Greek-American woman who worked for tech giant Meta. Dilian denies any wrongdoing or involvement in the case.
Earlier this week, former Intellexa pre-sale engineer Panagiotis Koutsios testified about traveling to countries including Colombia, Kazakhstan, Kenya, Mexico, Mongolia, the United Kingdom, and Uzbekistan, where he pitched Predator to public, intelligence, and state security agencies.
The new joint investigation follows Amnesty International's "Predator Files," a 2023 report detailing "how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance is being sold and transferred around the world with impunity."
The Predator case has drawn comparisons with Pegasus, the zero-click spyware made by the Israeli firm NSO Group that has been used by governments, spy agencies, and others to invade the privacy of targeted world leaders, political opponents, dissidents, journalists, and others.
"Increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs," said one advocate.
Amnesty International on Thursday demanded transparency from the Indian government regarding its contracts with surveillance companies, including the Israeli firm NSO Group, after the rights organization joined The Washington Post in publishing what it called "shocking new details" about the use of spyware to target journalists in India.
Amnesty's Security Lab revealed that a round of "state-sponsored attacker" notifications that were sent to Apple customers in October by the tech company went to more than 20 Indian journalists including Siddharth Varadarajan, founding editor of The Wire, and Anand Mangnale, South Asia editor at the Organized Crime and Corruption Report Project (OCCRP).
The Security Lab ran a forensic analysis of the two reporters' devices and found evidence that the NSO Group's highly invasive Pegasus spyware, which is capable of eavesdropping on phone calls and harvesting data, had been installed on phones owned by Varadarajan and Mangnale.
In Mangnale's case, the journalist appeared to have received a "zero-click exploit" via iMessage on August 23, allowing the individual or group who sent it to covertly install Pegasus spyware on his phone without requiring Mangnale to take any action, such as clicking a link.
At the time of the attempted attack, said Amnesty, Mangnale was working on a story about alleged stock manipulation by a major Indian multinational firm with ties to Indian Prime Minister Narendra Modi. The journalist told Agence France Presse that his phone was targeted "within hours" of his sending interview questions to the company.
The timing of the attack—and the fact that NSO Group has said it only licenses Pegasus to governments and security agencies—was "a hell of a coincidence," Mangnale said.
"Targeting journalists solely for doing their work amounts to an unlawful attack on their privacy and violates their right to freedom of expression," said Donncha Ó Cearbhaill, head of Amnesty's Security Lab. "All states, including India, have an obligation to protect human rights by protecting people from unlawful surveillance."
The Indian government was previously accused of targeting journalists, opposition politicians, and activists with Pegasus in 2021, when leaked documents showed the spyware had attacked more than 1,000 phone numbers.
India has fallen 21 spots to 161 out of 180 countries in Reporters Without Borders' World Press Freedom Index since Modi took office in 2014. In addition to the alleged use of spyware by the government, journalists have been arrested and detained while covering anti-government protests, and reporters have been targeted by coordinated social media campaigns inciting hatred and violence.
Varadarajan was the subject of an earlier report by Amnesty, which documented how he had previously been targeted by Pegasus spyware in 2018.
This past October the same email address used in the Pegasus attack on Mangnale was identified on Varadarajan's phone, confirming he was targeted again.
Varadarajan told The Washington Post that at the time of the most recent covert spyware installation, he had been leading public opposition to the detention of a news publisher in New Delhi.
"Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation," said Ó Cearbhaill.
The group called for the Indian Supreme Court to immediately release the findings of a technical committee report on Pegasus, which was completed in 2022 but has still not been made public.
"Despite repeated revelations," said Ó Cearbhaill, "there has been a shameful lack of accountability about the use of Pegasus spyware in India which only intensifies the sense of impunity over these human rights violations."
"It is no secret that targeted digital surveillance has long been weaponized in the United Arab Emirates to crush dissent and stifle freedom of expression," said one campaigner.
With just two weeks until the next United Nations climate summit, Amnesty International on Wednesday expressed concerns about authorities in the United Arab Emirates using digital surveillance to target COP28 attendees and UAE residents alike.
"It is no secret that targeted digital surveillance has long been weaponized in the United Arab Emirates to crush dissent and stifle freedom of expression," said Rebecca White, a campaigner with Amnesty's Disrupting Surveillance Team, in a statement.
"Prior to his arrest in 2017, human rights defender Ahmed Mansoor faced a string of cyberattacks facilitated by mercenary surveillance companies," she noted. "Known as 'the last human rights defender' in the UAE, Mansoor, who openly criticized the authorities, has been languishing in an Emirati prison for over six years."
In recent months, Amnesty and other groups have called on U.S. Secretary of State Antony Blinken to pressure the UAE to "immediately and unconditionally release" Mansoor and other imprisoned human rights advocates before COP28. Amnesty has also joined other organizations in urging leaders of countries participating in the summit to address the host nation's human rights record and "destructive" climate policies amid a worsening global emergency.
"Amnesty International fears that human rights defenders and other members of civil society in the UAE may continue to be targeted with spyware, including those attending COP28," White said Wednesday. "As hosts of the conference, the UAE has pledged to offer a platform for activists' voices, yet this will not be possible unless human rights, including the rights to privacy and peaceful assembly, are respected."
The pledge she referenced was signed in August by the United Nations Framework Convention on Climate Change (UNFCCC) Executive Secretary Simon Stiell and the COP28 president-designate, Sultan bin Ahmed Al Jaber, who is also an oil executive.
Heba Morayef, Amnesty's regional director for the Middle East and North Africa, said at the time, "The fact that the hosts of this crucial climate meeting felt the need to highlight that some form of free assembly and expression will be allowed during COP28 serves only to highlight the normally restrictive human rights environment in the United Arab Emirates and the severe limits it places on the rights to freedom of expression and peaceful assembly."
White stressed Wednesday that "the UAE authorities must not engage in unlawful electronic surveillance of conference participants as well as all Emirati nationals and residents. They must also allow COP28 attendees to download privacy-respecting international communications applications like Signal in the UAE to ensure they can use safe, encrypted means of communication."
"We trusted the government not to screw us," said Edward Snowden. "But they did. We trusted the tech companies not to take advantage of us. But they did. That is going to happen again, because that is the nature of power."
With this week marking 10 years since whistleblower Edward Snowden disclosed information to journalists about widespread government spying by United States and British agencies, the former National Security Agency contractor on Thursday joined other advocates in warning that the fight for privacy rights, while making several inroads in the past decade, has grown harder due to major changes in technology.
"If we think about what we saw in 2013 and the capabilities of governments today," Snowden told The Guardian, "2013 seems like child's play."
Snowden said that the advent of commercially available surveillance products such as Ring cameras, Pegasus spyware, and facial recognition technology has posed new dangers.
As Common Dreams has reported, the home security company Ring has faced legal challenges due to security concerns and its products' vulnerability to hacking, and has faced criticism from rights groups for partnering with more than 1,000 police departments—including some with histories of police violence—and leaving community members vulnerable to harassment or wrongful arrests.
Law enforcement agencies have also begun using facial recognition technology to identify crime suspects despite the fact that the software is known to frequently misidentify people of color—leading to the wrongful arrest and detention earlier this year of Randal Reid in Georgia, among other cases.
"Despite calls over the last few years for federal legislation to rein in Big Tech companies, we've seen nothing significant in limiting tech companies' ability to collect data."
Last month, journalists and civil society groups called for a global moratorium on the sale and transfer of spyware like Pegasus, which has been used to target dozens of journalists in at least 10 countries.
Protecting the public from surveillance "is an ongoing process," Snowden told The Guardian on Thursday. "And we will have to be working at it for the rest of our lives and our children's lives and beyond."
In 2013, Snowden revealed that the U.S. government was broadly monitoring the communications of citizens, sparking a debate over surveillance as well as sustained privacy rights campaigns from groups like Electronic Frontier Foundation (EFF) and Fight for the Future.
"Technology has grown to be enormously influential," Snowden told The Guardian on Thursday. "We trusted the government not to screw us. But they did. We trusted the tech companies not to take advantage of us. But they did. That is going to happen again, because that is the nature of power."
Last month ahead of the anniversary of Snowden's revelations, EFF noted that some improvements to privacy rights have been made in the past decade, including:
"Despite calls over the last few years for federal legislation to rein in Big Tech companies, we've seen nothing significant in limiting tech companies' ability to collect data... or regulate biometric surveillance, or close the backdoor that allows the government to buy personal information rather than get a warrant, much less create a new Church Committee to investigate the intelligence community's overreaches," wrote EFF senior policy analyst Matthew Guariglia, executive director Cindy Cohn, and assistant director Andrew Crocker. "It's why so many cities and states have had to take it upon themselves to ban face recognition or predictive policing, or pass laws to protect consumer privacy and stop biometric data collection without consent."
"It's been 10 years since the Snowden revelations," they added, "and Congress needs to wake up and finally pass some legislation that actually protects our privacy, from companies as well as from the NSA directly."
"The use of spyware and unlawful targeted surveillance violates the fundamental rights of freedom of expression and access to information, peaceful assembly and association, freedom of movement, and privacy."
Six dozen civil society groups, journalists, and experts marked World Press Freedom Day on Wednesday with a joint call for "all governments to implement an immediate moratorium on the export, sale, transfer, servicing, and use of digital surveillance technologies, as well as a ban on abusive commercial spyware technology and its vendors."
The use of spyware against media workers is "an alarming trend impacting freedom of the press and creating a wider chilling effect on civil society and civic space," the statement argues. "Privacy, source protection, and digital security are essential components of press freedom, allowing journalists to protect the confidentiality and integrity of their work and sources."
"As governments and other entities seek to suppress the press and silence dissent, we are seeing an exponential increase in the market for digital surveillance technologies, including spyware, that overrides these journalistic principles."
"As governments and other entities seek to suppress the press and silence dissent, we are seeing an exponential increase in the market for digital surveillance technologies, including spyware, that overrides these journalistic principles," the statement continues. Such tools "can infiltrate a target's phone, giving the attacker full access to emails, messages, contacts, and even the device's microphone and camera," rendering secure and encrypted platforms useless.
"From El Salvador to Mexico, from India to Azerbaijan, from Hungary to Morocco, to Ethiopia—the list goes on of countries where investigative journalists working to expose corruption, power abuses, or human rights violations, have been targeted by invasive spyware such as Pegasus," the statement adds, referencing spyware from the Israeli firm NSO Group that has been used to target reporters, dissidents, and world leaders.
The advocates of banning this type of surveilleance technology noted that there are at least 180 known cases of potentially targeted journalists across 21 countries. They pointed to multiple examples, including Hungary-based Andras Szabo and Szabolcs Panyi being targeted with Pegasus in 2019, and Raymond Mujuni and Canary Mugume facing the same spyware two years later in Uganda.
According to the statement:
Moroccan investigative journalist Omar al-Radi was targeted with Pegasus spyware between 2019 and 2021, and later sentenced to six years in prison on bogus rape and espionage charges. Meanwhile journalist Hicham Mansouri, who fled from Morocco to France in 2016 following state harassment and detention, was hacked by Pegasus at least 20 times between February and April 2021.
Perhaps the most infamous example of how spyware can facilitate and enable transnational repression and serious human rights violations, including enforced disappearance and extrajudicial killing, is the murder of Saudi journalist and dissident Jamal Khashoggi at the Consulate of the Kingdom of Saudi Arabia in Istanbul on October 2, 2018. Both prior to and after his death, Mr. Kashoggi's family members and acquaintances were targeted by Pegasus spyware.
"It is clear that the use of spyware and unlawful targeted surveillance violates the fundamental rights of freedom of expression and access to information, peaceful assembly and association, freedom of movement, and privacy," the statement asserts, demanding not only a ban but also accountability for developers and distributors of the technology, and boosted efforts to protect journalists.
The statement was launched at Secret Surveillance: Countering Spyware's Threats to Freedom of the Press and Expression, an event co-hosted by advocacy organizations including Access Now.
"Invasive and abusive commercial spyware that has been used to facilitate human rights abuses globally has no place in our world," declared Access Now surveillance campaigner Rand Hammoud. "Years worth of evidence by civil society has demonstrated that the companies selling these technologies should not be rewarded with governmental contracts that would continue enabling their abuses."
Natalia Krapiva, tech legal counsel at Access Now, agreed that "this sinister technology that has been misused and abused by governments around the world is not safe in any hands, and its use can never be justified."
"Discussions do not suffice," Krapiva added. "We expect action: Protect freedom of the press, stamp out the spyware threat."
The spyware statement came as other members of the media acknowledged World Press Freedom Day in various ways, including sounding the alarm about the impacts of artificial intelligence on fact-based journalism, demanding global safeguards for digital privacy, and calling out the U.S. government for continuing to seek the extradition of WikiLeaks founder Julian Assange.
"A scenario in which someone is accused of something and doesn't know if the evidence presented against them is real or not is truly dystopian."
A human rights attorney raised alarm Monday over the expansion plans of Toka, an Israeli cyber firm that sells hacking technologies capable of finding, accessing, and manipulating security and smart camera footage.
Co-founded by former Israeli Prime Minister Ehud Barak and former Israel Defense Forces (IDF) cyber chief Yaron Rosen, Toka "sells technologies that allow clients to locate security cameras or even webcams within a given perimeter, hack into them, watch their live feed, and even alter it—and past recordings," Haaretz reported, citing internal documents it obtained and reviewed with a technical expert.
"One can imagine video being manipulated to incriminate innocent citizens or shield guilty parties."
The company, whose activities are overseen by the Israeli Defense Ministry, "was set up in 2018 and has offices in Tel Aviv and Washington," Haaretz reported. "It works solely with state clients in government, intelligence bodies, and law enforcement agencies, almost exclusively—but not just—in the West. According to the internal documents, as of 2021, the company had contracts with Israel valued at $6 million, and had also planned an 'expansion of existing deployment' in Israel."
Toka can tap into web-connected cameras found virtually everywhere—intersections, parking lots, malls, hotels, airports, and even homes. Haaretz compared the firm's "cyberoffense" capabilities to the 2001 heist movie Ocean's Eleven.
In that film, an "elite crew led by George Clooney and Brad Pitt hack the closed-circuit TV system of the Las Vegas casino vault they are trying to break into, diverting its feed to a mock safe they built in a nearby warehouse," the outlet noted.
Haaretz continued:
Twenty years on, this is no longer the stuff of movies: Toka's tech allows clients to do just that and more—not just diverting a live feed but also altering old feeds and erasing any evidence of a covert op.
Technical documents reviewed by an ethical hacker prove that Toka's tech can alter both live and recorded video feeds—all without leaving any forensics or telltale signs of a hack (in contrast to NSO's Pegasus spyware, or Intellexa's Predator, which leave a digital fingerprint on targeted devices).
"These are capabilities that were previously unimaginable," human rights lawyer Alon Sapir told the outlet. "This is a dystopian technology from a human rights perspective. Just its mere existence raises serious questions."
"One can imagine video being manipulated to incriminate innocent citizens or shield guilty parties that are close to the system, or even just manipulative editing for ideological or even political purposes should it fall into the wrong hands," said Sapir.
From a legal perspective, "intelligence collection is a sensitive issue," Sapir explained. "Despite a lack of legislation, the police deploy mass surveillance means they may not be fully authorized to use: technology like the HawkEye system, which no one knew about until the media revealed its existence."
While manipulated videos are inadmissible as evidence in Israeli courts, Sapir noted that "a scenario in which someone is accused of something and doesn't know if the evidence presented against them is real or not is truly dystopian. The current law does not begin to address situations like these."
People living in the Occupied Palestinian Territories are especially vulnerable to abuse.
"Take for example the Blue Wolf facial recognition technology, used by the IDF to keep track of Palestinians," said Sapir. "The West Bank is Israel's defense establishment testing ground—and a scenario in which Toka's tech is deployed unbeknownst to anyone is simply terrifying."
"There have been cases in which video evidence helped refute false claims made by settlers and soldiers, and helped save innocent Palestinians from jail," he added. "We've also seen cases in which video evidence has been tampered with in the past."