The U.S. Commerce Department has placed two European-based Israeli-owned spyware companies on its trade blacklist, citing national security concerns.
Intellexa S.A. in Greece and its entity Intellexa Limited in Ireland, and Cytrox AD in North Macedonia, along with its entity Cytrox Holdings Crt in Hungary, were added to the technology export blacklist, the Commerce Department said in a July 18 press release.
The blacklisting means the companies will no longer be able to conduct business or make transactions with American companies, significantly reducing their ability to access commodities, software, and technology that they could use to develop surveillance tools that could be misused, or conduct activities contrary to the national security or foreign policy interests of the United States.
Officials said the move was based on a determination that the companies had engaged in “trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.”
The companies join Israeli-owned, Tel Aviv-based technology company Candiru and NSO Group, which has faced continuous criticism over its Pegasus spyware and its alleged spying activities on the blacklist.
Both companies were placed on the list in 2021.
“The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. government personnel and their families,” the Commerce Department said.
Repression, Human Rights Abuses
“The misuse of these tools globally has also facilitated repression and enabled human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor and target activists and journalists.”
According to its website, Intellexa develops and integrates technologies to “empower LEAs [law enforcement agencies] and intelligence agencies to help protect communities.”
Cytrox does not appear to have a website.
Both companies have been linked to a number of alleged surveillance incidents, according to reports.
Cytrox’s “predator” spyware was used to hack the mobile phone of Ayman Nour, an Egyptian politician living in exile in Turkey, and an unnamed Egyptian television journalist, according to the Citizen Lab at the University of Toronto, which studies human rights and global security.
Additionally, one of the company’s products was reportedly used by the Greek government to hack the mobile phone of a former Meta security executive.
Meanwhile, Intellexa was fined 50,000 euros ($56,129) by the Data Protection Authority in Greece in January for failing to cooperate with an ongoing investigation into the use of spyware in the country that was allegedly used to spy on high-ranking Greek officials.
Biden Admin Cracking Down on Spyware
In a statement at the time, the Hellenic Data Protection Authority (HDPA) said it had “performed an on-site inspection at Intellexa’s premises but such premises were completely empty and without a functional network infrastructure or IT system.”
“Additionally, the HDPA noted that Intellexa had failed to provide all the information requested by the HDPA during the auditing process,” the statement read.
The relationship between Intellexa and Cytrox is unknown.
“We remain laser-focused on stemming the proliferation of digital tools for repression,” said Bureau of Industry and Security Under Secretary Alan Estevez in a July 18 statement. “Considering the impact of surveillance tools and other technologies on international human rights, I am pleased to announce these additions to our Entity List.”
The latest bans on Intellexa and Cytrox are part of a “government-wide effort to counter the risks posed by commercial spyware,” the Commerce Department said.
In March, the White House issued an executive order prohibiting U.S. government use of commercial spyware that poses risks to national security or has been misused by foreign actors to enable human rights abuses.
The Biden administration has also released guiding principles on government use of surveillance technologies and is actively working with the governments of Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, and the UK, to ensure strict domestic and international controls regarding the misuse of commercial spyware.
