Leaked training materials suggest that Intellexa maintained the ability to remotely access systems of clients using its Predator spyware, raising significant human rights concerns, according to an investigation published Thursday. This revelation comes amidst a cascade of new research shedding light on the spyware vendor’s operations.
The findings about Intellexa’s remote access capabilities were part of a joint investigation by Inside Story, Haaretz, and WAV Research Collective, in partnership with Amnesty International. Concurrently, Google and Recorded Future also released their independent findings on the company’s activities. These probes collectively paint a detailed picture of the surveillance technology landscape.
Intellexa Leaks Uncover Remote Access and Exploitation Tactics
The investigation, dubbed “Intellexa Leaks,” revealed that the U.S.-sanctioned company possibly retained direct or indirect control over Predator spyware deployments. This capability would allow Intellexa to monitor surveillance operations and gain insights into targeted individuals.
“If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware,” stated Jurre van Bergen, a technologist at Amnesty International Security Lab, in a news release. This suggests potential legal ramifications for the company if misused its technology.
Advanced Exploitation Methods and Targeting
Further details from the investigation highlighted Intellexa’s methods for infecting targets, including the use of malicious mobile advertisements under a tactic known as “Aladdin.” This method leverages the online advertising ecosystem to deliver the spyware.
The research also confirmed that Predator spyware infrastructure was mimicking legitimate news websites in Kazakhstan to deceive and infect users. Additionally, new evidence has linked the spyware to the surveillance of prominent Egyptian political activist Ayman Nour and Greek investigative journalist Thanasis Koukakis, according to Amnesty International.
The probes also documented the first reported Predator infection in Pakistan, which targeted a human rights lawyer. Additional instances of targeting within the country were also identified by the researchers.
Company’s Response and Broader Technical Proficiencies
A lawyer representing Intellexa founder Tal Dilian partially responded to inquiries from Haaretz. The attorney characterized groups releasing such reports as relying on “biased and politically motivated international organizations” and stated that journalists were used as “useful idiots.”
The lawyer further asserted, “I have not committed any crime nor operated any cyber system in Greece or anywhere else. Any claim suggesting otherwise is false and defamatory.” The statement unequivocally rejected any association with events in Greece or related media campaigns, and indicated the pursuit of legal action against defamation.
Meanwhile, Google’s Threat Intelligence Group reported that Intellexa has established itself as a prolific spyware vendor, particularly in its exploitation of zero-day vulnerabilities in mobile browsers. Despite ongoing efforts by security researchers and platform providers to patch these flaws, Intellexa has demonstrated persistence in adapting and utilizing new exploits.
Google also identified specific companies Intellexa created to infiltrate advertising ecosystems, leading to the subsequent shutdown of associated accounts by its partners. In addition to the exploitation of mobile browsers, Recorded Future’s Insikt Group identified connections between individuals and groups involved in technical, operational, and corporate roles within Intellexa’s network. This research has also uncovered ongoing Predator spyware activity in new locations, including Iraq.
Future Outlook and Uncertainties
The recent coordinated investigations and the U.S. sanctions against Intellexa signal increased scrutiny of spyware vendors. The next steps are likely to involve further legal and governmental actions, as well as continued efforts by researchers to uncover the extent of Predator’s reach and impact. The adaptability of Intellexa in finding new exploitation vectors remains a significant concern for cybersecurity professionals and human rights advocates.