The Commerce Department blacklisted two European cyber firms that build spyware software, the Commerce Department announced Tuesday, including technology hawked by both firms that was used to surveil Meta users and reportedly at least one Meta employee.
The software exploited vulnerabilities in Android and iOS software and deployed hundreds of spoof Meta accounts to surveil activists, politicians and journalists around the world.
The firms — Intellexa and Cytrox — were described jointly as traffickers of "exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide" in a Bureau of Industry and Security press release.
The companies were named together and collectively have subsidiaries in Greece, Ireland, Hungary and North Macedonia. Cytrox makes spyware called Predator, which has been used by dictatorial regimes to break into the cell phones of activists, politicians, and journalists, according to a 2021 analysis conducted by Citizen Lab.
Both have been added to Commerce's "Entity List," a highly onerous and restrictive export control list that prevents U.S. companies from supplying technology, data, or intellectual property to the named firms. Export-control restrictions have been unleashed with increasing frequency, as successive administrations have grappled with the immense power it gives the U.S. government over domestic and foreign companies.
Meta in December 2021 warned thousands of Facebook users that they'd been targeted by spyware-for-hire software, including Predator.
Intellexa's other espionage product, Nebula, is a social media data collection and analysis tool, billed as an essential product for law enforcement and intelligence agencies. Tal Dilian, Intellexa's founder, describes himself as an "intelligence expert" with over 25 years of experience in the Israel Defense Forces.
"Intellexa develops & integrates technologies empowering law enforcement agencies & intelligence agencies to collect & analyze data in the most advanced methods," Dilian's personal website says.
The New York Times reported extensively on Intellexa's Predator product, and the company's efforts to sell it to a Ukrainian intelligence agency. Intellexa's Predator was also used by Greek intelligence to spy on a Meta trust and safety employee, the Times reported.
The Biden administration has demonstrated an increased willingness to designate foreign companies and in doing so, effectively curb them from accessing any U.S. technology. The Trump administration used export controls to great effect against Huawei. Since then, Commerce Department officials have added highly advanced semiconductor and networking technology to the export control lists, and prevented Chinese and Russian entities from obtaining that tech.