Two more foreign spyware firms blacklisted by US
The Commerce Department announced Tuesday that it has blacklisted two manufacturers of spyware, including the company behind Predator, which has been used to spy on journalists, politicians and even a Meta employee.
The agency’s Bureau of Industry and Security (BIS) added the Greece and Ireland-based Intellexa and the Hungary- and North Macedonia-based Cytrox AD to its Entity List, which identifies companies and other organizations or individuals believed to threaten the national security or foreign policy interests of the United States.
Intellexa and Cytrox, which makes Predator, were added to the list because of their “trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide,” the Commerce Department said in a press release.
Once on the Entity List, companies expecting to do business in the U.S. must comply with strict licensing requirements and other rules to ensure better oversight of their operations. Intellexa and Cytrox will now have difficulty accessing commodities, software, and technology that helps them develop their surveillance tools, the agency said in a press release.
Predator was deployed against Meta security policy manager Artemis Seaford in 2021 at the behest of Greece’s national intelligence agency, as reported by The New York Times. Seaford’s work for Meta focused on cybersecurity policy issues and she was in frequent contact with European political officials, the Times reported.
“We remain laser focused on stemming the proliferation of digital tools for repression,” Alan Estevez, undersecretary of Commerce for industry and security, said in a prepared statement. “Considering the impact of surveillance tools and other technologies on international human rights, I am pleased to announce these additions to our Entity List.”
The Commerce Department noted that commercial surveillance tools have been used to repress dissidents and fuel human rights abuses. For example, the United Arab Emirates imprisoned human rights activist Ahmed Mansoor in 2017, holding him in isolation. NSO-produced Pegasus spyware was detected on Mansoor’s phone in 2016, immediately preceding his jailing.
In March President Biden issued an executive order barring U.S. departments and agencies from “operationally using commercial spyware tools that pose significant counterintelligence or security risks to the U.S. Government or significant risks of improper use by a foreign government or foreign person.”
Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.