The Biden administration added two Europe-based hacking firms controlled by an Israeli former general to a Commerce Department blacklist on Tuesday, its latest effort to try to rein in a spyware industry that has spiraled out of control in recent years.
The two firms, Intellexa and Cytrox, are at the center of a political scandal in Greece, where government officials have been accused of using their hacking tools against journalists and political opponents.
Under the terms of the blacklist, American companies are largely prohibited from doing business with the designated firms, a move designed to starve them of the U.S. technology — such as servers and cloud storage — they need to continue operations. In November 2021, the White House blacklisted the Israeli firm NSO Group, the most well-known purveyor of hacking tools.
Both Intellexa and Cytrox are controlled by Tal Dilian, a former general in the Israeli military intelligence who was forced to retire from the Israeli Defense Forces in 2003 after an internal investigation raised suspicions that he had been involved in funds mismanagement, according to three former senior officers in the Israeli military.
He eventually moved to Cyprus, a European Union island nation that has become a favored destination in recent years for surveillance firms and cyberintelligence experts.
The Greek authorities launched an investigation last year into the use of Intellexa’s primary hacking tool, Predator, by the country’s spy agency. A separate investigation was launched after a New York Times report uncovered that Greece had licensed Predator to be exported to at least one African country, Madagascar.
Predator was primarily used against local politicians and journalists, but a Times investigation found that the spyware had also been used against a U.S. national who at the time was working as a manager for Meta while a Greek spy agency had a wiretap on her.
Like the better-known Pegasus, made by NSO, Predator spyware can penetrate mobile phones and extract videos, photos and emails, and can turn the phones into surveillance devices to spy on their users.
Europe has shown a limited appetite for accountability about the use of Predator and other tools, even as investigations have been launched into how the spyware was allowed to be deployed domestically and exported to countries that include Sudan and Madagascar.
The immediate impact of the decision to blacklist Mr. Dilian’s companies is unclear, especially if he is able to circumvent American restrictions by buying critical technology from other countries.
Unlike NSO, which is based in Israel, Mr. Dilian’s firms are not subject to Israeli regulations, and the former general was able to exploit the scandals surrounding the abuses of NSO’s Pegasus to his advantage. When the Israeli government began to limit the number of nations that NSO could sell its products to, Mr. Dilian filled the void by selling his competing spyware to those countries.
Mr. Dilian enters and leaves Israel as he chooses, and members of his team have been aggressive in trying to recruit top hackers from Israel-based firms. A significant number of hacking experts in Israel have recently received offers to work for Mr. Dilian’s firms, according to four people in the Israeli cyberindustry.
Earlier this year, the White House issued an executive order restricting federal agencies from using spyware tools that have been abused by governments to spy on dissidents, human rights activists and journalists. Days later, a group of nations at the Summit for Democracy signed a joint letter declaring their commitment to reining in the abuses of the hacking tools.
It is not a blanket ban. For instance, the White House has allowed the Drug Enforcement Administration to use another Israeli-made spyware product — known as Graphite — in its operations against drug traffickers.
Even with growing attention by Western governments to the dangers of commercial spyware, hacking tools have continued to proliferate. Speaking to reporters on Monday, a senior administration official said that one goal of the decision to blacklist the hacking firms was to scare off potential investors who might foresee profit in the industry.
Ronen Bergman contributed reporting from Tel Aviv, and Matina Stevis-Gridneff from Brussels and Athens.