Sanctioned spyware developer Intellexa was able to directly reach individuals targeted by government surveillance, according to researchers

Intellexa Staff Allegedly Had Remote Access to Government Surveillance Systems

According to newly released findings from Amnesty International, employees of spyware developer Intellexa reportedly had the ability to remotely access surveillance platforms operated by some of their government clients. This access allowed Intellexa personnel to view private information belonging to individuals whose devices were compromised by the company’s Predator spyware.

On Thursday, Amnesty International, in collaboration with media outlets such as Haaretz (Israel), Inside Story (Greece), and Inside IT (Switzerland), unveiled a series of investigative reports. These reports draw on leaked Intellexa materials, including internal documents, marketing presentations, and training videos.

Leaked Training Video Reveals Remote Access

The most significant disclosure suggests that Intellexa staff could connect to customer surveillance systems using TeamViewer, a widely available remote desktop application. This was demonstrated in a leaked training video, which showcased privileged areas of the Predator spyware platform—such as its main dashboard and a storage system containing photos, messages, and other sensitive data collected from surveillance targets. Amnesty International published screenshots from this video, though the full footage was not released.

Amnesty’s researchers noted that the video appeared to show “live” attempts to infect real targets with Predator, including details from at least one operation in Kazakhstan. The video displayed the infection link, the intended victim’s IP address, and the software versions of their device.

The screenshot above depicts the dashboard of a surveillance system used by an Intellexa client, highlighting the types of personal information accessible to both customers and Intellexa support staff.

Industry Practices and Security Concerns

Historically, companies that supply spyware to governments—such as NSO Group and the now-defunct Hacking Team—have insisted they do not have access to their clients’ surveillance data or systems. This stance is motivated by legal liability concerns and a desire to place responsibility for spyware use solely on the customer. Government agencies, in turn, are reluctant to share sensitive investigative details with private companies, especially those based abroad.

Paolo Lezzi, CEO of spyware firm Memento Labs, told TechCrunch that this kind of remote access is highly unusual in the industry. “No government agency would allow it,” he stated, expressing doubt that the leaked video showed a real customer’s live system. Lezzi suggested it might have been a demonstration environment for training purposes. He added that while some clients have requested Memento Labs to access their systems for technical support, such access is strictly limited, supervised, and temporary.

Dispute Over the Nature of the Leaked Video

Amnesty International maintains that the leaked footage does indeed show access to active Predator surveillance systems. Donncha Ó Cearbhaill, head of Amnesty’s security lab, explained that during the training call, a participant asked if the environment was a demo, and the instructor confirmed it was a live customer system. This revelation raised significant concerns for Amnesty regarding the privacy and security of surveillance targets.

“These findings only heighten the worries of those who may be under surveillance. Not only is their sensitive information exposed to government or other spyware clients, but it is also at risk of being accessed by a foreign company with questionable data security practices,” Amnesty stated in its report.

Intellexa’s Response and Industry Fallout

Intellexa did not respond to requests for comment. However, a lawyer representing the company’s founder, Tal Dilian, told Haaretz that Dilian “has not committed any crime nor operated any cyber system in Greece or elsewhere.”

Dilian is a controversial figure in the government spyware sector. One industry veteran described him to TechCrunch as someone who “moves like an elephant in a crystal shop,” suggesting he is unconcerned about keeping his activities discreet. “In this field, you need to be extremely careful and balanced, but he didn’t care,” the source added.

In 2024, the U.S. government imposed sanctions on Tal Dilian and his business associate, Sara Aleksandra Fayssal Hamou, after allegations that Intellexa’s spyware was deployed against Americans, including government officials, journalists, and policy experts. These sanctions prohibit U.S. entities and citizens from engaging in business with Dilian and Hamou. This marked the first time the U.S. targeted an individual in the spyware industry, having previously taken action against companies like NSO Group.

In his response to Haaretz, Dilian accused journalists of being “useful idiots” in what he described as a coordinated effort to damage his reputation and business, claiming this campaign was “fed into the Biden administration.”