Amid a variety of rocky disagreements between the US and Israel, the US State Department on Tuesday formally sanctioned an ex-Israeli intelligence officer and current CEO of cyber spyware firm Intellexa and related entities.
In 2021, the US Commerce Department issued a wide blacklist to stop Israeli cyber offense companies from doing business in the US, but that list did not prevent travel to America and would not result in sanctions against companies and countries globally doing business with those firms outside of the US.
In July 2023, Intellexa was added to that initial blacklist of Israeli spyware entities.
NSO Group was also on that list but has maintained strong business relationships in Europe.
In contrast, Tuesday’s sanctions from the State Department against former Israeli intelligence officer Tal Dilian, associate Sara Aleksandra Fayssal Hamou (Hamou), and three of Dilian’s entities, are far broader and more severe.
According to the State Department, “Dilian is the founder of the Intellexa Consortium and is the architect behind its spyware tools. The consortium is a complex international web of decentralized companies controlled either fully or partially by Dilian, including through Sara Aleksandra Fayssal Hamou.
“Hamou is a corporate off-shoring specialist who has provided managerial services to the Intellexa Consortium, including renting office space in Greece on behalf of Intellexa S.A. Hamou holds a leadership role at Intellexa S.A., Intellexa Limited, and Thalestris Limited,” said the State Department.
Formally, the latest sanctions are the implementation of a decision issued in early February about a readiness to confront Israeli offense spyware firms that cross certain boundaries in their business that the US views as beyond the pale in allegedly undermining human rights and democratic values.
Informally, this latest decision comes shortly after Washington also sanctioned some Israeli settler activists for alleged violent activities.
It also comes as the countries have been at loggerheads for around a month over Prime Minister Benjamin Netanyahu’s refusal to endorse American ideas about how to manage Gaza post-war as well as the timing for ending the war.
Dilian has been the target of allegations for years
Since around mid-2022, Dilian’s Intellexa and associated entities have been making major headlines in the news, usually with hard-hitting allegations.
Like many of those who have run NSO, Dilian is a graduate of Israeli Military Intelligence.
In an extensive Lawfare blog post on March 24, 2023, Winnona DeSombre Bernsen – who spent five years in the cyber threat intelligence industry tracking nation-state and criminal cyber threats (at Google and Recorded Future) – detailed how Dilian stepped into areas of NSO’s business that it had to shed to avoid additional ire from Washington.
Dilian was once a founder of an NSO subsidiary, but went his own way almost a decade ago and created Intellexa. Dilian has been accused of not bothering with even the partial measures that NSO may have tried to use to mitigate human rights violations – or at least to mitigate the company’s exposure to its clients violating rights.
According to many reports and even some official criminal probes in Greece, Dilian has used a mix of hacking technologies and psychological warfare on behalf of many of the countries that NSO eventually cut off because they abused its hacking tools. He has also, according to those reports, done business with other autocratic governments that NSO deemed too volatile even before any governments were in its face.
According to one account, both Dilian and NSO set up booths in the UAE at one of the various recent security conferences there. As representatives of autocratic country after country were told by NSO representatives that they were not even allowed to speak to them, client after client then disappeared into Dilian’s booth for extended conversations.
In an extensive report by the Carnegie Endowment for International Peace from March 14, 2023, Dilian’s talent at making it either hard or impossible to track and penalize Intellexa was clearly highlighted.
With the Carnegie Endowment quoting the Lighthouse Reports, it noted that “three companies called Intellexa were registered, in Greece, Ireland, and the British Virgin Islands. All three were owned by an Irish holding company,
Thalestris. As Inside Story dug into company registers in Greece and Cyprus, they found that Thalestris also controlled companies named Apollo, Hermes, Mistrona, Dernova, Lorenco, and Feroveno – some of which were seemingly registered to a rubble-strewn vacant lot in downtown Limassol.”
Furthermore, “Thalestris, in turn, was partly dependent on money from another Virgin Islands entity, Chadera Enterprises, which – behind a veil of anonymity – was ultimately controlled by Dilian and two of his associates.”
The Carnegie Endowment report also said at the time that the EU was hopelessly split between countries that are trying to start to move toward greater oversight of cyber offense firms on one side, versus countries such as Bulgaria, Cyprus, Greece, Hungary, Italy, and Malta, which are havens for spyware companies and are often trying to attract more such firms.
As a result of such firms changing corporate names and country headquarters, when law enforcement focuses on individual companies and individual countries, enforcement becomes a futile game of whack-a-mole. Either the founders behind the company, or some portion of the company’s employees with a sufficient mix of technical and sales talent, will generally regroup under a new name or in a new place, leaving regulators scratching their heads.