According to TechCrunch, new evidence published by Amnesty International on Thursday reveals that sanctioned spyware maker Intellexa had remote access to some of its government customers’ live surveillance systems. The findings, based on leaked internal documents and a training video, show company staffers could use TeamViewer to view the personal data—including photos and messages—of people whose phones were hacked with Intellexa’s Predator spyware. The leaked video reportedly showed details from a live infection attempt against a target in Kazakhstan in 2024. Intellexa founder Tal Dilian, who is under U.S. sanctions, denied any wrongdoing through his lawyer. The U.S. Treasury sanctioned Dilian and a business partner earlier in 2024, marking the first time the U.S. targeted an individual in the spyware industry.
Why this is a big deal
Here’s the thing: the entire business model of companies like Intellexa and NSO Group is built on a firewall. They sell the tool, but they swear up and down they never touch the data. It’s a crucial legal and ethical fig leaf. The vendor avoids liability for how the spyware is used, and the government customer keeps its investigations secret from a private, often foreign, company. This leak blows that premise to pieces.
If Amnesty’s analysis is correct—and they seem pretty convinced, with their researcher noting an instructor in the video confirmed it was a live system—it means Intellexa employees could literally watch a government’s surveillance operations in real time. Think about the implications. A journalist or activist being targeted in Kazakhstan? Their intimate data wasn’t just flowing to some intelligence agency. It was potentially visible to sales engineers or support staff in Greece or Israel. The privacy violation is layered and profound.
Skepticism and security failures
Now, not everyone’s buying it. Another spyware CEO, Paolo Lezzi of Memento Labs, told TechCrunch he was skeptical. He figured it was probably just a demo environment. He also said that while customers sometimes offer access for tech support, it’s strictly supervised and temporary. His point is: no government agency in its right mind would allow this.
But that’s the rub, isn’t it? Maybe some agencies didn’t know. Or maybe Intellexa, with its founder described as moving “like an elephant in a crystal shop,” just didn’t care about the norms. The leak itself, full of internal documents and videos, is another massive security failure. This is a company that can’t keep its own secrets, yet it had a front-row seat to the secrets of hacked individuals and the governments targeting them. It’s a staggering lack of operational security on every level.
The bigger picture and sanctions
This all feeds into the growing, and messy, geopolitical crackdown on commercial spyware. The U.S. sanctions against Tal Dilian personally were a landmark move. They’re trying to make him a financial pariah. But the leaks show his company was apparently still active, training customers and accessing systems even after that hammer came down.
Dilian’s response to Haaretz, calling journalists “useful idiots” in a campaign fed to the Biden administration, is classic deflection. It ignores the substance of the evidence—the actual screenshots and video details published by Amnesty’s Security Lab. The reporting consortium, including Haaretz, Inside Story, and Inside IT, has put a glaring spotlight on the shadowy mechanics of this industry.
So where does this leave us? It exposes the inherent risks of outsourcing state-level hacking to for-profit companies. The chain of custody for the world’s most sensitive data gets hopelessly blurred. And it raises a brutal question for any agency that bought Predator: who was really watching you, while you were watching your targets?
