An officially sanctioned spyware dealer was still able to maintain remote, real-time visibility of the actions of government agents who were surveilling citizens as recently as March 2019, a revelation that has raised urgent questions about how the commercial hacking industry is operationalized and overseen.
Media partners: Surveillance Giants. This project is a collaboration between The Guardian, The Times and Süddeutsche Zeitung.
Amnesty International’s Security Lab, working with our media partners including Haaretz, Inside Story and Inside IT, says leaked training footage reveals Intellexa staff members used TeamViewer to log into a customer’s Predator system control panel, viewing data extracted from compromised phones — photos, messages and other exfiltrated content — which indicates the vendor could monitor live targeting activity.
What the Leaks Reveal About Predator Live Access
Amnesty says the training video shows Predator’s internal dashboards, as operators try an infection against their real-world targets, in one case Kazakhstan. That material includes a link for one-time infection, the IP address of the target, and software versions of the device — details that should dwell only in a live system.
An Amnesty staffer on the call asked whether the environment being used was a demo, and the instructor said no and that it was a live customer deployment. While spyware peddlers frequently employ remote desktop tools for troubleshooting purposes, the footage appears to indicate regular and unfettered access that far exceeds ad hoc support.
Intellexa did not respond to requests for comment in the reports cited by Amnesty’s partners. A lawyer for its founder, Tal Dilian, has denied that there was anything criminal behind Predator’s creation and challenged claims linked to how it was used.
Why Remote Vendor Access to Spyware Systems Matters
Commercial spyware companies have long argued they don’t see what their government clients see, arguing for “on-premises” deployments and a clean separation to ward off legal liability and exposure to sensitive investigations. Companies such as the NSO Group have said over and over again that they cannot view client systems or targeted data.
If a vendor can come online at any time — even through generic remote-access tools — that negates one of our main industry’s security assurances. There are also chain-of-custody and evidentiary risks, as third-party visibility might complicate prosecutions and lead to data leaks. The harm for the victims is compounded: their private data isn’t just in a government’s possession, but may be available to a foreign commercial actor with its own security vulnerabilities.
The revelation also raises the specter of a managed-service model in wolf’s clothing, per se, as pure on-prem. The blurred line is important for regulators, auditors and courts weighing whether agencies are indeed farming out pieces of their targeting workflows to private vendors in a constructive way.
Intellexa and Predator: Background, Use and Scrutiny
Predator, born out of an alliance between Intellexa and Cytrox, has been involved in politically sensitive operations throughout the world. There were investigations in Greece that exposed that the targets of Predator included a leading investigative journalist and an opposition leader, which led to a domestic embarrassment and EU scrutiny about where these drones are going and who they’re killing. Google’s Threat Analysis Group has noted Predator delivery chains taking advantage of browser and mobile zero-days, which are frequently delivered via transient single-click links.
In 2021, Meta took down hundreds of accounts linked to Cytrox in a larger sweep against surveillance-for-hire networks. Since then, the University of Toronto’s Citizen Lab and Amnesty’s Security Lab have connected Predator campaigns to a wide range of jurisdictions, showing an active playbook of precision lures, fast infrastructure turnover, and exploit chains deployed against both Android and iOS devices.
Regulators have responded. In 2023, Intellexa and Cytrox entities were added by the U.S. Commerce Department to its Entity List, which restricted access to U.S. technology. In 2024, the U.S. Treasury slapped sanctions on Intellexa founder Tal Dilian and a partner for using the spyware against Americans, including government officials and journalists. These steps keep business with listed companies out of reach for U.S. people and together increase friction in banking and trade networks around the world.
Security and Policy Ripple Effects for Spyware Oversight
“If the claim about TeamViewer access holds water with authorities, it would argue for stringent acquisition policies that prohibit vendors from seeing operating systems or other system elements,” said Ponemon. “It would require independent auditing on a periodic basis and attribution to source code exploits as part of the software development process, including how they are managed throughout their lifecycle.” It could also fuel calls for a moratorium on the purchase of commercial spyware in cases where agencies fall short of human rights and due process standards.
For the larger ecosystem, the leak shines a spotlight on security debt accrued through zero-day supply chains. Both Google and Apple have shipped countless emergency patches for the in-the-wild exploitation of bugs attributed to commercial vendors, and researchers record dozens of zero-days like this each year. When a vendor also has continued remote access to customer systems, the blast radius of any compromise expands even more — from agency networks all the way into the vendor’s own support infrastructure.
What Comes Next for Regulators, Vendors and Targets
Moore expects that the U.S. and EU regulators will use this incident as a reason for implementing more stringent controls, like licensing, export limitations and compliance attestations that make remote vendor access the exception to the rule.
Parliamentary inquiries and data protection agencies in Predator-deploying countries may request logs, chain-of-custody records, and victim notification plans. Civil litigation brought by targets may serve as a test of whether the agencies knew vendors could view their data.
For the agencies that are still buying Windows-based hacking tools off the shelf, it is a blunt message: if your vendor can watch you hack in live cases, you may be putting at risk investigations and sources and the rights of those whom you spy on.
For would-be victims, the findings confirm a harsh fact of life in the spyware market — compromise doesn’t often stop at one door.