On Sept. 17, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned five individuals and one entity for their role in developing, operating, and distributing commercial spyware technology that “presents a significant threat to the national security of the United States,” according to Treasury.
The five individuals were executives of the Intellexa Consortium, which is responsible for the Predator commercial spyware platform, and a web of associated entities. The sanctioned entity was a British Virgin Islands-based company that facilitated “tens of millions of dollars of transactions.”
The threat of Predator
Once Predator resides on an any iOS or Android device, it opens access to the device’s camera, microphone and all of the data that resides within it, such as contacts, images, video, files and messaging content.
Predator’s infrastructure continues to evolve in order to evade detection and to accommodate the needs of operators using the platform in specific countries in Africa and the Middle East; according to an analysis by Insikt Group reported by Recorded Future.
According to Insikt Group, Predator poses privacy and security risks. Its users target “high-profile individuals like politicians and executives.” The Group recommends following basic cybersecurity best practices to defend against attacks through the Predator platform, including device updates offered by device suppliers, use of mobile device management systems, and using device lockdown modes.
Spyware finds its way into the everyday devices of innocent individuals in many ways, disguised as legitimate apps or completely invisible. According to Insikt Group, Predator uses “both ‘one-click’ and ‘zero-click’ attack vectors, exploiting browser vulnerabilities and network access to install itself on targeted devices.”
Because Predator is reportedly expensive to license, attackers tend to use it against high value “strategic” targets that can yield valuable intelligence.
Concerted US government effort
Treasury’s initiatives complement other U.S. government actions against commercial spyware vendors, including previous sanctions against individuals and entities associated with the Intellexa Consortium; the Department of Commerce’s addition of commercial spyware vendors to its Entity List of cyber-exploit actors; and the Department of State’s visa ban policy targeting those who misuse or profit from the misuse of commercial spyware, subsequently exercised on thirteen individuals.
The Treasury Department positioned its actions as part of a US “commitment to countering the exploitation of Americans’ sensitive data and digital authoritarianism.”
In a prepared statement, the Treasury Department said that “These measures reflect the U.S. Government’s commitment to use all available tools and authorities, including sanctions as well as export controls and visa restrictions, to counter the misuse of such sophisticated surveillance technology.”
Further reading
Treasury sanctions enablers of the Intellexa commercial spyware consortium. Press release. September 17, 2024. US Department of Treasury.
Predator Spyware Infrastructure Returns Following Exposure and Sanctions. Article. September 5, 2024. by Insikt Group, published by Recorded Future.
Global: ‘Predator Files’ spyware scandal reveals brazen targeting of civil society, politicians and officials. Article. October 9, 2023. Amnesty International
US expands sanctions against backers and sellers of Predator spyware. Article. September 17, 2024. The Washington Post
Executive Order (E.O.) 14093 to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security. Policy Statement. March 27, 2023. Presidential Actions. The White House
Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware. Policy Statement. March 18, 2024. Presidential Actions. The White House
Guiding Principles on Government Use of Surveillance Technologies. Policy document. March 30, 2023. US Department of State.
Why it matters
The actions were among U.S. Government efforts to counter the proliferation and misuse of commercial spyware, as presented in policy statements by the White House and the US State Department (linked above). The spyware operation targeted by this Treasury action played at a varsity level.
“The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards.”