Angolan Journalist Hacked: Intellexa Spyware 'Predator' Targets iPhone, Raising Global Concerns
A prominent Angolan journalist, Teixeira Cândido, has become the latest victim of sophisticated phone hacking, attributed to spyware developed by Intellexa, a company recently sanctioned by the U.S. government. Amnesty International’s latest report details how a government customer of Intellexa deployed the 'Predator' spyware against Cândido via malicious links sent through WhatsApp in 2024. This incident underscores the growing threat posed by commercial spyware to journalists, activists, and ordinary citizens worldwide, and highlights the challenges in regulating this increasingly powerful technology. The case also reignites debate surrounding the efficacy of sanctions against companies like Intellexa and their ability to circumvent export laws.
The Targeting of Teixeira Cândido: A Detailed Look
Teixeira Cândido, a well-known journalist and press freedom advocate in Angola, was subjected to a targeted attack involving a series of malicious links delivered via WhatsApp. Amnesty International’s investigation revealed that Cândido ultimately clicked on one of these links, leading to a successful compromise of his iPhone with Intellexa’s 'Predator' spyware. The attack demonstrates the ease with which sophisticated surveillance tools can be deployed against individuals, even with relatively basic security practices.
The researchers meticulously analyzed forensic traces on Cândido’s phone, linking the intrusion to Intellexa through the identification of infection servers previously associated with the company’s spyware infrastructure. Interestingly, the hack occurred despite Cândido’s iPhone running an outdated version of iOS, suggesting that 'Predator' possesses capabilities to exploit vulnerabilities in older software versions. This raises concerns about the security of devices that are no longer receiving official software updates.
How Predator Operates: Stealth and Evasion
Amnesty International’s report details how 'Predator' operates with a high degree of stealth. The spyware disguises itself as legitimate iOS system processes, effectively evading detection by standard security measures. This sophisticated technique allows it to remain active on a compromised device for extended periods, silently collecting sensitive data. The ability to mimic system processes is a key characteristic of advanced spyware, making it significantly harder to identify and remove.
After clicking the malicious link and subsequently rebooting his phone, Cândido unknowingly wiped the spyware from his device. However, the initial compromise allowed the attackers to potentially access a wealth of information, including communications, contacts, location data, and potentially even encrypted messages. The duration of access before the reboot remains a critical unknown.
Intellexa: A Controversial Spyware Vendor
Intellexa has emerged as one of the most controversial players in the commercial spyware industry. The company operates across multiple jurisdictions, employing an “opaque web of corporate entities” – as described by a U.S. government official – to obscure its activities and circumvent international export laws. This complex structure makes it difficult to track the company’s operations and hold it accountable for the misuse of its technology.
In 2024, the outgoing Biden administration imposed sanctions on Intellexa, its founder Tal Dilian, and business partner Sara Aleksandra Fayssal Hamou, citing the company’s involvement in developing and deploying spyware used to target individuals globally. However, the Treasury Department later lifted sanctions against three other Intellexa executives, a decision that prompted criticism from Senate Democrats demanding further explanation. This highlights the complex political considerations surrounding sanctions and their potential impact on national security and international relations.
Past Abuses of Predator Spyware
The targeting of Teixeira Cândido is not an isolated incident. Evidence of 'Predator' spyware abuse has surfaced in several countries, including:
- Egypt: Reports indicate widespread use of 'Predator' against journalists, human rights activists, and political opponents.
- Greece: The spyware was allegedly used to monitor prominent political figures and journalists.
- Vietnam: Evidence suggests the Vietnamese government targeted U.S. officials via links sent on X (formerly Twitter).
- Pakistan: Investigations have revealed the use of 'Predator' against political dissidents and journalists.
These cases demonstrate a pattern of governments utilizing commercial spyware to suppress dissent, monitor political opponents, and stifle freedom of expression. The global reach of 'Predator' and its potential for abuse raise serious concerns about the erosion of democratic values and human rights.
The Angola Connection: Identifying the Customer
While Amnesty International has definitively linked the attack on Teixeira Cândido to Intellexa’s 'Predator' spyware, identifying the specific government customer responsible remains a challenge. Researchers discovered multiple domains linked to the spyware maker being used in Angola, with the first deployments dating back to March 2023, suggesting early testing or deployment of the technology in the country.
“It is not currently possible to conclusively identify the customer of the Predator spyware in the country,” the Amnesty International report states. The lack of transparency surrounding the sale and deployment of commercial spyware makes it difficult to trace the technology back to its ultimate user. This opacity allows governments to engage in surveillance activities without accountability.
Intellexa’s Remote Access Capabilities: A Troubling Leak
Leaked internal documents from Intellexa, revealed by Amnesty International and other media organizations, exposed the company’s ability to remotely access customers’ systems. This capability potentially grants Intellexa visibility into government surveillance operations, raising concerns about the company’s role in facilitating and even participating in human rights abuses. The leak further fueled criticism of Intellexa and its business practices.
The revelation that Intellexa employees could remotely access customer systems underscores the inherent risks associated with commercial spyware. It raises questions about the company’s oversight of its customers and its responsibility for ensuring that its technology is not used for malicious purposes. This access also creates a potential security vulnerability, as it could allow unauthorized parties to gain access to sensitive surveillance data.
The Broader Implications and Future Concerns
The case of Teixeira Cândido and the continued proliferation of commercial spyware like 'Predator' highlight the urgent need for greater regulation and oversight of this industry. Donncha Ó Cearbhaill, head of the security lab at Amnesty International, emphasizes the scale of the problem: “We’ve now seen confirmed abuses in Angola, Egypt, Pakistan, Greece, and beyond — and for every case we uncover, many more abuses surely remain hidden.”
The current regulatory landscape is inadequate to address the challenges posed by commercial spyware. Governments must work together to establish clear rules governing the development, sale, and deployment of these technologies. This includes:
- Strengthening export controls: Preventing the sale of spyware to governments with poor human rights records.
- Increasing transparency: Requiring companies to disclose information about their customers and the intended use of their technology.
- Holding companies accountable: Imposing sanctions on companies that knowingly sell spyware to governments that abuse it.
- Supporting independent research: Funding investigations into the use of commercial spyware and its impact on human rights.
The Angolan journalist hacking incident serves as a stark reminder of the threats posed by unchecked surveillance technology. Protecting journalists, activists, and ordinary citizens from these abuses requires a concerted effort from governments, civil society organizations, and the technology industry. The future of digital freedom and human rights depends on it. The ongoing debate surrounding Intellexa and similar companies, as reported by GearTech and other leading tech news sources, will undoubtedly shape the future of this critical issue.