Earlier this week, the U.S. government made a groundbreaking move by announcing sanctions against Tal Dilian, the founder of a controversial government spyware maker, and his business associate, Sara Aleksandra Fayssal Hamou.
The sanctions were imposed due to allegations that Dilian and Hamou developed and sold spyware that was used to target Americans, including U.S. government employees, policy experts and journalists, leading to human rights violations worldwide. This marks a significant shift in the U.S. government’s approach, as they have previously targeted spyware companies rather than the individuals behind them.
The news of the sanctions has sent shockwaves through the spyware industry, with former insiders expressing their concerns. One former head of a spyware company that sold to governments described the sanctions as “big.” While he remained anonymous, he emphasized that his former company had always followed regulations and operated ethically, unlike Dilian and his company Intellexa, which was also sanctioned. According to the former spyware head, Dilian was willing to sell to anyone who could pay, without considering the potential consequences.
It appears that Dilian’s actions caught the attention of the U.S. government when he attempted to circumvent the restrictions imposed on his company in 2023. The Biden administration had added Intellexa and Cytrox, Dilian’s companies, to the “entities list,” which prevented U.S. businesses and individuals from exporting certain goods, including software, to these companies. This move seemed to have angered the Americans, as it indicated a disregard for the regulations in place.
Another former industry insider described Dilian as someone who “moves like an elephant in a crystal shop,” suggesting that his activities were not discreet but rather brazen. The person expressed relief at having left the industry, acknowledging that times have changed.
A third individual working in the spyware industry noted that the sanctions against Dilian and Hamou should prompt the entire market to reflect on its practices. The person highlighted the risks involved in the industry, stating that even a serious company can never be 100% certain about how its customers will act or the political developments that may ensnare them.
Prior to these recent sanctions, the U.S. government had taken action against spyware makers by imposing travel bans and visa restrictions on those involved in facilitating or enabling abuses with spyware. In 2021, the U.S. Department of Commerce added NSO Group, an Israel-based spyware maker, to its blocklist due to documented cases of its tools being used against journalists, politicians, dissidents, and human rights defenders in various countries. Two years later, Cytrox and Intellexa were also added to the same list. Given that Intellexa, NSO Group, and Candiru were all added to the denylist, it is reasonable to assume that the founders and executives of these other companies may also become targets for the U.S. government. However, it remains unclear whether they are concerned about the potential consequences.
Efforts to reach Dilian for comment were unsuccessful, and Hamou did not respond to a request for comment. The impact of being added to the entities list, which restricts certain exports, was previously mischaracterized in this story.
The sanctions against Dilian and Hamou serve as a warning to the spyware industry as a whole. The U.S. government’s direct targeting of individuals running spyware companies indicates a shift in approach and a determination to hold those responsible accountable for their actions. As the industry grapples with this new reality, it must confront the ethical implications of its products and the potential harm they can cause.
