ICE acquires Israeli spyware capable of hacking phones and encrypted apps

ICE has reactivated a $2M contract for Israeli spyware Graphite, sparking fears of civil liberties after previous cases of misuse

Under Trump, ICE has seen its operations and powers vastly expanded [Getty] US Immigration and Customs Enforcement (ICE) are moving ahead with a multimillion-dollar contract for powerful Israeli-made spyware capable of hacking phones and encrypted messaging apps, drawing criticism from civil liberties groups and surveillance experts.

The $2 million deal with Paragon Solutions, the Israeli firm behind the Graphite spyware suite, was initially signed under the Biden administration in late 2024 but paused amid compliance reviews over privacy and security concerns.

According to The Guardian, the Trump administration has now lifted the pause, restoring ICE’s access to the tool and sparking a fresh debate over government surveillance powers.

Paragon’s Graphite software allows agencies to remotely penetrate smartphones, access encrypted applications such as WhatsApp and Signal, extract data, and even covertly activate microphones to turn devices into listening tools.

Critics warn the technology gives unprecedented surveillance capabilities to US immigration authorities at a time of heightened political and public scrutiny over civil liberty abuses by ICE.

The Washington Post reported that the pause was lifted following changes in Paragon’s ownership structure and the completion of federal regulatory reviews. The decision comes despite mounting evidence from rights groups and cybersecurity researchers about the risks of misuse, including against journalists and activists.

Earlier this year, researchers at the Citizen Lab, a cybersecurity watchdog based at the University of Toronto, discovered Graphite had been used to target the devices of journalists in Italy, including reporters from Fanpage.it, prompting a European investigation.

Italian officials denied any wrongdoing, but the revelations highlighted the growing global market for so-called "mercenary spyware" and the lack of transparency surrounding its deployment.

Related As ICE raids rise across US, attorney warns people to prepare

US affairs Brooke Anderson In Washington, civil liberties advocates have expressed alarm over the implications of ICE regaining access to such invasive technology. Nadine Farid Johnson, policy director at the Knight First Amendment Institute at Columbia University, urged lawmakers to act.

"Reports that ICE has renewed its contract with spyware vendor Paragon compounds the civil liberties concerns," Johnson said in a statement last week.

"Spyware like Paragon’s Graphite poses a profound threat to free speech and privacy. Congress must step in to impose clear limits and safeguards before these tools are used in ways that undermine constitutional rights."

The Guardian reported that ICE officials have defended the contract, insisting the spyware is used strictly for law enforcement purposes, such as targeting transnational criminal networks and human trafficking operations.

However, critics point to the lack of independent oversight mechanisms and the absence of public information about how frequently or against whom the software is deployed.

The Washington Post added that the reactivation of the Paragon deal may signal a more permissive stance by the Trump administration toward domestic surveillance technologies.

Past controversies over the use of spyware such as Pegasus, developed by the Israeli firm NSO Group, have already prompted calls for stricter regulation. The Biden administration previously blacklisted NSO after its tools were linked to the hacking of US diplomats’ phones.

Under Trump, ICE has seen dramatically expanded powers and funding, fuelling concerns about its growing politicisation.

Critics point to sweeping arrests, including of non-criminal migrants, and the use of tactics once considered off-limits, such as unmarked vehicles and plainclothes agents. Civil liberties groups warn that without oversight, the agency risks becoming a tool of political intimidation rather than law enforcement, especially with access to powerful surveillance technologies.

Clearview AI built a massive facial recognition database by scraping 30 billion photos from Facebook and other social media platforms without users' permission, which law enforcement has accessed nearly a million times since 2017[^1].

The company markets its technology to law enforcement as a tool "to bring justice to victims," with clients including the FBI and Department of Homeland Security. However, privacy advocates argue it creates a "perpetual police line-up" that includes innocent people who could face wrongful arrests from misidentification[^1].

Major social media companies like Facebook sent cease-and-desist letters to Clearview AI in 2020 for violating user privacy. Meta claims it has since invested in technology to combat unauthorized scraping[^1].

While Clearview AI recently won an appeal against a £7.5m fine from the UK's privacy watchdog, this was solely because the company only provides services to law enforcement outside the UK/EU. The ruling did not grant broad permission for data scraping activities[^5].

The risks extend beyond law enforcement use - once photos are scraped, individuals lose control over their biometric data permanently. Critics warn this could enable:

• Retroactive prosecution if laws change
• Creation of unauthorized AI training datasets
• Identity theft and digital abuse
• Commercial facial recognition systems without consent[^1]

Sources:

[^1]: Business Insider - Clearview AI scraped 30 billion images from Facebook and other social media sites

[^5]: BBC - Face search company Clearview AI overturns UK privacy fine

U.S. Immigration and Customs Enforcement (ICE) signed a contract last year with Israeli spyware maker Paragon worth $2 million.

Shortly after, the Biden administration put the contract under review, issuing a “stop work order,” to determine whether the contract complied with an executive order on commercial spyware, which restricts U.S. government agencies from using spyware that could violate human rights or target Americans abroad.

Almost a year later, when it looked like the contract would just run out and never become active, ICE lifted the stop work order, according to public records.

Meta Malvertising Campaign Spreads Android Crypto-Stealing Malware

A sophisticated malvertising campaign targeting Meta's ad network has expanded from Windows to Android users worldwide, deploying an advanced version of the Brokewell malware disguised as TradingView's premium app[^1].

Since July 22, 2025, cybercriminals have launched over 75 malicious Facebook ads, reaching tens of thousands of users across the European Union[^1]. The campaign tricks victims into downloading a malicious APK from fake domains that mimic TradingView's official website.

The malware, an enhanced strain of Brokewell, functions as both spyware and a remote access trojan (RAT) with capabilities including:

• Cryptocurrency theft (BTC, ETH, USDT)
• SMS interception for banking and 2FA codes
• Google Authenticator data extraction
• Screen recording and keylogging
• Camera and microphone activation
• Remote command execution via Tor and WebSockets[^1]

The attackers have localized their ads in multiple languages including Vietnamese, Portuguese, Spanish, Turkish, Thai, Arabic and Chinese to maximize reach[^1]. While the Android campaign currently focuses on impersonating TradingView, the Windows version has mimicked numerous brands including Binance, Bitget, Metatrader, and OKX[^1].

[^1]: Bitdefender - Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide

"How to Fix the Internet" has an important interview with neuroscientist Rafael Yuste and human rights lawyer Jared Genser, who together established the Neurorights Foundation, focused on expanding human rights concepts to neurotechnologies —tools that can record, interpret, and even manipulate brain activity.

They have contributed to getting laws passed nearly unanimously in three states of the USA and also discuss reforms in Brazil and Chile. This is an important issue to understand, and now seems like a short-lived opportunity to get laws passed before wealthy companies become involved in these technologies and start lobbying for their own interests.

https://www.eff.org/deeplinks/2025/08/podcast-episode-protecting-privacy-your-brain

Mastodon, the decentralized social network, stated it cannot comply with age verification laws like Mississippi's recent legislation because it lacks the technical capability to do so[^1]. While Mastodon's software allows server administrators to specify a minimum age of 16 for sign-ups, the age-check data is not stored, and the nonprofit has no way to verify users' ages[^1].

The organization emphasizes that individual server owners must decide for themselves whether to implement age verification, noting that Mastodon was founded specifically "to allow different jurisdictions to have social media that is independent of the U.S."[^1]

This stance follows Bluesky's decision to block service in Mississippi over similar age verification requirements[^1]. Mastodon's position highlights the unique challenges decentralized platforms face with regional compliance, as there is "nobody that can decide for the fediverse to block Mississippi," according to Mastodon founder Eugen Rochko[^1].

[^1]: TechCrunch - Mastodon says it doesn't 'have the means' to comply with age verification laws

I had a quick look at the intro page https://geti2p.net/en/about/intro

The core software (Java) includes a router that introduces and maintains a connection with the network. It also provides applications and configuration options to personalize your experience and workflow.

Maybe I'm biased, but using a Java for the core software doesn't bring good memories back