The Predator Files, an investigation published in October 2023 and coordinated by the European Investigative Collaborations (EIC) media network, exposed the proliferation of surveillance technologies around the world and the failure of governments and the European Union to properly regulate the industry. The Intellexa alliance – an association of several European companies – supplied a form of highly invasive spyware, Predator, to states around the world and enabled the unlawful targeting of activists, journalists, academics and political figures.

Amnesty International’s Security Lab was a technical partner in the Predator Files investigation. As part of this collaboration, we reviewed technical documentation, marketing material and other records from the Intellexa alliance between 2007 and 2022 and investigated the human rights impact of targeted and mass surveillance tools. Amnesty International also carried out a months-long forensic investigation which identified civil society and political figures around the world who were targeted with the Predator spyware.

What did we find?

Our research shed light on the Intellexa alliance, an evolving group of companies and brands that have developed and marketed a wide range of surveillance products including highly invasive spyware like Predator, mass surveillance platforms, and “tactical” surveillance systems for targeting and intercepting nearby devices. The Predator Files documents the presence of Intellexa alliance products in at least 25 countries worldwide, including Egypt, Libya, Madagascar, Saudi Arabia, Viet Nam, and France among many others.

In our ‘Caught in the Net’ report, we disclosed a surveillance operation with connections to Viet Nam, which targeted at least 50 social media accounts belonging to 27 individuals and 23 institutions, including the President of the European Parliament, Roberta Metsola, the President of Taiwan, Tsai Ing-Wen, U.S. Congressman Michael McCaul, U.S. Senator John Hoeven, the German Ambassador to the United States, Emily Haber and French MEP Pierre Karleskind.

We also provided an in-depth analysis of the surveillance technologies sold by the Intellexa alliance to provide an invaluable case study on the wide range of invasive technologies offered by the surveillance industry including a breakdown of how technology such as zero-day exploits, spyware, tactical hardware and mass surveillance technology are used by government surveillance customers to surveil their targets.


Forensic support

The Security Lab analysed the devices of journalists and civil society members who we identified as potential Predator targets. We shared private threat intelligence about likely Predator spyware customers with civil society forensic partners to help direct our collective efforts to identify misuse of this spyware.

The Mobile Verification Toolkit (MVT) ecosystem of tools helps with conducting forensics of mobile devices. As part of the ‘Predator Files’, the Security Lab published indicators of compromise for MVT to help civil society organisations around the world find additional cases of Predator spyware misuse.

Yet again, we have evidence of powerful surveillance tools being used in brazen attacks.
The targets this time around are journalists in exile, public figures and intergovernmental
officials. But let’s make no mistake: the victims are all of us, our societies, good
governance and everyone’s human rights.”

Agnes Callamard, Secretary General of Amnesty International.
The Head of the Security Lab Donncha Ó Cearbhaill presented our findings and calls to the Committee on Civil Liberties, Justice and Home Affairs on October 26.

Find out more about what we are calling for on our Campaigns page.

Latest on Predator spyware