U.S. authorities on Monday announced sanctions against five individuals – including Felix Bitzios (Bitzios), the beneficial owner of an Intellexa consortium company that was used to supply Predator spyware to a foreign government clients – and Tal Jonathan Dilian, the founder of Intellexa.

According to a press release by the U.S. Department of the Treasury’s Office of Public Affairs the two are linked to the consortium for developing, operating and distributing commercial spyware technology. The company developed the notorious “predator” software, which was used to conduct illegal surveillance against dozens of individuals in Greece, including journalists, active political leaders as well as members of the Greek cabinet. The revelations abruptly emerged in 2022 and eventually led to the resignation of the head of the country’s intelligence service (EYP), Panagiotis Kontoleon, less than an hour after the secretary general of the prime minister’s office, Grigoris Dimitriadis (a nephew of Prime Minister Kyriakos Mitsotakis), also resigned.

The scandal has rocked the domestic political scene and generated intense media scrutiny when it was revealed that attempts were made to eavesdrop on the mobile phone of then MEP (and subsequent PASOK leader) Nikos Androulakis via the spyware Predator.

In January 2023, the Hellenic Authority for Communication Security and Privacy (ADAE), confirmed that Minister of Labor Kostis Hatzidakis and the chief of the Hellenic National Defence General Staff Gen. Konstantinos Floros, among others, were under illegal surveillance.

The furor generated international media headlines, while it also led the European Parliament to pass a damning resolution against the Greek state for using such practices, with the text saying such practices compromised freedom of the press and the rule of law.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released the relevant statement today, which reads:

Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned five individuals and one entity associated with the Intellexa Consortium for their role in developing, operating, and distributing commercial spyware technology that presents a significant threat to the national security of the United States. These designations complement concerted U.S. government actions against commercial spyware vendors, including previous sanctions against individuals and entities associated with the Intellexa Consortium; the Department of Commerce’s addition of commercial spyware vendors to the Entity List; and the Department of State’s visa ban policy targeting those who misuse or profit from the misuse of commercial spyware, subsequently exercised on thirteen individuals.

“The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and civil liberties of our citizens,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith. “We will continue to hold accountable those that seek to enable the proliferation of exploitative technologies, while also encouraging the responsible development of technologies that align with international standards.”

Today’s action reaffirms the United States’ commitment to countering the exploitation of Americans’ sensitive data and digital authoritarianism, and aligns with a series of U.S. Government actions to counter the proliferation and misuse of commercial spyware, including the issuance of Executive Order (E.O.) 14093 to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security; the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware; and the Guiding Principles on Government Use of Surveillance Technologies. These measures reflect the U.S. Government’s commitment to use all available tools and authorities, including sanctions as well as export controls and visa restrictions, to counter the misuse of such sophisticated surveillance technology.

TARGETING THE GLOBAL COMMERCIAL SPYWARE NETWORK

The Intellexa Consortium is a complex international web of decentralized companies that built and commercialized a comprehensive suite of highly invasive spyware products, primarily marketed under the brand-name “Predator.” The consortium was founded by Tal Jonathan Dilian (Dilian), an individual designated pursuant to E.O. 13694, as amended by E.O. 13757 (“E.O. 13694, as amended”).

Predator spyware can be used to gain access to data stored and transmitted from the target’s device, such as a cellphone, through one-click and zero-click attacks that require no user interaction for the spyware to infect the device. Successful Predator spyware attacks can provide the spyware’s operators with access to sensitive information on the victim’s device, including photos, geolocation data, personal messages, and microphone records. As a part of the growing commercial spyware industry, the Intellexa Consortium maintains operations around the world, and its clients include state-sponsored actors and governments. Past targets of the Intellexa Consortium’s spyware products include government officials, journalists, policy experts, and opposition politicians.

Felix Bitzios (Bitzios) is the beneficial owner of an Intellexa Consortium company that was used to supply Predator spyware to a foreign government client. Bitzios also acted as the manager of Intellexa S.A., a company in the Intellexa Consortium that was designated pursuant to E.O. 13694, as amended.

Andrea Nicola Constantino Hermes Gambazzi is the beneficial owner of Thalestris Limited and Intellexa Limited, members of the Intellexa Consortium that were designated pursuant to E.O. 13694, as amended. Thalestris Limited holds distribution rights to the Predator spyware, and is the parent company to Intellexa S.A. Thalestris Limited has been involved in processing transactions on behalf of other entities within the Intellexa Consortium.

Merom Harpaz is a top executive of the Intellexa Consortium, and acted as a manager of Intellexa S.A.

Panagiota Karaoli is the director of multiple Intellexa Consortium entities that are controlled by or are a subsidiary of Thalestris Limited.

Artemis Artemiou (Artemiou) is the general manager and member of the board of Cytrox Holdings Zartkoruen Mukodo Reszvenytarsasag (Cytrox Holdings), a member of the Intellexa Consortium that was designated pursuant to E.O. 13694, as amended. Artemiou is also an employee of Intellexa S.A.

Aliada Group Inc. (Aliada Group), a British Virgin Islands-based company and member of the Intellexa Consortium, has enabled tens of millions of dollars of transactions involving the network. The Aliada Group is directed by Dilian. The Aliada Group was associated with Intellexa S.A. and Intellexa Limited, and held shares in Cytrox Holdings.

Felix Bitzios, Andrea Nicola Constantino Hermes Gambazzi, Merom Harpaz, Panagiota Karaoli, Artemis Artemiou¸ and the Aliada Group Inc. are being designated pursuant to E.O. 13694, as amended, for being responsible for or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.

SANCTIONS IMPLICATIONS

As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked. Unless authorized by a general or specific license issued by OFAC, or exempt, OFAC’s regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons. Non-U.S. persons are also prohibited from causing or conspiring to cause U.S. persons to wittingly or unwittingly violate U.S. sanctions, as well as engaging in conduct that evades U.S. sanctions. OFAC’s Economic Sanctions Enforcement Guidelines provide more information regarding OFAC’s enforcement of U.S. sanctions, including the factors that OFAC generally considers when determining an appropriate response to an apparent violation.

In addition, financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action. Prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any designated person, or the receipt of any contribution or provision of funds, goods, or services from any such person.

The power and integrity of OFAC sanctions derive not only from OFAC’s ability to designate and add persons to the SDN List, but also from its willingness to remove persons from the SDN List consistent with the law.