Towards the tip of 2023, an Israeli safety researcher from Tel Aviv mentioned that he was approached on LinkedIn with a possibility to work overseas with “good pay.” He mentioned that the corporate’s HR division informed him that it was a “legitimate” offensive safety firm that was ranging from scratch in Barcelona, Spain.
However throughout the entire recruiting course of, the researcher recounted to TechCrunch, issues felt a bit off.
“The whole secrecy was very weird. Some employees that interviewed me didn’t use their full names, they took super long to reveal where the company even is, let alone its name. Why is it such a secret if everything’s legit?” the researcher informed TechCrunch. “It seems like a company that might get sanctioned in the future, and things might get dirty.”
When he spoke to the corporate’s chief expertise officer, the researcher mentioned that he was informed one thing alongside the traces of, “we will only have legit customers and unlike other companies won’t sell to shady nations.”
Alexey Levin, the hiring CTO and a former researcher on the sanctioned spyware and adware maker NSO Group, informed the researcher that the corporate making an attempt to rent him was known as Palm Seashore Networks, and that it develops the whole lot from the zero-day exploits used for compromising units to the spyware and adware implant itself, referring to the surveillance software program that will get put in on a goal’s system, in line with the researcher.
The researcher mentioned that Levin additionally informed him that Palm Seashore Networks had a minimum of one U.S. authorities buyer. (Levin didn’t reply to a request for remark.)
However why discovered a spyware and adware startup in Barcelona, which simply years earlier was on the heart of a wide-reaching political scandal the place Spanish authorities officers used spyware and adware to focus on native politicians who pushed for independence? Similar to many different startups within the metropolis; the researcher mentioned that firm workers informed him that it was as a result of dwelling within the metropolis is just like dwelling in Israel, that there are good tax advantages, and good climate.
These are among the explanation why within the final couple of years, Barcelona has grow to be an unlikely hub for spyware and adware corporations, in line with a number of individuals who work within the offensive cybersecurity trade who spoke with TechCrunch, in addition to enterprise data we now have seen.
Having Barcelona grow to be an important regional outpost for offensive cybersecurity corporations places the spyware and adware downside squarely on the doorstep of Europe, which has a fractious relationship with surveillance tech, because of scandals in Cyprus, Greece, Hungary, and Poland — all involving Israeli spyware and adware makers.
“It is a concerning development if a major city in Europe becomes a hub for spyware makers,” Natalia Krapiva, the authorized counsel at nonprofit Entry Now, which focuses on investigating and researching spyware and adware, informed TechCrunch. Krapiva mentioned that the spyware and adware enterprise “goes hand in hand with corruption and abuse of power.”
“Spanish citizens, media, and policymakers should be carefully scrutinizing these businesses in terms of whether their operations are consistent with national and EU laws and whether the Spanish government may be involved in abusing their surveillance tools, especially given Spain’s history with Pegasus,” mentioned Krapiva.
John Scott-Railton, a senior researcher on the Citizen Lab, the place he and his colleagues have for greater than a decade investigated abuses carried out with spyware and adware instruments, additionally expressed concern. Scott-Railton famous that previously there have been instances of spyware and adware abuse not solely towards human rights activists and dissidents in non-democratic international locations like Ethiopia and Saudi Arabia, but in addition towards U.S. diplomats and focused people, together with politicians and residents inside Europe’s borders.
“This will add fuel to the fire of Europe’s spyware crisis. If experience is a guide, it’s only a matter of time before this tech winds up used by customers against Spain’s allies and EU partners,” Scott-Railton informed TechCrunch. “Governments that allow this industry to flourish take a gamble with their own secret capabilities and human capital. These capabilities tend to drain outwards, including to potential future adversaries, once mercenary spyware and exploit developers come to town and start hiring.”
Solar, seafood, and spyware and adware
Other than Palm Seashore Networks, because it was recognized on the time, Barcelona is dwelling to a number of different exploit and spyware and adware makers that too are profiting from the town’s sunny, temperate climate, recent seafood, and vibrant expat neighborhood.
Amongst them are Paradigm Shift, a spin off of the embattled startup Variston, which misplaced employees and was struggling to outlive in 2024; and Epsilon, which is led by Jeremy Fetiveau, an trade veteran who used to work for a division inside U.S. protection large L3Harris that was created after the corporate acquired the Australian startup Azimuth.” Fetiveau didn’t return a request for remark.
The town is alleged to be additionally dwelling to an unnamed group of Israeli researchers who moved to Barcelona from Singapore to work on creating zero-day exploits. The existence of this unnamed workforce in addition to Epsilon’s presence in Barcelona was first reported by Israeli newspaper Haaretz, whose article sparked protection in native newspapers and information web sites.
Different cybersecurity corporations have a presence in Barcelona, even when they don’t seem to be headquartered there. Andrijana Šekularac, the chief government of Austrian cybersecurity firm SAFA lives within the metropolis, in line with her public LinkedIn profile. SAFA has sponsored offensive cybersecurity conferences, together with OffensiveCon and Hexacon, and employs a minimum of two safety researchers with previous expertise at spyware and adware corporations, in line with their public LinkedIn profiles. Šekularac additionally didn’t reply to a request for remark.
These zero-day and spyware and adware corporations are a part of a broader cybersecurity and startup ecosystem in Barcelona. As of final yr, in line with the Catalan regional authorities, there have been greater than 10,000 folks working for greater than 500 cybersecurity corporations in Barcelona, or round 50% extra staff than 5 years earlier.
Contact Us
Do you will have extra details about Epsilon, Head and Tail, Paradigm Shift, or different authorities spyware and adware makers? From a non-work system, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or electronic mail. You can also contact TechCrunch by way of SecureDrop.
Barcelona isn’t only a hotbed for surveillance tech makers, however startups usually, with some rating the town among the many high startup hubs in Europe. The town is the founding dwelling for meals supply startup Glovo, which competitor DeliveryHero valued at €2.3 billion in 2021 when it acquired a majority stake within the Catalan firm; orthodontics startup Impress, which raised $125 million in 2022 and $114 million in 2024; and enterprise journey administration platform TravelPerk, which raised $105 million in 2024; amongst greater than 2,200 different startups, in line with the Barcelona and Catalonia Startup Hub, an area authorities mission that tracks the startup ecosystem within the area.
The town is enticing to staff as a result of its value of dwelling is cheaper than different European startup hubs like London, Amsterdam, and Berlin. Then, there’s the maybe extra apparent causes, a minimum of for anybody who’s been to Barcelona: The town has good seashores, just like Tel Aviv, Cyprus, and Greece, locations which might be or had been dwelling to spyware and adware corporations like NSO Group, Circles, and Intellexa.
There are additionally different causes, aside from the town’s attractiveness, which have introduced Israeli safety researchers specifically to Barcelona. As Haaretz reported on the finish of December 2024, Israel has grow to be extra restrictive in granting licenses to export spyware and adware to different international locations within the wake of the scandals involving NSO Group, leaving the door open for corporations to maneuver overseas. It’s now harder for corporations to export spyware and adware from Israel to the remainder of the world, together with the European Union, than from inside the bloc itself.
One individual informed Haaretz that this course of isn’t “emigration to Spain, it’s expulsion to Spain.”
Whereas Paradigm Shift is overtly promoting itself as an offensive cybersecurity firm, with job listings for roles that match this kind of enterprise, different corporations aren’t as clear, similar to Variston was once. Paradigm Shift is headed by Leone Pontorieri, in line with the corporate’s enterprise data, in addition to Filippo Roncari and Simone Ferrini, in line with their public LinkedIn profiles. The three had been a part of an Italian startup that was acquired by Variston in 2018, when the corporate launched in Barcelona, and one of many first spyware and adware corporations to arrange its operations within the Catalan metropolis.
Representatives for Paradigm Shift didn’t reply to a request for remark.
A stealthy startup with many names
Palm Seashore Networks has to this point averted any public claims of involvement in human rights abuses, in contrast to spyware and adware makers NSO Group, and earlier than it Hacking Staff and FinFisher, have previously. However the firm does have an intriguing historical past of adjusting names, a method that different spyware and adware distributors have beforehand used to masks their company possession. Israeli spyware and adware makers Candiru rebranded a number of occasions earlier than the corporate was added to the U.S. authorities’s commerce ban listing in 2021, and NSO itself had a fancy company construction.
The identify Palm Seashore Networks “was a bit secretive and only said by Levin and others at later stages,” in line with the Israeli researcher.
Because it seems, Palm Seashore Networks could already be an out of date identify, and the second iteration of a startup with a special id.
An organization known as Protection Prime Inc. turned Palm Seashore Networks on Might 11, 2023. On June 16, 2023 an organization known as Head and Tail began operations in Barcelona. Then on June 28, 2024, Palm Seashore Networks was dissolved, in line with enterprise data filed in Florida and Spain.
Protection Prime and Palm Seashore Networks seem like linked to Head and Tail because of overlapping executives and key figures.
An individual named Sai Gopal is listed as Head and Tail’s licensed signatory in Spanish enterprise data, and somebody with the identical identify was listed because the treasurer of Protection Prime in Florida enterprise data. Gopal couldn’t be reached for remark.
Enterprise data additionally present Alexey Levin, the CTO who tried to rent the Israeli safety researcher for Palm Seashore Networks, is the director of Head and Tail. Representatives from Head and Tail didn’t return TechCrunch’s request for remark.
A present government at a spyware and adware maker, who requested to stay nameless, informed TechCrunch that Levin works at Palm Seashore Networks. Beforehand, the chief mentioned, Levin was an early developer at NSO Group, after which additionally labored at Candiru.
On its official web site, Head and Tail makes no express point out of the truth that it develops surveillance expertise, however as a substitute says it addresses “a myriad of cybersecurity issues, including threat intelligence, vulnerability assessments, security awareness training, and incident response.” The corporate has job listings for Barcelona, Madrid, and Sevilla.
Ultimately, the Israeli researcher turned down the prospect to work at Palm Seashore Networks, despite the fact that folks he is aware of informed him the corporate pays a few of its workers eye-watering salaries that vastly exceed the nation’s gross annual common.
The researcher mentioned he was fearful he could find yourself like some NSO Group’s workers, who’ve needed to cope with the fallout from human rights scandals, Fb blocking and deleting their private accounts, and the U.S. authorities threatening to disclaim their visas.
“I could get good enough money elsewhere and not have to worry about what will happen or who I’m working for,” mentioned the researcher, “especially when I felt they aren’t a transparent company and I wouldn’t know who the customers are.”
