Trump reinstates Israeli spyware firm contract, grants it sweeping phone-hacking powers

By Maryam Qarehgzolu

Donald Trump administration has quietly reinstated a contract with a previously banned Israeli spyware maker, Paragon Solutions, granting Immigration and Customs Enforcement (ICE) sweeping access to hack into any mobile phones, including encrypted applications.

The reversal, published last Saturday on an official US government procurement website, has sparked alarm among human rights groups and digital freedom advocates in the US.

They warn that the move, greenlighted by the Trump administration, enables the offensive cyber industry, while also accelerating a harsher crackdown on immigrants — policies that have already included incarceration before trial, family separations, and deportations to third countries.

Paragon was founded in 2019 in Israeli-occupied territories by Ehud Schneorson, a commander in Israel’s notorious cyber-spying outfit, Unit 8200, and with backing from then-Prime Minister Ehud Barak.

In September 2024, under the Joe Biden administration, the Department of Homeland Security (DHS) signed a $2 million contract with Paragon.

However, the deal was soon halted and placed under review to ensure compliance with a March 2023 executive order restricting the US government’s use of commercial spyware.

That order specifically prohibited procurement of tools that pose “significant counterintelligence or security risks to the United States government or significant risks of improper use by a foreign government or foreign person.”

How was ICE’s contract with Paragon revived?

For several months, the contract remained frozen. But just two months after the stop-work order was issued, Florida-based private equity firm AE Industrial Partners acquired Paragon and merged it with Virginia-based intelligence contractor REDLattice, clearing the way for the deal’s reinstatement.

Through this acquisition, Paragon is now classified as a domestic rather than foreign vendor, given its US ownership. According to multiple reports, the company has also forged deep ties with former CIA officials and senior US military figures.

Independent journalist Jack Poulson revealed on his Substack that John Finbarr Fleming, a former CIA assistant director for Korea, assumed the role of executive chairman of Paragon’s US branch in January 2024 — months before the public acquisition announcement, according to his LinkedIn profile.

Similarly, Andrew G. Boyd, who directed the CIA’s Center for Cyber Intelligence until mid-2023, joined REDLattice’s board around October 2023.

Just two months earlier, former US Army chief of staff James McConville had also joined REDLattice’s leadership team.

Joint Special Operations Command (JSOC), the US military’s so-called premier counter-terrorism and direct action unit, which works closely with the CIA, has disclosed more than $11 million in spending on REDLattice products.

Procurement data shows that $6 million of that sum was allocated on July 18 alone, underscoring the depth of US military reliance on these technologies.

With the ban now lifted, ICE has emerged as the contracting agency in deploying Paragon’s spyware.

Civil and human rights groups warn that this effectively places one of the most powerful stealth cyberweapons ever created — a tool originally developed outside the US — in the hands of an agency notorious for violating most fundamental rights.

The reinstated contract includes a fully configured package: software licensing, dedicated hardware, operator training, and ongoing maintenance.

How does Paragon’s spyware work?

When it is successfully deployed against a target, Paragon’s hacking software – called Graphite – is capable of infiltrating virtually any smartphone in the world.

Once a device is compromised, operators, in this case ICE, can not only monitor an individual’s physical movements but also read text messages, view stored photographs, and extract content from encrypted applications such as WhatsApp and Signal.

The software can even hijack the phone’s microphone, turning it into a real-time listening device.

The company claims that Graphite is an “ethical alternative” to spyware like NSO Group’s Pegasus, which became the subject of an international scandal in 2021 after investigations revealed its use by governments to hack journalists, dissidents, and even heads of state.

In response, the US Commerce Department blacklisted NSO in 2021, barring American firms from supplying it with technology.

In 2022, the Citizen Lab at the University of Toronto, a Canadian tech organization, revealed that Israel’s Pegasus spyware had infected computers used by staffers in the UK prime minister’s office, despite Britain being one of Tel Aviv’s closest allies.

Paragon has sought to differentiate itself from NSO Group, claiming it only does business with so-called "democracies."

Despite its claims of higher “ethical” standards, the company has failed to provide transparency.

It also claims that it has a no-tolerance policy and will cut off government clients who use the spyware to target members of civil society, such as journalists; nonetheless, it has not disclosed its client list, nor has it outlined specific safeguards to prevent abuse of its spyware.

How has Paragon targeted civil society?

In practice, Paragon’s technology has already been implicated in abuse of privacy and free speech.

It insists that its products are intended to be used to “prevent organized crime and terrorist attacks,” but the company’s software has been used extensively in the past to target innocent people.

Earlier this year, Graphite was linked to a spying campaign in Italy that targeted at least 90 journalists, migrant rights activists, and even associates of Pope Francis.

The individuals who were targeted included outspoken human rights activists who have been critical of Italy’s “colonial project” in Libya.

Following public backlash, Paragon was compelled to sever ties with Italian authorities; however, the scandal sparked increased scrutiny of its international activities.

In early 2025, Meta-owned WhatsApp announced it had thwarted a major hacking attempt using Paragon’s spyware. The campaign targeted around 90 individuals — among them journalists, pro-immigration activists, and members of civil society.

WhatsApp said it not only blocked the attack but also sent Paragon a cease-and-desist letter, citing the precedent set by its successful lawsuit against NSO Group.

Why ICE’s acquisition of Graphite matters?

ICE, as the principal investigative arm of DHS, has long been criticized for its aggressive approach to immigration enforcement in the US under the incumbent administration. 

Since Trump returned to the White House in January, the agency has been at the center of controversy over family separations, reported abuses inside detention centers, and sweeping deportation operations that rights groups describe as human rights violations.

According to US media reports, the administration has allocated $170 billion for enforcing Trump’s immigration policy, setting a daily target of 3,000 arrests for the authorities.

To meet this goal, ICE is recruiting 10,000 agents, offering signing bonuses of $50,000.

DHS has already taken steps such as increasing surveillance of immigrants’ social media accounts, and reports have emerged about plans to use various technologies to track hundreds of thousands of immigrants.

The addition of Graphite to ICE’s technological arsenal could allow it to monitor immigrant communities more deeply than ever before, as well as track activists, journalists, or political opponents.

These concerns are particularly acute given Trump’s heightened efforts to suppress pro-Palestinian activism on college campuses.

In March, Secretary of State Marco Rubio announced that the visas of at least 300 international students accused of “destabilizing” campuses had been revoked — a move widely condemned as politically motivated.

ICE already maintains contracts with major surveillance firms such as Palantir and Babel Street.

Palantir is a CIA-backed tech giant that aids the Israeli genocidal war on Gaza through AI-driven targeting systems. Babel Street provides Babel X, an AI surveillance platform.

Earlier this year, rights groups revealed that Babel X and Palantir’s Immigration OS have automated capabilities that enable constant mass monitoring, surveillance, and assessments of people, often for the purpose of targeting non-US citizens, and pose risks to those who speak out for Palestinian rights.

Mounting backlash

Graphite’s hacking capabilities take the surveillance to an unprecedented level and increase the risk of unlawful and arbitrary arrests amid the US's ongoing unlawful clampdown on pro-Palestine activists, migrants, refugees, and asylum seekers, experts warn.

Digital rights groups also cautioned that Trump’s policies, coupled with the renewal of the Paragon contract, signal that the US is rolling back its previous efforts to regulate the spyware industry, and rather than setting global standards for accountability, Washington is normalizing the abuses.

They warn that this poses a “profound threat to free speech and privacy.”

John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab and one of the world’s leading experts on spyware abuse, said in a statement that such tools “were designed for dictatorships, not democracies built on liberty and protection of individual rights.”

“Invasive, secret hacking power is corrupting. That’s why there’s a growing pile of spyware scandals in democracies, including with Paragon’s Graphite,” he said, referring to the controversy in Italy.

Senator Ron Wyden (D-Oregon) expressed alarm in an email to reporters, confirming he has requested a briefing from ICE.

“ICE is already shredding due process and ruining lives in its rush to lock up kids, cooks, and firefighters who pose no threat to anyone,” Wyden wrote.

“I’m extremely concerned about how ICE will use Paragon’s spyware to further trample on the rights of Americans and anyone who Donald Trump labels as an enemy,” he added.

Michael De Dora, US policy manager at digital rights group Access Now, also said that Paragon’s track record abroad should raise red flags in Washington.

“Paragon’s technology has been misused by other governments around the world to target human rights defenders and political dissidents alike … Americans should be deeply concerned about how the administration could use this new tool for the purposes of domestic repression, and the administration should be very careful too,” De Dora warned.

The Electronic Frontier Foundation (EFF), the leading US nonprofit organization defending digital civil liberties, echoed those concerns in a post on X, saying the ICE contract with Paragon “is extremely concerning.”

“Without robust legal safeguards, there is a legitimate risk that such powerful intrusive tools could be misused again,” it said.

Press TV’s website can also be accessed at the following alternate addresses:

www.presstv.co.uk