While governments worldwide insist they only use spyware for legitimate purposes, a new report from Citizen Lab reveals the alarming global spread of Paragon’s Graphite surveillance tool. Six additional countries have been identified as suspected Paragon customers: Australia, Canada, Cyprus, Denmark, Israel, and Singapore. The Ontario Provincial Police in Canada got a special mention. Busted.
The discovery came through some seriously impressive tech detective work. Researchers mapped Graphite’s server infrastructure using digital fingerprints and certificates. Paragon made a rookie mistake—they registered a certificate directly to “Graphite.” Oops. These servers, typically hosted at local telecom companies, left digital breadcrumbs that led straight back to Paragon.
Digital breadcrumbs led straight to Paragon, thanks to their rookie certificate mistake labeling servers as “Graphite.”
Italy’s spyware scandal broke wide open when WhatsApp notified 90 users they’d been targeted. Among them? Journalists, human rights advocates, and even a personal friend of Pope Francis. The Italian government admitted being a Paragon customer but suspended operations after the scandal erupted. Too little, too late.
For a company that markets itself as a “responsible” spyware vendor that only sells to “select global democracies,” Paragon’s customer list raises eyebrows. Their supposedly “abuse-proof” business model? Yeah, right. The evidence suggests they’re just another mercenary spyware firm willing to look the other way. The company was recently acquired by U.S. venture capital firm AE Industrial Partners for at least 500 million dollars.
Sea rescue organizations saving migrants in the Mediterranean were specifically targeted. One activist, David Yambio, was hacked while sharing confidential information with the International Criminal Court. Real ethical.
Italy has a long, troubling history with surveillance tech. They’ve quadrupled spyware operations from 2010 to 2020, authorizing nearly 3,000 spyware deployments in 2021 alone. This surveillance expansion reflects the ongoing tension between privacy and government oversight that began with the introduction of personal computers.
Tech companies played a vital role exposing these abuses. WhatsApp discovered and mitigated a zero-click exploit, while notifications from WhatsApp and Apple helped victims realize they’d been targeted. Without these alerts, many cases would remain invisible—just as governments prefer.
