Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Near the end of 2023, an Israeli security researcher from Tel Aviv said LinkedIn offered him a “good-paying” job abroad. He was told by the company’s HR department that it was a “legitimate” offensive security company starting from scratch in Barcelona, Spain.
But throughout the hiring process, the researcher told TechCrunch, things went a little haywire.
“All the secrecy was very strange. Some of the employees I interviewed did not use their full names, and it took too long to reveal where the company was, or even its name. If everything is legal, why is it a secret?” the researcher told TechCrunch. “It looks like a company that could be sanctioned in the future and things could get ugly.”
When speaking with the company’s chief technology officer, the researcher said he was told something like “we will only have legitimate customers and, unlike other companies, they will not sell to shady countries.”
The hiring CTO and former researcher at sanctioned spyware maker NSO Group, Alexei Levin, told the researcher that the company trying to hire him was called Palm Beach Networks and developed everything from zero-day exploits used to compromise devices. According to the researcher, the spyware implant itself, referring to the surveillance software installed on the target’s device.
Levin also told him Palm Beach Networks had at least one US government client, the researcher said. (Levin did not respond to a request for comment.)
So why did a spyware start in Barcelona a few years ago was at the center of a wide political scandal Where did Spanish government officials use spyware to target local politicians fighting for independence? Like many other startups in the city; The researcher said that company employees told him that living in the city is like living in Israel good tax benefitsand good weather.
These are some of the reasons why Barcelona has become an unlikely hub for spyware companies over the past few years, according to multiple people in the offensive cybersecurity industry who spoke to TechCrunch, and according to case records we’ve seen.
The fact that Barcelona is an important regional outpost for offensive cyber security companies puts the spyware problem right on Europe’s doorstep. an uncertain relationship with control technologybecause of scandals Cyprus, Greece, Hungaryand Poland — all involving Israeli spyware makers.
“The fact that a major European city has become a hub for spyware makers is a disturbing development,” Natalia Krapiva, legal counsel at Access Now, a nonprofit specializing in spyware research and investigation, told TechCrunch. Krapiva said the spyware business “goes hand in hand with corruption and abuse of power.”
“Spanish citizens, the media and politicians should scrutinize whether the operations of these entities comply with national and EU law and whether the Spanish government, particularly given Spain’s history with Pegasus, is complicit in their abuse of control tools,” he said. Nettle.
John Scott-Railton, chief scientist at Citizen Lab, where he and his colleagues have been investigating spyware abuses for more than a decade, also expressed concern. Scott-Railton noted that in the past there have been cases of spyware abuse against human rights activists and dissidents in non-democratic countries such as Ethiopia and Saudi Arabia. but also against US diplomats and targeted individuals including politicians and citizens within European borders.
“This will add fuel to Europe’s spyware crisis.” If experience is a guide, it’s only a matter of time before this technology is used by customers against Spain’s allies and EU partners,” Scott-Railton told TechCrunch. “Governments are gambling with their hidden capacity and human capital by allowing this industry to flourish. Once mercenary spyware and exploiters come to town and start recruiting, those opportunities are exhausted abroad, including for potential future adversaries.”
Sun, seafood and spyware
Apart from Palm Beach Networks, as it was known at the time, Barcelona has several other exploits and spyware makers making the most of the city’s sunny, mild weather, fresh seafood and vibrant expat community.
Among them, Paradigm Shift, part of the struggling Variston startup, which has lost its employees and is struggling to survive in 2024; and Epsilon, led by industry veteran Jeremy Fetiveau, who previously worked at the unit created after US defense giant L3Harris bought Australian startup Azimuth. Fetiveau did not respond to a request for comment.
The city is also said to be home to a group of Israeli researchers who moved from Singapore to Barcelona to develop. zero day exploits. The existence of this unnamed team, as well as the presence of Epsilon in Barcelona This was reported for the first time by the Israeli newspaper “Haaretz”.whose article sparked the spotlight local newspapers and news websites.
Other cybersecurity companies have a presence in Barcelona, even if they don’t have their headquarters. Andrijana Šekularac, CEO of Austrian cybersecurity company SAFA, lives in the city, according to her public profile on LinkedIn. SAFA has sponsored conferences on cyber security, including offensive ones OffensiveCon and Hexagonand employ at least two security researchers with past experience at spyware companies, according to their public LinkedIn profiles. Shekularaj did not respond to a request for comment.
These zero-day and spyware companies are part of a wider cybersecurity and startup ecosystem in Barcelona. From last year This was announced by the regional government of CataloniaMore than 10,000 people were employed by more than 500 cybersecurity companies in Barcelona, nearly 50% more than five years ago.
Contact us
Do you know more about Epsilon, Head and Tail, Paradigm Shift, or other government spyware makers? On a non-work device, you can safely contact Lorenzo Franceschi-Bicchierai at +1 917 257 1382 or via Telegram and Keybase @lorenzofb. e-mail. You can also contact TechCrunch via SecureDrop.
Barcelona is a hotbed not only for surveillance technology manufacturers, but for startups in general. some of them ranking A city that is among the best start-up centers in Europe. The city is home to food delivery startup Glovo, a rival to DeliveryHero. 2.3 billion euros in 2021 When buying a majority of the shares of a Catalan company; orthodontic beginning Impress, which In 2022, it raised $125 million and $114 million in 2024; and TravelPerk, a business travel management platform In 2024, it raised $105 million; Among more than 2,200 other startups, According to the Barcelona and Catalonia Launch Centera local government project that monitors the startup ecosystem in the region.
The city attracts workers because of it cost of living is cheaper Unlike other European startup hubs like London, Amsterdam and Berlin. After that, there are perhaps more obvious reasons, at least for anyone who has been to Barcelona: The city has beautiful beaches similar to Tel Aviv, Cyprus and Greece. NSO Group, Circlesand Intellexa.
There are other reasons besides the attractiveness of the city that especially bring Israeli security researchers to Barcelona. This was reported by Haaretz In late December 2024, Israel became more restrictive in granting licenses to export spyware to other countries after scandals involving the NSO Group, leaving the door open for companies to move abroad. It is now more difficult for companies to export spyware from Israel to the rest of the world, including the European Union, than the bloc itself.
One person told Haaretz that the process was “not emigration to Spain, but deportation to Spain.”
As the paradigm shifts clearly self-promoting As an offensive cyber security company, other companies are not as transparent with their job listings for roles suitable for this type of work. like Variston before. Paradigm Shift is managed by Leone Pontorieri, according to its business records, as well as Filippo Roncari and Simone Ferrini, according to their public LinkedIn profiles. The three were part of an Italian startup acquired by Variston in 2018 when the company launched in Barcelona and was one of the first spyware companies to operate in the Catalan city.
Paradigm Shift representatives did not respond to a request for comment.
A stealthy startup with many names
Palm Beach Networks, unlike spyware makers NSO Group and Hacking Team and FinFisher before it, has so far avoided any public allegations of human rights abuses. But the company has an interesting history of name changes other spyware vendors have previously used it to disguise their corporate ownership. Israeli spyware makers have rebranded Candiru several times before the company Added to the US government’s trade embargo list In 2021, and there was the NSO itself is a complex corporate structure.
According to the Israeli researcher, the name Palm Beach Networks “was a little secret and was only mentioned by Levin and others at a later stage.”
As it turns out, Palm Beach Networks might just be the second iteration of a startup with an outdated name and a different identity.
A company called Defense Prime Inc. became Palm Beach Networks May 11, 2023. On June 16, 2023, a company called Head and Tail started operations in Barcelona. Then on June 28, 2024 Palm Beach Networks it was resolvedAccording to business records filed in Florida and Spain.
Defense Prime and the Palm Beach Networks appear to be related to Head and Tail due to overlapping leaders and key figures.
A person named Sai Gopal is listed He was the authorized signatory of Head and Tail in Spanish business records and someone of the same name listed as treasurer Florida job records Defense Prime. Gopal could not be reached for comment.
Business records Also show that CTO Alexei Levy is the director of Head and Tail trying to hire an Israeli security researcher for Palm Beach Networks. Representatives for Head and Tail did not respond to TechCrunch’s request for comment.
Levin works at Palm Beach Networks, a current executive at a spyware maker told TechCrunch on condition of anonymity. Earlier, the executive said Levin was an early developer at NSO Group and later worked at Candiru.
On its official websiteHead and Tail makes no claims that it develops surveillance technology, but instead says it addresses “multiple cybersecurity challenges, including threat intelligence, vulnerability assessment, security awareness training, and incident response.” The company has job postings for Barcelona, Madrid and Sevilla.
Ultimately, the Israeli researcher turned down the chance to work for Palm Beach Networks, even though people he knew told him the company paid some of its employees eye-watering salaries that far exceeded the country’s overall annual average.
The researcher said he was concerned that some NSO Group employees, who had to face the consequences of human rights scandals, could be like Facebook. blocking and deletion of personal accountsand the US government threatened to refuse to issue a visa.
“I could make good enough money elsewhere and not have to worry about what’s going to happen or who I’m working for,” the researcher said, “especially when I feel like they’re not a transparent company and I don’t know who they’re working with. It’s customers.”
