Toward the tip of 2023, an Israeli safety researcher from Tel Aviv mentioned that he was approached on LinkedIn with a chance to work overseas with “good pay.” He mentioned that the corporate’s HR division advised him that it was a “reputable” offensive safety firm that was ranging from scratch in Barcelona, Spain.
But throughout the entire recruiting course of, the researcher recounted to TechCrunch, issues felt a bit off.
“The complete secrecy was very bizarre. Some staff that interviewed me didn’t use their full names, they took tremendous lengthy to disclose the place the corporate even is, not to mention its title. Why is it such a secret if all the pieces’s legit?” the researcher advised TechCrunch. “It looks as if an organization which may get sanctioned sooner or later, and issues would possibly get soiled.”
When he spoke to the corporate’s chief expertise officer, the researcher mentioned that he was advised one thing alongside the traces of, “we are going to solely have legit prospects and in contrast to different corporations gained’t promote to shady nations.”
Alexey Levin, the hiring CTO and a former researcher on the sanctioned spy ware maker NSO Group, advised the researcher that the corporate attempting to rent him was known as Palm Beach Networks, and that it develops all the pieces from the zero-day exploits used for compromising units to the spy ware implant itself, referring to the surveillance software program that will get put in on a goal’s system, in response to the researcher.
The researcher mentioned that Levin additionally advised him that Palm Beach Networks had at the least one U.S. authorities buyer. (Levin didn’t reply to a request for remark.)
But why discovered a spy ware startup in Barcelona, which simply years earlier was on the heart of a wide-reaching political scandal the place Spanish authorities officers used spy ware to focus on native politicians who pushed for independence? Just like many different startups within the metropolis; the researcher mentioned that firm staff advised him that it was as a result of residing within the metropolis is much like residing in Israel, that there are good tax advantages, and good climate.
Those are among the the reason why within the final couple of years, Barcelona has develop into an unlikely hub for spy ware corporations, in response to a number of individuals who work within the offensive cybersecurity business who spoke with TechCrunch, in addition to enterprise data we have now seen.
Having Barcelona develop into an important regional outpost for offensive cybersecurity corporations places the spy ware drawback squarely on the doorstep of Europe, which has a fractious relationship with surveillance tech, resulting from scandals in Cyprus, Greece, Hungary, and Poland — all involving Israeli spy ware makers.
“It is a regarding growth if a significant metropolis in Europe turns into a hub for spy ware makers,” Natalia Krapiva, the authorized counsel at nonprofit Access Now, which focuses on investigating and researching spy ware, advised TechCrunch. Krapiva mentioned that the spy ware enterprise “goes hand in hand with corruption and abuse of energy.”
“Spanish residents, media, and policymakers needs to be rigorously scrutinizing these companies by way of whether or not their operations are in line with nationwide and EU legal guidelines and whether or not the Spanish authorities could also be concerned in abusing their surveillance instruments, particularly given Spain’s historical past with Pegasus,” mentioned Krapiva.
John Scott-Railton, a senior researcher on the Citizen Lab, the place he and his colleagues have for greater than a decade investigated abuses carried out with spy ware instruments, additionally expressed concern. Scott-Railton famous that previously there have been instances of spy ware abuse not solely in opposition to human rights activists and dissidents in non-democratic nations like Ethiopia and Saudi Arabia, but in addition in opposition to U.S. diplomats and focused people, together with politicians and residents inside Europe’s borders.
“This will add gas to the fireplace of Europe’s spy ware disaster. If expertise is a information, it’s solely a matter of time earlier than this tech winds up utilized by prospects in opposition to Spain’s allies and EU companions,” Scott-Railton advised TechCrunch. “Governments that permit this business to flourish take of venture with their very own secret capabilities and human capital. These capabilities have a tendency to empty outwards, together with to potential future adversaries, as soon as mercenary spy ware and exploit builders come to city and begin hiring.”
Sun, seafood, and spy ware
Apart from Palm Beach Networks, because it was recognized on the time, Barcelona is house to a number of different exploit and spy ware makers that too are benefiting from the town’s sunny, temperate climate, contemporary seafood, and vibrant expat group.
Among them are Paradigm Shift, a spin off of the embattled startup Variston, which misplaced employees and was struggling to outlive in 2024; and Epsilon, which is led by Jeremy Fetiveau, an business veteran who used to work for a division inside U.S. protection big L3Harris that was created after the corporate acquired the Australian startup Azimuth.” Fetiveau didn’t return a request for remark.
The metropolis is claimed to be additionally house to an unnamed group of Israeli researchers who moved to Barcelona from Singapore to work on growing zero-day exploits. The existence of this unnamed crew in addition to Epsilon’s presence in Barcelona was first reported by Israeli newspaper Haaretz, whose article sparked protection in native newspapers and information web sites.
Other cybersecurity corporations have a presence in Barcelona, even when they aren’t headquartered there. Andrijana Šekularac, the chief government of Austrian cybersecurity firm SAFA lives within the metropolis, in response to her public LinkedIn profile. SAFA has sponsored offensive cybersecurity conferences, together with OffensiveCon and Hexacon, and employs at the least two safety researchers with previous expertise at spy ware corporations, in response to their public LinkedIn profiles. Šekularac additionally didn’t reply to a request for remark.
These zero-day and spy ware corporations are a part of a broader cybersecurity and startup ecosystem in Barcelona. As of final yr, in response to the Catalan regional authorities, there have been greater than 10,000 individuals working for greater than 500 cybersecurity corporations in Barcelona, or round 50% extra staff than 5 years earlier.
Contact Us
Do you have got extra details about Epsilon, Head and Tail, Paradigm Shift, or different authorities spy ware makers? From a non-work system, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or electronic mail. You can also contact TechCrunch by way of SecureDrop.
Barcelona isn’t only a hotbed for surveillance tech makers, however startups usually, with some rating the town among the many high startup hubs in Europe. The metropolis is the founding house for meals supply startup Glovo, which competitor SupplyHero valued at €2.3 billion in 2021 when it acquired a majority stake within the Catalan firm; orthodontics startup Impress, which raised $125 million in 2022 and $114 million in 2024; and enterprise journey administration platform TravelPerk, which raised $105 million in 2024; amongst greater than 2,200 different startups, in response to the Barcelona and Catalonia Startup Hub, an area authorities challenge that tracks the startup ecosystem within the area.
The metropolis is engaging to staff as a result of its value of residing is cheaper than different European startup hubs like London, Amsterdam, and Berlin. Then, there’s the maybe extra apparent causes, at the least for anybody who’s been to Barcelona: The metropolis has good seashores, much like Tel Aviv, Cyprus, and Greece, locations which can be or had been house to spy ware corporations like NSO Group, Circles, and Intellexa.
There are additionally different causes, aside from the town’s attractiveness, which have introduced Israeli safety researchers particularly to Barcelona. As Haaretz reported on the finish of December 2024, Israel has develop into extra restrictive in granting licenses to export spy ware to different nations within the wake of the scandals involving NSO Group, leaving the door open for corporations to maneuver overseas. It is now harder for corporations to export spy ware from Israel to the remainder of the world, together with the European Union, than from throughout the bloc itself.
One particular person advised Haaretz that this course of is just not “emigration to Spain, it’s expulsion to Spain.”
While Paradigm Shift is brazenly promoting itself as an offensive cybersecurity firm, with job listings for roles that match any such enterprise, different corporations aren’t as clear, identical to Variston was. Paradigm Shift is headed by Leone Pontorieri, in response to the corporate’s enterprise data, in addition to Filippo Roncari and Simone Ferrini, in response to their public LinkedIn profiles. The three had been a part of an Italian startup that was acquired by Variston in 2018, when the corporate launched in Barcelona, and one of many first spy ware corporations to arrange its operations within the Catalan metropolis.
Representatives for Paradigm Shift didn’t reply to a request for remark.
A stealthy startup with many names
Palm Beach Networks has thus far prevented any public claims of involvement in human rights abuses, in contrast to spy ware makers NSO Group, and earlier than it Hacking Team and FinFisher, have up to now. But the corporate does have an intriguing historical past of adjusting names, a method that different spy ware distributors have beforehand used to masks their company possession. Israeli spy ware makers Candiru rebranded a number of instances earlier than the corporate was added to the U.S. authorities’s commerce ban record in 2021, and NSO itself had a posh company construction.
The title Palm Beach Networks “was a bit secretive and solely mentioned by Levin and others at later levels,” in response to the Israeli researcher.
As it seems, Palm Beach Networks could already be an out of date title, and the second iteration of a startup with a distinct id.
An organization known as Defense Prime Inc. turned Palm Beach Networks on May 11, 2023. On June 16, 2023 an organization known as Head and Tail began operations in Barcelona. Then on June 28, 2024, Palm Beach Networks was dissolved, in response to enterprise data filed in Florida and Spain.
Defense Prime and Palm Beach Networks seem like linked to Head and Tail resulting from overlapping executives and key figures.
An individual named Sai Gopal is listed as Head and Tail’s licensed signatory in Spanish enterprise data, and somebody with the identical title was listed because the treasurer of Defense Prime in Florida enterprise data. Gopal couldn’t be reached for remark.
Business data additionally present Alexey Levin, the CTO who tried to rent the Israeli safety researcher for Palm Beach Networks, is the director of Head and Tail. Representatives from Head and Tail didn’t return TechCrunch’s request for remark.
A present government at a spy ware maker, who requested to stay nameless, advised TechCrunch that Levin works at Palm Beach Networks. Previously, the manager mentioned, Levin was an early developer at NSO Group, after which additionally labored at Candiru.
On its official web site, Head and Tail makes no express point out of the truth that it develops surveillance expertise, however as a substitute says it addresses “a myriad of cybersecurity points, together with risk intelligence, vulnerability assessments, safety consciousness coaching, and incident response.” The firm has job listings for Barcelona, Madrid, and Sevilla.
In the tip, the Israeli researcher turned down the prospect to work at Palm Beach Networks, despite the fact that individuals he is aware of advised him the corporate pays a few of its staff eye-watering salaries that vastly exceed the nation’s gross annual common.
The researcher mentioned he was frightened he could find yourself like some NSO Group’s staff, who’ve needed to cope with the fallout from human rights scandals, Facebook blocking and deleting their private accounts, and the U.S. authorities threatening to disclaim their visas.
“I may get ok cash elsewhere and never have to fret about what’s going to occur or who I’m working for,” mentioned the researcher, “particularly after I felt they aren’t a clear firm and I wouldn’t know who the shoppers are.”
