Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In late 2023, an Israeli security researcher in Tel Aviv said he was approached on LinkedIn with an opportunity to work abroad with a “good salary.” He said the company’s HR department told him it was a “legitimate” offensive security company based out of Barcelona, Spain.
But throughout the recruitment process, the researcher described to TechCrunch, things got a little off.
“The whole secrecy was very strange. Some of the employees I interviewed didn’t use their full names, taking too long to reveal where the company was located, let alone its name. If everything is legal, why is it so secret?” The researcher told TechCrunch. “This looks like a company that could get sanctioned in the future and things could get messy.”
When he spoke to the company’s chief technology officer, the researcher said he was told something like, “We will only have legitimate customers and, unlike other companies, will not sell to shady countries.”
Alexey Levin, the hiring CTO and a former researcher at affiliated spyware maker NSO Group, told the researcher that the company trying to hire him is called Palm Beach Networks, and that it develops everything from zero-day exploits used to compromise devices. . Spyware implant itself, refers to surveillance software that is installed on a target’s device, according to the researcher.
The researcher said that Levin also told him that the Palm Beach network had at least one US government customer. (Levine did not respond to a request for comment.)
But why was a spyware startup found in Barcelona, just a few years ago was at the center of a wide-ranging political scandal Where Spanish government officials used spyware to target local politicians who were pushing for independence? Just like other startups in the city; The researcher said that company employees told him that living in the city is similar to living in Israel, which is there Good tax benefitsand good weather.
According to multiple people who work in the offensive cybersecurity industry who spoke to TechCrunch, as well as business records we’ve seen, over the past few years, Barcelona has been an unlikely destination for spyware companies. Some of the reasons why it has become the center.
The spyware problem is on Europe’s doorstep, with Barcelona becoming a key regional outpost for aggressive cybersecurity companies. A broken relationship with surveillance technologyDue to the scandal between Cyprus, Greece, HungaryAnd Poland — Israeli spyware makers involved.
“It’s a development issue if a major city in Europe becomes a center for spyware manufacturers,” Natalia Krapiva, legal counsel at the nonprofit Access Now, which specializes in spyware investigation and research, told TechCrunch. Krapiva said the spyware business “goes hand in hand with corruption and abuse of power.”
“Spanish citizens, the media, and policymakers should carefully examine these businesses to see if their operations are consistent with national and EU laws and if the Spanish government is complicit in the misuse of their surveillance tools, especially given Spain’s history with Pegasus,” said Krapiva.
John Scott-Relton, a senior researcher at Citizen Lab, where he and his colleagues have investigated misuse of spyware tools for more than a decade, expressed concern. Scott-Relton noted that in the past there have been cases of spyware misuse against human rights activists and dissidents in undemocratic countries such as Ethiopia and Saudi Arabia. But also against US diplomats and targeted individuals including politicians and citizens within Europe’s borders.
“This will add fuel to the fire of Europe’s spyware crisis. If experience is a guide, it’s only a matter of time before this technology is used by customers against Spain’s allies and EU partners,” Scott-Relton told TechCrunch. “Governments that allow this industry to flourish are gambling with their own hidden power and human capital. As mercenary spyware and developers come to town and start recruiting, these capabilities tend to drain outward, including potential future adversaries.”
Sun, seafood, and spyware
In addition to the Palm Beach Networks, as it was known at the time, Barcelona was home to several other exploitative and spyware makers making the most of the city’s sunny, temperate climate, fresh seafood and vibrant expat community.
They include Paradigm Shift, a spin-off startup Variston, which has lost workers and is struggling to survive in 2024; And Epsilon, which is led by Jeremy Fetiveau, an industry veteran who worked for a division within US defense giant L3 Harris that was created after the company acquired Australian startup Azimuth.” Fetiveau did not return a request for comment.
The city is also said to be home to an unnamed group of Israeli researchers who moved to Barcelona from Singapore to do development work. day zero Along with the existence of this team called Exploitation is Epsilon’s presence in Barcelona Israeli newspaper Haaretz first reportedWhose articles spread the coverage local newspaper and news website.
Other cybersecurity companies have a presence in Barcelona, even if they don’t have their headquarters. Andrijana Šekularak, chief executive of Austrian cybersecurity company SAFA, lives in the city, according to her public LinkedIn profile. SAFA co-sponsored the Offensive Cyber Security Conference Offensive Con And hexagonAnd employs at least two security researchers with past experience at spyware companies, according to their public LinkedIn profiles Shekularak also did not respond to requests for comment.
These zero-day and spyware companies are part of a broader cybersecurity and startup ecosystem in Barcelona. As of last year, According to the Catalan regional governmentBarcelona employs more than 10,000 people for more than 500 cybersecurity companies, or about 50% more than five years ago.
Contact us
Do you have more information about Epsilon, Head & Tail, Paradigm Shift, or other government spyware makers? From a non-work device, you can contact Signal securely at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You can also reach out via TechCrunch SecureDrop.
Barcelona is not only a hub for surveillance technology manufacturers, but also for startups in general something ranking The city is among Europe’s top startup hubs. City is the founder of food delivery startup Glovo, whose competitor DeliveryHero is valued €2.3 billion in 2021 When it acquired a majority stake in a Catalan company; Orthodontics Startup Impress, which Raised $125 million in 2022 And $114 million in 2024; and business travel management platform TravelPerk, which Raised $105 million in 2024; Among more than 2,200 other startups, According to Barcelona and Catalonia startup hubsA local government project that tracks the startup ecosystem in the region
The city is attractive to workers because of this Cost of living is cheap Compared to other European startup hubs such as London, Amsterdam and Berlin. Then there’s perhaps the more obvious reason, at least for those who’ve been to Barcelona: the city has excellent beaches, like Tel Aviv, Cyprus and Greece, places where spyware companies are or have been. NSO Group, the circleAnd Intellexa.
There are also other factors, besides the city’s attractions, that have drawn Israeli security researchers to Barcelona in particular. Haaretz reported At the end of December 2024, Israel became more restrictive in licensing spyware exports to other countries in the wake of the scandal involving the NSO group, leaving the door open for companies to go abroad. Companies exporting spyware from Israel now find it more difficult to export from within the bloc to the rest of the world, including the European Union.
One person told Haaretz that the process was “not immigration to Spain, it’s deportation to Spain”.
Time for a paradigm shift Publicly advertising itself As an aggressive cybersecurity company, with job listings for roles that fit this type of business, other companies aren’t as transparent. Variston as it were. Paradigm Shift is led by Leon Pontorieri, according to the company’s business records, as well as Filippo Roncari and Simone Ferrini, according to their public LinkedIn profiles. The three were part of an Italian startup that was acquired by Variston in 2018, when the company launched in Barcelona, and was one of the first spyware companies to set up its operations in the Catalan city.
Representatives for Paradigm Shift did not respond to requests for comment.
A secretive startup with many names
Palm Beach Networks has so far avoided any public claims of involvement in human rights abuses, unlike spyware maker NSO Group, and earlier hacking teams and Finfisher have done in the past. But the company has a fascinating history of changing names, a strategy that Other spyware vendors have previously used it to mask their corporate ownership. Israeli spyware maker Candiru rebranded several times The company was earlier Added to the US government’s trade embargo list In 2021, and NSO itself A complex corporate structure.
According to the Israeli researcher the Palm Beach Network name “was a little secret and only Levin and others said at a later stage”.
As it turns out, Palm Beach Networks could be the second iteration of a startup with an already unconventional name and a different identity.
A company called Defense Prime Inc. became Palm Beach Networks on May 11, 2023. A company called Head and Tail on June 16, 2023 Operation begins In Barcelona. Then on June 28, 2024, Palm Beach Networks was dissolvedAccording to business records filed in Florida and Spain.
Defense Prime and Palm Beach Networks appear to be tied head and tail due to overlapping executives and key figures.
A man named Sai Gopal are listed As an authorized signatory of Head and Tail on Spanish business records, and had someone of the same name Listed as treasurer Defense Prime’s in Florida business records. Gopal could not be contacted for comment.
Business records Also show Alexey Levin, the CTO who tried to recruit Israeli security researchers for Palm Beach Networks, is the head and tail director. Representatives for Head and Tail did not return TechCrunch’s requests for comment.
A current executive at a spyware maker, who asked to remain anonymous, told TechCrunch that Levin works at Palm Beach Networks. Previously, the executive said, Levine was a primary developer at NSO Group and then also worked at Candiru.
On its official websiteHead & Tail makes no explicit reference to the fact that it develops surveillance technology, but instead says that it “addresses numerous cybersecurity issues, including threat intelligence, vulnerability assessment, security awareness training and incident response.” The company has job listings in Barcelona, Madrid and Sevilla.
In the end, the Israeli researcher turned down the opportunity to work at the Palm Beach network, even though people he knew told him that the company paid some of its employees eye-watering salaries that far exceeded the country’s total annual average.
The researcher said he was worried he might end up like some employees of the NSO Group, who have had to deal with the fallout from the human rights scandal, Facebook. Blocking and deleting their personal accountsand the US government Threatened to refuse their visas.
“I can get enough money elsewhere and not have to worry about what happens or who I’m working for,” the researcher said, “especially when I feel like they’re not a transparent company and I don’t know who the customers are. .”
