View all stories
Who are Todd and Julie Chrisley? How to know about the pardon of Trump’s couple who have committed fraud.
Who are Todd and Julie Chrisley? How to know about the pardon of Trump’s couple who have committed fraud.
International Trade Court hinders Trump's tariffs in Emergency Powers Act: NPR
International Trade Court hinders Trump's tariffs in Emergency Powers Act: NPR
Company Directors Who Cause Natural Damage in Scotland May Face Prison | Scotland
Company Directors Who Cause Natural Damage in Scotland May Face Prison | Scotland
U.S. judge says efforts to deport Mahmoud Khalil may be unconstitutional | Court News
U.S. judge says efforts to deport Mahmoud Khalil may be unconstitutional | Court News
Chile's salmon farm hope for calming water
Chile's salmon farm hope for calming water
Dan Hooker laughs at his virus backyard brawl tournament: “Now I have to do more
Dan Hooker laughs at his virus backyard brawl tournament: “Now I have to do more
Chelsea didn't spend £1bn to win UECL, but it's the beginning
Chelsea didn't spend £1bn to win UECL, but it's the beginning
A ideia que mudou o mundo – ECO
A ideia que mudou o mundo – ECO
Smoky Robinson filed $500 million counterclaim after sexual assault charges
Smoky Robinson filed $500 million counterclaim after sexual assault charges
Alejandro Sanz
Alejandro Sanz
Skip to content

How Barcelona became an incredible hub for spyware startups

    How Barcelona became an incredible hub for spyware startups

    How Barcelona became an incredible hub for spyware startups

    In late 2023, an Israeli security researcher in Tel Aviv said he was contacted on LinkedIn with a “well-paying” job opportunity overseas. He said the company's human resources department told him it was a “legitimate” offensive security company built from scratch in Barcelona, ​​Spain.

    But throughout the hiring process, something felt a little off, researchers recalled to TechCrunch.

    “The whole secrecy process was very strange. Some of the employees who interviewed me didn't use their full names, and it took them a long time to reveal the company's location, let alone its name. If everything was legal, why would it? What's the secret?” the researchers told TechCrunch. “It seems likely that this company will be sanctioned in the future and things could get dirty.”

    When he spoke with the company's chief technology officer, the researcher said he was told, “We will only have legitimate customers and, unlike other companies, we will not sell to questionable countries.”

    Alexey Levin, chief technology officer and former researcher at sanctioned spyware maker NSO Group, told researchers the company trying to hire him was called Palm Beach Networks, which developed everything from zero-day exploits for compromising devices to research The spyware implant itself refers to surveillance software installed on the target device, officials said.

    The researcher said Levin also told him that Palm Beach Network had at least one U.S. government client. (Levine did not respond to a request for comment.)

    But why find a spyware startup in Barcelona? Just a few years ago, the company was at the center of a wide-reaching political scandal in which Spanish government officials used spyware to target local politicians pushing for independence? Like many other startups in the city; the researcher said company employees told him that because living in the city is similar to life in Israel, there are good tax benefits and the weather is great.

    These are some of the reasons why Barcelona has been an unlikely hub for spyware companies over the past few years, according to multiple people working in the offensive cybersecurity industry who spoke to TechCrunch and from business records we've seen.

    Barcelona has become a key regional outpost for offensive cybersecurity companies, bringing the spyware problem directly to Europe's doorstep. Europe's relationship with surveillance technology has been strained due to scandals in Cyprus, Greece, Hungary and Poland – all involving Israeli spyware makers.

    “It would be a worrying development if a large city in Europe became a center for spyware manufacturers,” said Natalia Klapiva, legal counsel at Access Now, a nonprofit organization that specializes in investigating and researching spyware. (Natalia Krapiva) told TechCrunch. Klapiva said the spyware business is “closely linked to corruption and abuse of power.”

    “Spanish citizens, media and policymakers should scrutinize these businesses to see whether they are operating in compliance with national and EU law, and whether the Spanish government may be involved in abusing its surveillance tools, especially given Spain's history with Pegasus,” said . Crapiva.

    John Scott-Railton, a senior researcher at Citizen Lab, also expressed concern. He and his colleagues have been investigating the misuse of spyware tools at the lab for more than a decade. Scott-Railton noted that there have been past cases of spyware misuse not only against human rights activists and dissidents in non-democratic countries such as Ethiopia and Saudi Arabia, but also against U.S. diplomats and targeted individuals, including politicians within Europe. homes and citizens.

    “This will add fuel to the fire of Europe's spyware crisis. If experience is any guide, it's only a matter of time before customers use this technology against Spain's allies and EU partners,” Scott-Railton told TechCrunch. “Governments that allow this industry to flourish are gambling with their own covert capabilities and human capital. Once mercenary spyware and exploit developers come to town and start recruiting, those capabilities tend to leak outward, including to potential future adversaries ”

    Aerial view of the Sagrada Familia in Barcelona, ​​Spain at dusk.
    On October 19, 2024, Barcelona, ​​Spain, the view of the Sagrada Familia at night. (Photo: Joan Valls/Urbanandsport/NurPhoto/GETTY IMAGES)

    Sunshine, seafood and spyware

    In addition to Palm Beach Networks, as it was then known, Barcelona was home to several other exploit and spyware manufacturers who also took advantage of the city's sunny, mild weather, fresh seafood, and vibrant expat population. Community.

    These include Paradigm Shift, a spin-off of troubled startup Variston, which lost employees and struggled in 2024; Epsilon is led by Jeremy Fetiveau, an industry veteran who worked at US defense giant L3Harris , which was created after the company acquired Australian startup Azimuth. ” Fetivo did not respond to a request for comment.

    The city is also said to be home to a group of unnamed Israeli researchers who moved to Barcelona from Singapore to work on developing zero-day vulnerabilities. The existence of the unnamed team and Epsilon's presence in Barcelona was first reported by Israeli newspaper Haaretz, whose article sparked coverage in local newspapers and news websites.

    Other cybersecurity companies also have offices in Barcelona, ​​even if their headquarters are not there. According to public information on LinkedIn, Andrijana Šekularac, CEO of the Austrian cybersecurity company SAFA, lives in this city. SAFA sponsors offensive cybersecurity conferences, including OffectiveCon and Hexacon, and employs at least two security researchers with experience working for spyware companies, according to public LinkedIn profiles. Sekulalak also did not respond to a request for comment.

    These zero-day software and spyware companies are part of Barcelona’s wider cybersecurity and startup ecosystem. As of last year, Barcelona had more than 10,000 employees working for more than 500 cybersecurity companies, an increase of about 50% from five years ago, according to the Catalan regional government.

    Contact us

    Do you have more information about Epsilon, Head and Tail, Paradigm Shift, or other government spyware manufacturers? On non-work devices, you can contact Lorenzo Franceschi-Bicchierai securely via Signal (+1 917 257 1382) or via Telegram and Keybase @lorenzofb or email. You can also contact TechCrunch through SecureDrop.

    Barcelona is a hotbed not only for surveillance technology manufacturers, but for startups as a whole, with some ranking the city as one of Europe's top startup hubs. The city is the founding home of food delivery startup Glovo, with rival DeliveryHero acquiring a majority stake in the Catalan company in 2021, valuing the company at €2.3 billion; orthodontics startup Impress raised $125M in 2022 and $1.14M in 2024 $100 million; business travel management platform TravelPerk, raised $105 million in 2024; more than 2,200 more in the region, according to Barcelona and Catalonia Entrepreneurship Center, a local government project that tracks the region’s entrepreneurial ecosystem startup company.

    The city is attractive to workers because its cost of living is cheaper than other European startup hubs such as London, Amsterdam and Berlin. And then, perhaps, there are more obvious reasons, at least for anyone who has been to Barcelona: the city has beautiful beaches, similar to those in Tel Aviv, Cyprus and Greece, which are or have been the home of NSO Group, Circles and others Home of spyware companies. Intel Lexa.

    Besides the city's appeal, there are other reasons that draw Israeli security researchers to Barcelona. As Haaretz reported at the end of December 2024, after the NSO Group scandal, Israel became more stringent in terms of licenses for exporting spyware to other countries, opening the door for companies to move overseas. It is now more difficult for companies to export spyware from Israel to other parts of the world, including the EU, than from within the EU.

    One person told Haaretz that the process was not “immigration to Spain, but deportation to Spain”.

    While Paradigm Shift openly promotes itself as an offensive cybersecurity company and provides job listings for that type of business, other companies are less transparent, as Variston has been in the past. Paradigm Shift is led by Leone Pontorieri, according to company records, and also by Filippo Roncari and Simone Ferrini, according to public LinkedIn profiles. The trio are part of an Italian startup founded in Barcelona in 2018 and acquired by Variston, and were one of the first spyware companies to operate in the Catalan city.

    Representatives for Paradigm Shift did not respond to requests for comment.

    A stealthy startup with many names

    Unlike spyware makers NSO Group, as well as Hacking Team and FinFisher in the past, Palm Beach Networks has so far avoided public claims of involvement in human rights abuses. But the company does have an interesting history of name changes, a tactic that other spyware vendors have previously used to obscure their corporate ownership. Israeli spyware maker Candiru changed its name several times before being placed on the U.S. government's trade ban list in 2021, and NSO itself has a complex corporate structure.

    The Israeli researchers said the name Palm Beach Network was “somewhat mysterious and was mentioned only at a later stage by Levine and others.”

    As it turns out, Palm Beach Networks may be an outdated name and the second iteration of a startup with a different identity.

    A company called Defense Prime Inc. changed its name to Palm Beach Networks on May 11, 2023. On June 16, 2023, a company called Head and Tail started operations in Barcelona. Palm Beach Networks was dissolved on June 28, 2024, according to business records filed in Florida and Spain.

    Defense Prime and Palm Beach Networks appear to have ties to Head and Tail due to overlapping executives and key figures.

    In Spanish business records, a person named Sai Gopal is listed as an authorized signatory for Head and Tail, and in Florida business records, a person with the same name is listed as Treasurer of Defense Prime. Gopal could not be reached for comment.

    Business records also show that Alexey Levin, the chief technology officer who sought to hire an Israeli security researcher for Palm Beach Networks, is a director of Head and Tail. Representatives for Head and Tail did not respond to TechCrunch's request for comment.

    A current executive at the spyware maker told TechCrunch on condition of anonymity that Levine works at Palm Beach Networks. Previously, the executive said Levin was an early developer at NSO Group and later worked at Candiru.

    On its official website, Head and Tail makes no explicit mention of the fact that it develops surveillance technology, instead saying that it solves “myriad cybersecurity problems, including threat intelligence, vulnerability assessments, security awareness training, and incident response.” The company has job listings in Barcelona, ​​Madrid and Seville.

    Ultimately, the Israeli researcher turned down the opportunity to work at Palm Beach Networks, even though people he knew told him the company paid some employees eye-popping salaries that far exceeded the country's annual average .

    The researcher said he fears he could end up like some NSO Group employees, who have had to deal with the fallout from a human rights scandal, Facebook blocking and deleting their personal accounts, and threats from the U.S. government to deny visas.

    “I can get enough money elsewhere without having to worry about what's going to happen or who I'm working for,” the researcher said, “especially when I feel like they're not a transparent company and I don't know who the customers are. ”

    Who are Todd and Julie Chrisley? How to know about the pardon of Trump’s couple who have committed fraud. International Trade Court hinders Trump's tariffs in Emergency Powers Act: NPR Company Directors Who Cause Natural Damage in Scotland May Face Prison | Scotland U.S. judge says efforts to deport Mahmoud Khalil may be unconstitutional | Court News Chile's salmon farm hope for calming water Dan Hooker laughs at his virus backyard brawl tournament: “Now I have to do more Chelsea didn't spend £1bn to win UECL, but it's the beginning A ideia que mudou o mundo – ECO Smoky Robinson filed $500 million counterclaim after sexual assault charges Alejandro Sanz