US immigration agents will have access to one of the world’s most sophisticated hacking tools after a decision by the Trump administration to move ahead with a contract with Paragon Solutions, a company founded in Israel which makes spyware that can be used to hack into any mobile phone – including encrypted applications.
The Department of Homeland Security first entered into a contract with Paragon, now owned by a US firm, in late 2024, under the Biden administration. But the $2m contract was put on hold pending a compliance review to make sure it adhered to an executive order that restricts the US government’s use of spyware, Wired reported at the time.
That pause has now been lifted, according to public procurement documents, which lists the US Immigration and Customs Enforcement (Ice) as the contracting agency.
It means that one of the most powerful stealth cyberweapons ever created – which was produced outside the US – is now in the hands of an agency that has repeatedly been accused by civil and human rights groups of violating people’s due process rights.
The story was first reported by journalist Jack Poulson on his All-Source Intelligence Substack newsletter.
Neither Paragon nor Ice immediately responded to a request for comment.
When it is successfully deployed against a target, the hacking software – called Graphite – can hack into any phone. By essentially taking control of the mobile phone, the user – in this case, Ice – can not only track an individual’s whereabouts, read their messages, look at their photographs, but it can also open and read information held on encrypted applications, like WhatsApp or Signal. Spyware like Graphite can also be used as a listening device, through the manipulation of the phone’s recorder.
An executive order signed by the Biden administration sought to establish some guardrails around the US government’s use of spyware. It said that the US “shall not make operational use of commercial spyware that poses significant counterintelligence or security risks to the United States government or significant risks of improper use by a foreign government or foreign person”. The Biden administration also took the extraordinary step of placing one of Paragon’s rival spyware makers, NSO Group, on a commerce department blacklist, saying the company had knowingly supplied foreign governments to “maliciously target” the phones of dissidents, human rights activists and journalists.
Paragon has sought to differentiate itself from NSO Group. It has said that, unlike NSO – which previously sold its spyware to Saudi Arabia and other regimes – that it only does business with democracies. It has also said it has a no tolerance policy and will cut off government clients who use the spyware to target members of civil society, like journalists. Paragon also refuses to disclose who its clients are and has said it does not have insight into how its clients use the technology against targets.
Spyware makers like Paragon and NSO have said their products are intended to be used to prevent crime and terrorist attacks. But both companies software has been used in the past to target innocent people, including individuals who have been perceived to be government enemies.
John Scott-Railton, a senior research at the Citizen Lab at the University of Toronto, who is one of the world’s leading experts on cases in which spyware like Graphite has been abused by governments, said in a statement that such tools “were designed for dictatorships, not democracies built on liberty and protection of individual rights”.
“Invasive, secret hacking power is corrupting. That’s why there’s a growing a pile of spyware scandals in democracies, including with Paragon’s Graphite,” he said, referring to a controversy in Italy that erupted last last year.
Paragon broke off its ties to Italy after it was revealed that 90 people, including journalists and members of civil society, in two dozen countries, had been targeted with the spyware. The individuals who were targeted by the Italian government included human rights activists who have been critical of Italy’s dealings with Libya. Several journalists were also targeted, though it is still unclear who ordered those hacking attacks.
The US government has in the past resisted using spyware technology made outside the US because of concerns that any company that sells technology to multiple government agencies around the world represents a potential security risk.
“As long as the same mercenary spyware tech is going to multiple governments, there is a baked-in counterintelligence risk. Since all of them now know what secret surveillance tech the US is using, and would have special insights on how to detect it and track what the US is doing with it,” Scott-Railton said. “Short of Paragon cancelling all foreign contracts, I’m not sure how this goes away.”
