A new spyware scandal landed squarely in Pakistan’s already fraught human rights landscape. An investigation led by Amnesty International revealed forensic evidence that Predator commercial spyware tied to the Israeli-linked Intellexa consortium had been deployed against at least one human rights lawyer in Balochistan. The finding places Pakistan among a growing list of states using mercenary surveillance technology against their own citizens and raises uncomfortable questions about covert security cooperation with Israeli-origin firms despite the lack of formal diplomatic ties.

The disclosure follows earlier reporting on Pakistan’s rapidly expanding surveillance and censorship machinery, which already rivals some of the world’s most intrusive systems. The confirmed targeting in Balochistan a province long associated with enforced disappearances, extrajudicial killings and militarization shows how elite spyware tools are being layered on top of existing abuses rather than constrained by law or oversight.

Inside the Intellexa Surveillance Machine

The Pakistan episode is part of a wider leak that lifts the lid on Intellexa, a web of companies built around former Israeli intelligence officer Tal Dilian. Over the past decade, Dilian and his partners have stitched together a global surveillance business anchored not in a single capital but in a shifting cluster of entities registered in Greece, Cyprus, Ireland, Hungary, North Macedonia and other jurisdictions. The structure is designed to complicate regulation and obscure who is really buying what.

Intellexa’s flagship product, Predator, is marketed as a lawful interception platform for government clients. In practice, it turns a smartphone into a portable listening device. Once a phone is compromised, operators can read encrypted messages, pull photos and documents, harvest passwords, track movements and silently switch on the microphone and camera. Because it penetrates the device itself rather than relying on telecom networks, it sidesteps many of the safeguards built into modern communications services.

The leaks show how aggressively Intellexa has worked to preserve that edge. Internal presentations and technical documents describe infection chains that rely on browser vulnerabilities and one-time links tailored to individual targets. One of the most troubling innovations is “Aladdin”, an attack vector built on online advertising infrastructure. Instead of tricking a target into tapping a malicious link, Aladdin uses ad delivery systems so that simply loading an ad in a browser or app can trigger a hidden exploit. Combined with IP data supplied by local providers, it enables precision targeting at scale through what looks like ordinary commercial tracking.

Equally alarming is the evidence that Intellexa maintained remote access to operational systems installed inside government facilities. Training videos and logs show company staff connecting into live Predator instances via remote desktop tools, watching infections unfold in real time and viewing the same control panels used by state operators. In some cases they could see technical details that would allow them to identify the people being targeted. That reality cuts through years of industry claims that vendors sell “black boxes” and have no visibility into who governments spy on.

Predator Comes to Pakistan

Against that backdrop, the Pakistan case is both unsurprising and politically explosive. According to the new findings, a human rights lawyer in Balochistan received a WhatsApp message in mid‑2025 from an unknown number claiming to be a foreign journalist. The message linked to what appeared to be a European news site. Forensic analysis later showed the site was a carefully crafted fake and the URL matched patterns previously associated with Predator “one‑click” infrastructure in other countries.

The phone does not appear to have been successfully infected, but the attempt still matters. It is the first publicly documented use of Predator in Pakistan. The profile of the intended target a lawyer representing victims in a province synonymous with army operations and disappeared persons undercuts official narratives that such tools are reserved for terrorism or serious organized crime. And the timing coincides with renewed scrutiny of abuses in Balochistan, including fresh interventions by UN experts and growing street-level mobilization led by families of the missing.

The choice of target is telling. Lawyers and human rights defenders in Balochistan sit at the fault line between the security establishment and communities alleging grave violations. They represent families who say relatives have been picked up by security forces and never seen again. They already face threats, vilification, criminal charges and physical attacks. Spyware of Predator’s calibre adds a more intimate danger: the ability to map their clients, sources and networks; anticipate legal strategies; and intimidate everyone whose details pass through a single device.

A Surveillance State Already in Motion

The Predator story plugs into a much larger architecture that has been taking shape in Pakistan for years. In September 2025, a major report documented how security agencies run a nationwide interception and filtering system built around two core platforms.

The Lawful Intercept Management System (LIMS) sits inside domestic telecom networks, giving the authorities the capacity to monitor communications across millions of mobile devices. Alongside it, the Web Monitoring System 2.0 (WMS 2.0) functions as a central internet filter capable of blocking vast numbers of sessions, enforcing keyword-based blocks and cutting access to entire platforms.

These systems draw on technology from a shifting cast of foreign suppliers. Earlier generations relied on western deep‑packet inspection equipment; later iterations incorporated Chinese-made hardware and software, supplemented by components sourced via Europe and the Gulf. This patchwork makes it harder to trace responsibility for rights impacts and easier for companies to argue that their role is limited or indirect.

Domestically, the law has moved in the same direction. In July 2024, the government granted the Inter‑Services Intelligence agency sweeping powers to intercept calls, messages and internet traffic, despite a recent court ruling that had challenged the legality of blanket wiretapping. Oversight mechanisms remain weak, often internal to the same executive branch that orders surveillance. There is no clear path for citizens to learn whether they have been watched, let alone seek redress.

Internet shutdowns have become a regular security tool, particularly in Balochistan, where mobile and broadband services are frequently cut in the name of “law and order”. These blackouts are imposed with little transparency about criteria, duration or safeguards. In that context, importing a system like Predator does not create a surveillance state from scratch it sharpens and deepens one that is already embedded.

The Israel–Pakistan Paradox

The most politically sensitive aspect of the Intellexa revelations is the origin of the technology. Pakistan has never recognized Israel and routinely frames its position around solidarity with Palestinians. Its officials regularly condemn Israeli actions in the occupied territories at the UN and in other multilateral forums. The idea of buying cutting-edge offensive technology linked to Israeli expertise sits awkwardly with that narrative.

Yet reports over the past decade suggest that Pakistani agencies have quietly sought out sophisticated tools from firms with Israeli roots, often through subsidiaries registered in third countries. Former officials have tended to speak in generalities, insisting that “necessary technology” can be purchased on the open market without acknowledging specific companies or countries.

Intellexa is built for precisely this kind of deniability. Clients can contract with entities in Athens, Nicosia or Dublin while benefiting from know‑how that traces back to Israel’s security ecosystem. For a state like Pakistan, this structure offers access to premium surveillance capabilities while preserving the fiction that it is dealing only with “European” vendors.

The Predator case exposes that contradiction. On one hand, Pakistan positions itself as a vocal critic of Israeli power and the wider surveillance architecture of occupation. On the other, elements of its own security establishment appear willing to turn Israeli-linked spyware inward, not against foreign enemies but against domestic lawyers and activists in a restive province.

A Global Industry, Local Victims

Pakistan’s appearance in the Predator story underlines how normalized mercenary spyware has become in contemporary statecraft. Predator operations have been traced or strongly suspected in at least two dozen countries, from EU member states to Middle Eastern monarchies and African and Asian security services. The targets are depressingly familiar: journalists, opposition politicians, election staff, human rights defenders, lawyers, even senior officials within the same governments that bought the systems.

This pattern echoes the earlier wave of Pegasus abuses, when revelations about the NSO Group’s platform finally pushed intrusive surveillance into public debate. Taken together, Pegasus, Predator and similar tools show that the trade in weaponized software vulnerabilities is now a central feature of the global security economy, not a fringe phenomenon.

Governments and institutions have begun to respond. The United States has blacklisted Intellexa-linked entities and individuals, barred federal agencies from using certain commercial spyware and imposed visa restrictions on those associated with abuse. The European Union has tightened export rules and opened investigations into domestic deployments. New multi stakeholder processes have drafted principles and best practices.

But the Pakistan case illustrates how limited these measures still are. Sanctions and export controls imposed in Washington or Brussels do not automatically reach the point where a lawyer in Quetta receives a poisoned WhatsApp link. Vendors can rebrand, relocate and route contracts through new intermediaries. Governments can shop around for suppliers willing to operate in legal and political grey zones. As long as the appetite for such tools remains high, incremental controls will always be playing catch‑up.

What’s at Stake in Pakistan

For Pakistan, the Predator revelations are not just another human rights footnote. They cut to the core of how power is exercised and contested in the country.

At a minimum, the confirmed targeting should trigger a serious, independent inquiry into which agencies procured or operated Predator or comparable systems, under what legal framework and against which categories of people. That inquiry would need to be backed by:

• Disclosure of contracts and procurement channels for high‑end interception, intrusion and filtering technologies.

• Notification and remedies for individuals where credible evidence of targeting exists.

• Legislative reform that subjects surveillance to robust judicial oversight, clear necessity and proportionality tests, and real penalties for abuse.

Experience suggests this is unlikely without sustained internal and external pressure. Pakistan’s institutions have consistently struggled to impose real accountability on the military and intelligence services. The past few years have brought a renewed clampdown on critical media, opposition parties and rights groups, not a relaxation.

Even so, the Predator story gives journalists, lawyers and advocates a concrete, technically grounded case around which to organize. It ties a specific system and vendor network to a specific attempted intrusion, in a province already under the human rights spotlight. It shows how local repression is plugged into global supply chains and regulatory failure. And it forces a clearer conversation about the dissonance between Pakistan’s rhetorical stance on Israel and its apparent willingness to benefit from Israeli-derived surveillance tools.

For those on the receiving end reporters, lawyers, organizers the message is sobering. The phone they rely on to document abuses, coordinate cases and stay in touch with family can also be the instrument by which their professional and private lives are mapped in microscopic detail. For states and regulators, the lesson is equally stark: as long as powerful spyware remains a normal tool of government, layered on top of weak institutions and opaque security services, the space for dissent and independent advocacy will continue to shrink, one compromised device at a time.