Pakistan rejects Amnesty’s spyware claims amid Intellexa probe

WEB DESK: Pakistan has firmly dismissed allegations published in a new Amnesty International–supported investigation that claim Israeli-made Predator spyware was actively deployed inside the country, calling the assertions baseless and politically motivated. A senior intelligence officer, speaking to Dawn on condition of anonymity, described the findings as “an attempt to malign Pakistan”, insisting there was “not an iota of truth” to the suggestion that the state had purchased or used the surveillance tool.

The accusations appear in the “Intellexa Leaks”, a months-long transnational investigation conducted by Inside Story in Greece, Haaretz in Israel and the Switzerland-based WAV Research Collective, with Amnesty International’s Security Lab providing forensic analysis. The probe draws on a trove of leaked internal documents, training videos and sales material from Intellexa — the consortium behind Predator, a spyware system long linked to attacks on journalists, activists and political figures in multiple countries.

According to Amnesty, its researchers analysed a suspicious WhatsApp link received in mid-2025 by a human rights lawyer in Pakistan. The Security Lab concluded the link was associated with a Predator “1-click” attack server, suggesting an attempt to infect the lawyer’s phone. While authorities in Islamabad reject any state role, Amnesty maintains that the incident is evidence that Predator activity “is ongoing inside Pakistan”, posing what it calls a grave threat to privacy and free expression.

Jurre van Bergen, a technologist with Amnesty’s Security Lab, said the leaked files provide “one of the clearest and most damning views yet” of Intellexa’s internal operations. He noted that, in some cases, the company appeared to retain the ability to remotely access customer surveillance logs — a capability that, if verified, raises questions about Intellexa’s own liability in cases where its technology is used to commit rights violations. Previous forensic work by groups like Citizen Lab had already linked Predator to high-profile attacks, including the targeting of Greek journalist Thanasis Koukakis in 2021.

Predator typically infiltrates devices through malicious links that exploit vulnerabilities in mobile browsers, granting operators sweeping access to messages, audio files, call logs, photos and real-time locations. The spyware routes stolen data through an anonymisation network before transmitting it to servers based in the operator’s country, a system designed to mask the source of the intrusion. Leaked files also reference “Aladdin”, Intellexa’s next-generation tool capable of infecting phones silently through online advertisements, bypassing the need for a user to open a link.

While Pakistani officials remain adamant that the country has no connection to Predator, Amnesty says more revelations are forthcoming. The organisation plans to release additional reports on its Pakistan-focused investigations in the coming months, even as Islamabad continues to denounce the claims as unfounded and damaging.

‘Mass surveillance’

Earlier in September this year, Amnesty had also accused Pakistan of operating one of the world’s most intrusive surveillance systems outside China, alleging that authorities monitor millions of citizens through mass phone-tapping and a sophisticated Chinese-built internet firewall. In a report released Tuesday, the organisation said Pakistan has dramatically expanded its surveillance capabilities using a mix of Chinese and Western technologies to suppress dissent, restrict media freedom and curb political expression.

According to Amnesty, the state’s Lawful Intercept Management System (LIMS) can track at least four million calls and messages simultaneously, while a firewall known as WMS 2.0 can intercept up to two million internet sessions in real time. All major mobile networks have reportedly been ordered to integrate with LIMS, creating what Amnesty technologist Jurre van Berge described as a “chilling effect” on public speech.

The findings also draw on a 2024 Islamabad High Court case filed by Bushra Bibi, the wife of former prime minister Imran Khan, after her private calls were leaked. While defence and intelligence ministries denied involvement, the telecom regulator confirmed requiring operators to install LIMS for use by “designated agencies.”

Amnesty further reported that Pakistan has blocked around 650,000 websites, including major platforms such as YouTube, Facebook and X, with restrictions particularly heavy in Balochistan. The firewall system is linked to Chinese firm Geedge Networks and incorporates technology from US, French and Chinese companies. The group also identified German company Utimaco as the manufacturer of Pakistan’s phone-tapping system. Authorities did not respond to Reuters’ questions about the report.