Meta News

By MSB

The scandal surrounding the use of spyware against journalists and activists in Italy has added a troubling new chapter. Paragon Solutions, cited as the provider of the technology used in the attacks, is reportedly not cooperating with the Italian authorities investigating the case, according to recent reports.

The investigation began after alerts issued by platforms like WhatsApp and Apple, which notified dozens of individuals—including journalists and civil society members—that they had been targeted by spyware. At the center of the case is “Graphite,” an advanced surveillance tool developed by Paragon.

This type of software allows the compromise of mobile devices without user interaction, accessing communications, files, and sensitive data. In cybersecurity terms, it represents one of the most sophisticated threats within the realm of digital surveillance.

Following the complaints, Italian prosecutors opened a criminal investigation that is ongoing.

One of the most delicate aspects of the case is Paragon's alleged lack of collaboration. Despite having previously stated its intention to help clarify the facts, the company allegedly did not respond to formal requests for information from investigators.

This behavior raises multiple questions:

• Is this a corporate decision to avoid legal implications?
• Are there external governmental restrictions limiting cooperation?
• Is the protection of state clients at stake?

Experts point to a possible geopolitical factor: the intervention of Israeli authorities, which have historically restricted access to sensitive information from cyber-intelligence companies in international investigations.

The Italian case is not isolated. Similar investigations in other European countries have faced obstacles when it comes to obtaining cooperation from spyware companies. In Spain, for example, an investigation related to surveillance tools was also limited by a lack of international cooperation.

This reveals a structural problem: the lack of effective mechanisms to audit and regulate the use of spyware globally.

Paragon has historically presented itself as a “responsible” alternative within the spyware industry, asserting that its products are sold only to democratic governments and under strict conditions.

However, recent events call that narrative into question. Previous investigations already confirmed that journalists and activists in Italy were indeed compromised by this type of technology.

This raises a key question for modern cybersecurity: is it possible for truly ethical spyware, or is it an inherent contradiction?

From a technical and strategic perspective, this case leaves several relevant lessons:

• Commercial spyware is a state-level threat, but accessible to multiple actors.
• Attribution remains complex, even when the tool used is identified.
• International cooperation is a critical weak point in cybercrime investigations.
• Supplier transparency is limited, especially when governmental interests are involved.

The Paragon case in Italy exposes a fundamental tension in the world of cybersecurity: the gap between technological capability and global governance.

While surveillance tools become more sophisticated and accessible, the mechanisms to control them advance much slower. And in this imbalance, journalists, activists, and ordinary citizens are left in increasingly vulnerable positions.

The question is no longer just who spies, but who controls those who have the ability to do so.