The Algorithmic Panopticon: Cyber-Espionage Networks, Digital Assassinations, and Invisible Wars

In the global digital panopticon, where physical borders are erased in cyberspace and data has become a direct geopolitical weapon, the line between state apparatuses and private cyber-mercenary companies has completely vanished. Today, intelligence services such as the CIA, NSA, and especially Mossad use billion-dollar private cyber-intelligence firms as contractors to reduce operational risks, to operate in legal gray zones, and to hide behind the shield of "plausible deniability."

At the center of this ecosystem lies the "revolving door" syndrome established between the elite units of Israeli military intelligence (Unit 8200 and Unit 81) and the private sector. Senior cyber-intelligence officers who retire from the army establish offensive cyber-technology companies with the secret approval of the state, and these companies function as a "diplomatic lever" serving Mossad's geopolitical interests.

In this expanded article, we place under the microscope the founding periods of cyber-intelligence giants such as NSO Group, Black Cube, and Intellexa, the secret-service networks behind them, their operational mechanisms, and all the details of their world-shaking projects.

The Incubation Center: Unit 8200, Unit 81, and the Birth of Cyber-Mercenarism

To understand Israel's cyber-intelligence industry, one must look at the military incubation centers where the founders of these firms were trained.

• Unit 8200: The signals intelligence (SIGINT) and code-breaking unit of the Israel Defense Forces (IDF). The counterpart of the United States' NSA, this unit is where the world's most sophisticated cyber-weapons are developed.
• Unit 81: The IDF's most secretive technology unit. While Unit 8200 gathers information, Unit 81 designs the physical and digital micro-devices and invisible software that spies will use in the field.

From the late 2000s onward, officers who left these units began, with the encouragement of the state, to dominate the "offensive cybersecurity" market. Every sale by these companies is subject to the special permission of the Israeli Ministry of Defense's Defense Export Control Agency (DECA). In other words, every piece of software sold is in fact a state-controlled cyber-weapons export.

NSO Group and the Pegasus Project: The Secret Occupation of Smartphones

Founding Period and the Mossad Connection

NSO Group was founded in 2010 in Herzliya. The company's name comes from the initials of its founders, Niv Carmi, Shalev Hulio, and Omri Lavie. The founders are figures with deep ties to Unit 8200 veterans and the intelligence world.

Mossad used NSO Group as a tool of "cyber diplomacy" on the global stage. During the tenure of Mossad chief Yossi Cohen, the sale of Pegasus licenses to Middle Eastern and African countries that had no official diplomatic relations with Israel (the United Arab Emirates, Saudi Arabia, Bahrain, Morocco) was tolerated, and these sales were even encouraged. This cyber lever is the invisible fuel behind the normalization process known as the Abraham Accords.

The Pegasus Project: Operational and Technical Details

Pegasus is the world's most advanced "zero-click" spyware. It can infiltrate a device without the target making any mistake or clicking any link.

[Attacking Service] ➔ [iMessage/WhatsApp Background Exploit] ➔ [Invisible Packet] ➔ [Rooting the Device (Kernel Exploitation)] ➔ [Full Access]

• The FORCEDENTRY Exploit: This vulnerability, one of Pegasus's deadliest sub-projects, targeted an image-processing library (CoreGraphics) in Apple's iMessage system. Attackers send the target's phone a fake PSD (Photoshop) file disguised as a PDF. As the phone tries to preview this file in the background, an exploit at the processor level is triggered and the device is completely hacked. The target sees nothing on the screen and receives no notification.
• In-Memory Operation: Pegasus is optimized to run directly in the temporary memory (RAM) rather than being written to the device's permanent storage (Hard Drive). This way, when the device is restarted, the software's traces are largely erased, making it nearly impossible for cyber-forensics teams to detect.
• Data-Harvesting Capacity: Once infiltration is achieved, Pegasus relays messages from end-to-end encrypted applications such as Signal, Telegram, and WhatsApp to the central server, either before the messages are even encrypted (via keystroke tracking - keylogging) or the moment they are decrypted on screen (by taking screenshots).
• The Pegasus Project Targets: Journalists led by Forbidden Stories and Amnesty exposed a list containing more than 50,000 phone numbers selected as targets by NSO's clients. The list included heads of state (including French President Macron), journalists, and activists.

Black Cube: The Mercenary Army of Former Mossad Agents

Founding Period and the Mossad Connection

Black Cube (officially BC Strategy Ltd.) was founded in 2010 by former Israeli military intelligence officers Dan Zorella and Avi Yanus, based in Tel Aviv and London.

What distinguishes Black Cube from other cyber firms is its focus not only on software but on HUMINT (human intelligence) and psychological operations. The company's Honorary President and Founding Board Member is Meir Dagan, Mossad's legendary former director. The company employs former Mossad, Shin Bet, and Aman agents directly in its field operations. In a sense, it acts like a "privatized, contracted Mossad."

Operational Strategies and Deep Details

Black Cube combines cyber-intelligence with social engineering to lure its targets into digital and physical traps.

• Front Companies and Fake Identities: Black Cube agents establish fake venture capital firms or human rights organizations based in London, Paris, or New York. They approach the people they target (journalists, business figures, bureaucrats) with promises of major business partnerships or funding.
• The Harvey Weinstein Operation: Hollywood producer Harvey Weinstein hired Black Cube to silence journalists investigating sexual assault allegations against him and actresses likely to speak out (such as Rose McGowan). Black Cube's female agents, introducing themselves as "women's rights advocates" or "investors," built months-long friendships with their victims, placed their phones under surveillance, and seized, through digital theft methods, the documents they intended to give to journalists.
• Economic and Legal Manipulations: In major international lawsuits, they place the opposing side's lawyers or judges under surveillance, identify their weaknesses (financial gaps, secret relationships) through cyber-espionage, and use this data to manipulate the case for purposes of blackmail.

The Intellexa Alliance and Predator: Pegasus's European-Made Twin

Founding Period and Intelligence Ties

Intellexa was founded in 2019, the period when international pressure on NSO Group was mounting, by Tal Dilian, the former commander of Unit 81, the most technological unit of Israeli military intelligence. To escape the strict export restrictions of the Israeli Ministry of Defense, Dilian moved his cyber-espionage activities to Europe (first to Cyprus, then to Greece).

By acquiring the North Macedonia–based cyber company Cytrox, Intellexa became a massive alliance that developed spyware called Predator. Despite having an umbilical cord to the Israeli intelligence ecosystem, this structure operated on EU soil and took advantage of legal loopholes.

The Predator Project and Technical Details

Predator possesses the same destructive power as Pegasus functionally, but uses different tactics in its infiltration methods.

• Tactical Network Injection: Predator can intervene in network traffic at the level of the target's internet service provider (ISP). The moment the target attempts to visit an entirely legitimate website (for example, a local news site), with Intellexa's interception, the device is invisibly redirected within milliseconds to Predator's infected server and the software is loaded onto the device.
• One-Click Social Engineering: When zero-click exploits are closed, Predator generates fully personalized fake links based on the target's interests (for example, a parcel-tracking link, an official government alert, or a bank receipt). It completes the infiltration by exploiting the device's browser (Chrome, Safari) vulnerabilities (Zero-Day).

PRISM and XKeyscore (NSA - USA)

• Purpose: These systems, exposed by Edward Snowden, surveil the internet's main backbone. By connecting directly through back doors to the servers of giants such as Google, Apple, Microsoft, and Facebook (PRISM), they scan all email, search history, and metadata worldwide (XKeyscore).
• Users: The NSA and the intelligence alliance known as the "Five Eyes": the USA, the UK, Canada, Australia, and New Zealand.

Operational Processes: The Steps of Digital Infiltration and Cyber-Kinetic Assassination

The processes these software programs and institutions use to destroy or surveil a target involve millimeter-precise timing and engineering. The process generally proceeds in four main stages:

[Reconnaissance and Data Harvesting] ➔ [Infiltration (Zero-Click)] ➔ [Persistence and Monitoring] ➔ [Kinetic/Digital Elimination]

Stage 1: Reconnaissance and Mapping the Social Graph (Timing: Pre-Operation)

The target's digital footprint is scanned through the NSA's XKeyscore or Mossad's data-analytics systems. The people the target communicates with most frequently, their weaknesses, and the operating-system versions of the devices they use are analyzed.

Stage 2: Infiltration via Zero-Click (Timing: Real Time)

In the old methods, the target had to click a link (One-Click). With Pegasus and Predator, this process evolved. In the Zero-Click method, an invisible data packet (for example, a missed call or a graphics file) is sent to the target's WhatsApp or iMessage account. Whether or not the phone rings, a security vulnerability on the device is triggered and the software is installed in the background. The target is infected without even sensing it.

Stage 3: Persistence and Data Exfiltration (Timing: Can Last for Months)

The software obtains the highest privilege (Root/Kernel privilege) in the device's operating system. To hide itself, it deletes antivirus logs. It transfers data in encrypted form to command-and-control servers without affecting the phone's battery or data quota.

Stage 4: The Transition from Digital to Kinetic (Digital Assassination)

The collected real-time location and ambient-listening data is used for a physical elimination. The target's phone is turned into a live GPS transmitter for a drone or an assassination squad.

Cyber-Kinetic Hybrid Operations: In recent times, the scope of cyber-assassinations has extended from the hacking of devices to infiltrating supply chains and placing physical explosives inside devices (such as the pager and walkie-talkie explosions in Lebanon). By sending signals over cyber networks, intelligence services can turn physical devices into bombs.

Global Scandals and Cyber-Assassinations

These platforms are the protagonists of major scandals that shape global politics and the physical world:

• The Lebanon Pager and Walkie-Talkie Operation (2024): Mossad's infiltration of the supply chain of a structure that used pagers to avoid cyber-tracking is the largest hybrid cyber-physical assassination of the century. Through European front companies (such as B.A.C. Consulting), military explosives called PETN and cyber-receivers were placed inside the batteries during the manufacturing stage of the devices. Mossad, by sending an alphanumeric cyber-signal, overheated the devices' batteries and triggered the explosion. Digital code turned into a physical bomb.
• Greece's "Predatorgate" (2022-2023): It emerged that Greece's intelligence agency (EYP) had illegally wiretapped opposition leaders and investigative journalists using Intellexa's Predator software. The fact that the Intellexa offices at the center of the operation were in Athens and that government officials had approved these sales led to a major political crisis within the EU.

The Turkey Layer and Cyber-Defense Strategy

According to reports by Citizen Lab and Amnesty International, Turkey is among the countries where cyber-espionage software operates intensively.

• Analysis of the Jamal Khashoggi Assassination: In the murder committed at the Saudi Arabian Consulate in Istanbul, it was determined that Saudi intelligence actively used, on Turkish soil, the Pegasus software it had purchased from NSO Group. By monitoring the phones of Khashoggi's close circle in real time, his movement plan in Turkey, whom he met with, and his relationship with the judicial authorities were transmitted to Riyadh second by second. This is a direct violation of Turkey's sovereign rights from cyberspace.
• Bureaucracy and Defense Industry Targets: It is known that foreign intelligence services have positioned Predator and Pegasus derivatives in Turkish cyberspace to decipher Turkey's military strategies, particularly in the Eastern Mediterranean, Syria, and the cyber domain. In response, Turkey, by expanding its domestic cyber-defense shields (National Monitor Systems, encrypted domestic networks), is erecting forensic and defensive barriers against the "backdoor"-leaving attempts of these cyber-mercenaries.
• Targeting of Politicians and Journalists: In international leaks, it has been determined that the phones of some opposition journalists, bureaucrats, and critical state officials in Turkey have been targeted by foreign services with Pegasus and similar derivatives (for example, FinFisher in the past).

Conclusion: Exiting the Algorithmic Panopticon and Exposing the System

Black Cube's operations in the shadows, and the technologies of Pegasus and Predator that turn smartphones into invisible spies, show us that cyberspace has now become the main front of sovereignty wars. But when we look at the whole picture, we can see far more clearly that the situation does not consist merely of advanced software or the operational success of a few intelligence services.

The fact that state apparatuses are so intimately entangled with these dark cyber-armies of the underground, with these mercenary espionage networks, is not an isolated deviation; it is the expression of a deep systemic problem rooted at the global level.

Capitalism, by its very nature, places power and profit above all else; it possesses a structure that completely blurs the boundaries of ethics, law, and morality. In the brutal marketplace of this system, a human being's most intimate space, their thoughts, their rights, or the future of a society, are priced merely as "commodities" or "operational data." Corporatized espionage is the rewritten form, in digital code, of capitalism's cold, rational, but morally bereft nature that disregards human dignity.

This is precisely why, against this global panopticon, merely using stronger passwords, buying more secure devices, or hiding behind defensive cyber-shields does not, in the long run, heal the wound. A true cyber and human liberation begins by openly exposing the real source that feeds this dark industry, that is, capitalism's mechanism that recognizes neither ethics nor law.

We are not passive victims who will stand by as our lives and our time are besieged by invisible software. The way to tear down these walls passes through making this immoral structure of the system visible with rational courtesy and courage, and through growing a shared awareness that places human dignity before every profit mechanism. Our journey is precisely to unmask this systemic reality and to build, here and now in our minds and our practices, that clear, classless, and just world of the future.