Breaking Down the Threat: What Every American Needs to Know

The Electronic Frontier Foundation has exposed a deeply troubling development that should alarm every American who values their privacy and constitutional rights. Immigration and Customs Enforcement (ICE) has reactivated a $2 million contract with Paragon Solutions, a notorious spyware manufacturer whose malware has been used to target journalists, civil society workers, and activists around the world.

What Is Paragon and Why Should You Care?

Paragon Solutions is the company behind "Graphite" spyware – sophisticated malware that can completely compromise your phone, accessing your calls, messages, location, camera, and microphone without your knowledge. This isn't some theoretical threat – Italian authorities have already used Paragon's tools to spy on journalists and humanitarian workers , violating their basic human rights.

The same company also produces Pegasus, the infamous spyware that was used by Saudi Arabia to monitor journalist Jamal Khashoggi before his brutal murder. Let that sink in: your government is now paying millions to use tools from a company whose software has been linked to the assassination of journalists.

You can read more about the NSO Group spyware Pegasus that was used to target 1,223 WhatsApp users in 51 different countries during a 2019 hacking campaign according to 👉 this court document which reveals locations of WhatsApp victims targeted by NSO spyware.

Another documented case of Paragon's iOS Mercenary Spyware which targeted a Journalist can be found 👉 here

Once this gets into a mobile device, there is very little you can do to remove it or even detect it, your only options is to destroy your device.

How They're Circumventing Legal Protections

Here's where it gets even more sinister. Executive Order 14093 was supposed to ban U.S. agencies from acquiring spyware controlled by foreign entities – a bare minimum protection that was already inadequate. But ICE found a loophole: Paragon's U.S. operations were acquired by Miami-based private equity firm AE Industrial Partners and merged into Virginia-based REDLattice.

This corporate shell game allows ICE to claim they're not dealing with a "foreign" entity while still accessing the exact same dangerous spyware technology. It's a cynical manipulation that ignores both the spirit and intent of the executive order while putting every American at risk.

The Real Dangers to Americans

This contract poses several immediate threats to your rights and safety:

  • Mass Surveillance Capabilities: Graphite can turn your phone into a 24/7 surveillance device, monitoring everything you do, say, and think.
  • Targeting of Dissent: History shows these tools are inevitably used against journalists, activists, and anyone who criticizes the government.
  • Abuse by Officials: There are no meaningful safeguards preventing government employees from using this spyware against personal enemies, ex-spouses, or political rivals.
  • Insider Threats: Paragon employees could potentially use their access to spy on 👉 U.S. government officials themselves.
  • Chilling Effect on Free Speech: Knowing the government has these capabilities will make Americans self-censor, undermining the First Amendment.

Protecting Yourself: Security Measures You Can Take

Basic Protection Guide (For Everyone)

These steps require no technical expertise and can significantly improve your security:

1. Keep Your Devices Updated

  • Enable automatic updates on your phone and computer
  • Install security patches as soon as they're available
  • Graphite relies on exploiting known vulnerabilities – updates patch these holes

2. Enable Enhanced Security Modes

  • iPhone users: Turn on Lockdown Mode (Settings > Privacy & Security > Lockdown Mode)
  • Android users: Enable Advanced Protection (Google Account settings > Security > Advanced Protection)
  • These modes limit functionality but provide stronger protection against sophisticated attacks

3. Use Encrypted Communication

  • Switch to Signal for messaging and calls
  • Use encrypted email services like ProtonMail
  • Avoid SMS/text messages for sensitive communications

4. Practice Good Digital Hygiene

  • Don't click suspicious links or download unknown apps
  • Use strong, unique passwords with a password manager
  • Enable two-factor authentication on all accounts

5. Be Aware of Physical Security

  • Don't leave devices unattended in public
  • Use strong lock screen passwords, not patterns or simple PINs
  • Consider using a separate "burner" phone for sensitive activities

Technical Protection Guide (For Advanced Users)

If you have technical skills, these additional measures can help detect and prevent surveillance:

Network Monitoring with Wireshark

  1. Install Wireshark on your computer
  2. Set up network monitoring to capture traffic from your mobile devices
  3. Look for unusual outbound connections, especially to:
    • Unknown IP addresses in foreign countries
    • Suspicious domains with technical-sounding names
    • High-frequency data transmissions when you're not actively using the device
  4. Monitor for DNS requests to domains associated with known spyware infrastructure

Mobile Device Analysis

  1. Use tools like MVT (Mobile Verification Toolkit) to scan for indicators of compromise
  2. Monitor battery drain and unusual device behavior
  3. Check for unknown processes running with elevated privileges
  4. Analyze network connections using netstat or similar tools
  5. Overheating when your phone is not being used

Run MVT with Docker (Simplified Guide)

This guide assumes you know your way around Docker

1. Install Docker Follow the official Docker install guide

2. Option A: Use the Prebuilt Image (easiest)


# Download the latest image
docker pull ghcr.io/mvt-project/mvt

# Run MVT inside the container
docker run -it ghcr.io/mvt-project/mvt

2. Option B: Build From Source (if you want the latest dev version)


git clone https://github.com/mvt-project/mvt.git
cd mvt

# Build Docker image
docker build -t mvt .

# Run MVT
docker run -it mvt

3. Using MVT with Android Devices

To let Docker talk to your phone over USB:

Option 1 (simple but less secure):


docker run -it --privileged -v /dev/bus/usb:/dev/bus/usb mvt

Option 2 (safer, only one device):


docker run -it --device=/dev/ mvt

Replace with your phone’s USB device path (check with lsusb).

That’s it — once inside the container, you can run MVT commands as usual.

Traffic Analysis Techniques

  1. Set up a dedicated monitoring network to analyze all device communications
  2. Use deep packet inspection to identify encrypted tunnels that might hide spyware communications
  3. Monitor for unusual certificate pinning behavior
  4. Look for timing correlation attacks where multiple devices show synchronized activity

Operational Security Measures

  1. Use compartmentalized devices for different activities
  2. Implement air-gapped systems for truly sensitive work
  3. Use Tor browser with proper OPSEC for anonymous browsing
  4. Consider using Qubes OS for maximum isolation
  5. Regularly wipe and reinstall operating systems on devices

Let's be brutally honest about what's happening here: your government is using your tax dollars to purchase military-grade surveillance tools that will be turned against you. This isn't about stopping human trafficking or protecting national security – those are convenient excuses for an unprecedented expansion of domestic surveillance capabilities.

To those who still defend this madness: You are either willfully ignorant or complicit in the destruction of American liberty. This spyware doesn't care about your political affiliation. Today it might target activists you disagree with, but tomorrow it could be monitoring your church group, your business communications, or your private family conversations. Authoritarianism doesn't stop at party lines.

The harsh reality: We are witnessing the construction of a surveillance state that would make the Stasi . jealous. ICE now has the technical capability to monitor every American's private communications, and they've demonstrated they're willing to circumvent legal restrictions to acquire these powers.

What you can do:

  • Contact your representatives and demand they defund ICE's spyware programs
  • Support organizations like the EFF that are fighting these overreaches in court
  • Implement the security measures outlined above to protect yourself and your family
  • Share this information – the government counts on public ignorance to continue these programs
  • Vote out politicians who support expanded surveillance powers

The uncomfortable truth: If you're not actively resisting this surveillance expansion, you're enabling it. There is no middle ground when your government is purchasing tools designed to eliminate your privacy entirely. The time for moderate responses and benefit-of-the-doubt thinking is over.