U.S. Immigration and Customs Enforcement (ICE) has reactivated a $2 million spyware contract with Paragon Solutions, an Israeli-founded firm now owned by a U.S. private equity group. The move lifts a Biden-era freeze and signals a deeper embrace of invasive surveillance tools in domestic immigration enforcement.
It is also only the latest sign of how far the federal government’s surveillance apparatus has grown under the banner of “immigration enforcement.” ICE has become one of its most powerful nodes — a conduit through which cutting-edge spyware, data analytics, and AI-driven tools are deployed inside U.S. borders.
Contract Reborn
On September 1, journalist Jack Poulson, citing the official procurement note, reported that ICE quietly lifted a stop-work order on the Paragon contract. The order had been in place since October 2024, after the Biden administration paused the deal under Executive Order 14093. That order barred agencies from buying foreign spyware tied to human rights abuses.
Paragon
Paragon is an Israeli spyware company founded in 2019 by veterans of Israel’s cyberwarfare Unit 8200, the equivalent of the U.S. National Security Agency (NSA). Among the early backers is Prime Minister Ehud Barak, a longtime political heavyweight and known associate of Jeffrey Epstein. From the start, it marketed itself as the “ethical” alternative to Pegasus, another notorious Israeli spyware.
Citizen Lab reports that by 2021 Paragon had launched a U.S. subsidiary and staffed it with former CIA, Air Force, and defense contractor officials. That gave it a foothold in Washington. Within two years, ICE had signed a $2 million contract for its spyware; U.S. Special Operations Command disclosed more than $11 million in related purchases.
In late 2024, ownership shifted. All shares in Paragon Israel were transferred to Paragon Parent Inc., a new Delaware corporation. The deal, reportedly led by Florida-based private equity firm AE Industrial Partners, was valued at $500 million up front, with another $400 million tied to performance goals. Soon after, Paragon was folded into REDLattice, a Virginia contractor already known for offensive cyber tools. U.S. Securities and Exchange Commission (SEC) filings show REDLattice’s parent company then added ex-CIA and U.S. Army chiefs to its board.
Once Paragon became “American-owned,” ICE lifted the freeze on its spyware contract. In effect, the U.S. government blocked the deal when the company was Israeli but allowed it once Americans — many with intelligence and military ties — took control. The spyware itself did not change, only the ownership structure, and it is far from clear how much influence Israeli intelligence veterans still wield inside the company.
Graphite
Graphite is Paragon’s flagship spyware. Unlike Pegasus, which can take full control of a phone, Graphite focuses on breaking in to encrypted messaging apps. It can pull data from WhatsApp, Signal, and iMessage without seizing the entire device.
Investigators have shown that Graphite often relies on “zero-click” exploits. These attacks require no action from the target. Once inside, the spyware extracts texts, call logs, photos, videos, and even microphone input. All of it is sent to remote servers controlled by the operator. Citizen Lab’s forensic report from this June confirmed the tool had been deployed against journalists in Europe. Their devices were fully updated yet still compromised until Apple patched the flaw in iOS 18.3.1.
This technical profile explains why Graphite is so attractive to governments. It is stealthy, precise, and hard to detect. But its use has raised alarms well beyond Israel and the United States.
Hellbound and Down 