At the end of 2023, an Israeli cybersecurity researcher from Tel Aviv was approached on LinkedIn with an offer for a lucrative overseas position. The purported employer claimed to be a legitimate startup in the field of Offensive Security, establishing operations in Barcelona. However, the hiring process aroused the researcher’s suspicions.
In an interview with TechCrunch, the specialist recounted that the recruitment process was shrouded in unusual secrecy. Certain company representatives refused to disclose their full names, delayed revealing the office’s location, and withheld the company’s name for an extended period. The researcher remarked that the entire operation appeared to be an attempt to obscure potentially dubious activities.
The company was introduced by Alexey Levin, a former developer at the spyware manufacturer NSO Group. Levin revealed that the organization, called Palm Beach Networks, specialized in the development of advanced surveillance tools, ranging from exploits to spyware.
Barcelona was not chosen arbitrarily for the startup’s headquarters. Company representatives cited the city’s favorable climate, tax incentives, and well-established IT infrastructure as key attractions. However, this choice raised eyebrows, given the recent controversies surrounding the use of spyware against politicians and activists in Spain.
In recent years, Barcelona has emerged as a hub for companies involved in exploit and spyware development. Among these are the startup Paradigm Shift, formed in the wake of Variston’s collapse, and Epsilon, founded by a former employee of the defense giant L3Harris. Additionally, Israeli developers who previously operated in Singapore have also relocated to this Catalonian city, solidifying its reputation as a European center for such enterprises.
The migration of firms from Israel to Barcelona is driven by more than just climate and tax advantages. Following a series of scandals involving NSO Group, Israeli authorities have tightened restrictions on the export of surveillance technologies, compelling companies to seek more permissive jurisdictions within the European Union.
Palm Beach Networks, however, no longer operates under that name. Documents reveal that the entity has undergone several rebrandings, including iterations as Defense Prime Inc. and Head and Tail, both of which remain active in Spain. While representatives of Head and Tail have refrained from commenting on their activities, their website states that the company specializes in cybersecurity services, including threat analysis and incident response. Notably, their team includes individuals with experience at prominent spyware manufacturers.
The Israeli researcher ultimately declined the offer to join Palm Beach Networks, citing concerns about following in the footsteps of NSO Group employees who faced social media account bans and visa complications in the United States. According to the specialist, working for a company with such an opaque structure posed risks far too great, regardless of the high salary.
