ICE Confirms Use of Graphite Spyware in Domestic Operations

U.S. Immigration and Customs Enforcement has acknowledged deploying Graphite, a zero-click spyware product from Israeli vendor Paragon Solutions. The agency frames the capability as support for Homeland Security Investigations work targeting foreign terrorist organizations and fentanyl trafficking networks — a justification pairing that critics flag as a familiar rhetorical move to short-circuit scrutiny of expansive surveillance tooling.

Graphite sits in the same operational class as NSO Group’s Pegasus: remote, zero-interaction compromise of mobile devices, full extraction of messages, location, microphone, and camera. Once a government client owns that capability, scope creep is structural rather than accidental — the same toolchain that targets cartel infrastructure can be aimed at journalists, activists, attorneys, or political opponents with no technical change and minimal oversight friction.

The deployment lands in a familiar gap: commercial mercenary spyware proliferates faster than statutory controls, export regimes, or judicial doctrine can constrain it. For high-risk targets, the practical mitigations remain unchanged — air-gapped workflows, lockdown modes, dumb-phone discipline for sensitive movements, and skepticism toward any client-side scanning architecture that erodes the endpoint trust boundary spyware already exploits.