Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Surveillance Firm Pays $1 Million Fine After ‘spy van’ Scandal

Surveillance Firm Pays $1 Million Fine After ‘spy van’ Scandal

The Office of the Commissioner for Personal Data Protection in Cyprus has collected a $1 million fine from intelligence company WiSpear for gathering mobile data from various individuals arriving at the airport in Larnaca.

While this is just an administrative fine under the European Union’s General Data Protection Regulation (GDPR), it is related to a scandal two years ago widely publicized as the “spy van” case.

In 2019, a Chevrolet van packed with at least $3.5 million worth of equipment that could hack Android smartphones and steal data including WhatsApp and Signal messages, was stationed near the Larnaca airport.

The van had been in the area for months when politicians in Cyprus criticized the government for being passive about the activity of the vehicle after seeing its capabilities in action close to the airport in a video from Forbes.

€925,000 fine for collecting MAC and IMSI

In a press release today, the data protection watchdog in Cyprus announced that WiSpear paid an administrative fine of 925,000 euros for GDPR violations.

Irene Nicolaidou, the Commissioner for the Protection of Personal Data in Cyprus said that WiSpear’s van collected the Media Access Control (MAC) address and International Mobile Subscriber Identity (IMSI) of multiple devices.

A MAC address is a unique device identifier on a network, including the internet; the IMSI is a 15-digit number that mobile providers assign to terminals in a cellular network. Both can be used to identify and track individuals.

Collecting this data was part of “tests and presentations of technologies” from the company, which constituted mitigating factors, said Nicolaidou, adding that an investigation found that “no device monitoring or interception of any private communication” occurred.

Also Read: 12 Benefits of Data Protection for Business Success

The $9 million surveillance truck

When the “spy van” scandal broke in 2019, local media said that the Cyprus police seized the vehicle in mid-November and started an investigation months after Forbes journalist Thomas Brewster published a story about Tal Dilian, the owner of the van and CEO of WiSpear.

At the time, WiSpear was registered in Limassol, Cyprus. Headed by Dilian, a former career officer in the Israel Defense Forces (IDF), the company specialized in providing end-to-end WiFi interception and security solutions.

The equipment in the truck, Brewster writes, consisted of surveillance kits and antennas that could trace, compromise, and exfiltrate content from a mobile device, including chats (Facebook, WhatsApp), texts, calls, or contacts.

Depending on the surveillance power fitted in, Dilian’s truck could cost as much as $9 million.

Upon seizing the “spy van,” the police also arrested three WiSpear employees, Cyprus nationals, on 13 charges ranging from violation of privacy laws to processing private data, and breaking radio communications legal provisions.

They were later released as there was no justification for detaining them. At a term on October 9, one of them

In statements about the arrests, WiSpear said that its employees were innocent and were installing a WiFi system at Larnaca airport as part of an agreement with operator Hermes Airports, FinancialMirror reports.

Also Read: Privacy policy template important tips for your business

“Nine antennas of innovative technology out of which, three were installed in phase 1 to be tested as long-range Wi-Fi access point for visitors and tourists to enjoy high quality and high-speed internet access.”

However, the then-leader of the AKEL party claimed to have “extremely alarming” information about individuals related to the “spy van” case.

Between 1998 and 2002, Dilan was a commander of an independent service of the IDF called Unit 81 – for a long time a secretive technological division that specialized in building the most advanced technology for Israeli combat soldiers and spies.

Before WiSpear, Dilal founded Circles, the surveillance company that merged with NSO, the makers of the Pegasus spyware. Currently, he is running Intellexa, a company providing cyber-intelligence to law enforcement and intelligence agencies.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us