ICE confirmed it uses Graphite, a zero-click spyware tool developed by an Israeli company of the same name. Zero-click means no tap, no link, no mistake required. A device can be compromised without any interaction from the target.
ICE framed its use around disrupting "foreign terrorist organizations, particularly those involved in fentanyl trafficking." That framing does familiar work. Fentanyl enforcement is this decade's all-purpose surveillance justification, following the same pattern previously used for terrorism and child protection. Naming the threat loudly enough moves the tool forward with little scrutiny.
Agencies using commercial spyware rarely disclose it voluntarily. Pegasus became public because researchers found it on devices, not because governments admitted to using it. Graphite appearing in a direct admission from a federal agency signals a shift. The political cost of disclosure has dropped, or the agency assessed that admitting it carries no consequence. The capability is now routine.
Zero-click spyware removes the assumptions behind most security advice. Avoiding suspicious links, updating software, and using encrypted messaging do not prevent compromise at this level. If a target is selected and the capability exists, compromise can occur regardless of user behavior. The exposure is structural. There is no setting to change.
Commercial spyware markets exist because governments want capability without building it. NSO Group, Candiru, Intellexa, and Graphite all serve the same function. They outsource the engineering of device compromise to private vendors who handle exploits, updates, and infrastructure. Purchasing these tools is faster and easier than developing them internally.
The fentanyl framing will work in the short term. It shifts attention toward the stated target and away from the infrastructure being built. The infrastructure persists beyond the initial justification. Tools acquired for drug enforcement are applied across immigration, financial investigations, cybercrime, and other areas within the agency's scope.
Agencies that feel constrained do not disclose tools like this unprompted. The admission signals that Graphite is already embedded deeply enough that disclosure does not alter its use.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
What is Graphite spyware?
Graphite is a zero-click spyware tool developed by an Israeli company of the same name. It can compromise a device without any action from the target. No clicks, no links, and no interaction required.
What did ICE admit?
ICE's Homeland Security Investigations division publicly acknowledged using Graphite, citing the disruption of "foreign terrorist organizations, particularly those involved in fentanyl trafficking."
What does zero-click mean for ordinary people?
Your behavior cannot protect you from compromise. If you are a target and the agency has the capability, there is no link to avoid or attachment to ignore. The attack does not require your participation.
Why does the public admission matter?
Agencies using surveillance tools against high-value targets typically do not disclose them voluntarily. An unprompted admission signals that the political cost of disclosure has dropped, meaning the tool has already become routine.
Can a VPN protect against spyware like Graphite?
A VPN reduces what is visible at the network layer, but zero-click spyware compromises the device itself. Reducing your overall exposure limits what an attacker can reach or use against you even after a compromise. Fewer accounts, less linkable activity, and less data at rest all shrink the target.