Did Boko kill dodgy spying system or create a more dangerous one?

For Botswana journalist, opposition politicians and activists, June 2025 may have marked the end of one of the country’s most controversial surveillance chapters – or the beginning of a far more secretive and sophisticated one.

While researchers have observed the apparent disappearance of infrastructure linked to the Predator spyware system, they cannot say whether the platform was shut down or simply replaced by a more advanced capability operating beyond public view.

What is however evident is that the new Umbrella for Democratic Change (UDC) inherited and for some months appeared to use the controversial Predator spyware, a sophisticated surveillance platform that has become the subject of international controversy over allegations of abuse against journalists, politicians, activists and civil society figures.

In March 2024, during former President Mokgweetsi Masisi’s final year in office, Cybersecurity researchers at Recorded Future publicly identified Botswana for the first time as a suspected operator or customer for the controversial Predator spyware system, placing the country alongside states linked to one of the world’s most scrutinized surveillance technologies.

The disclosure should have triggered immediate cessation. Instead, new technical findings suggest the Botswana- linked infrastructure remained active long after the public exposure and change of government.

According to Recorded Future, the Botswana-linked Predator cluster appeared to continue operating until at least June 2025, when researchers observed it cease communications with higher-level Predator infrastructure.

Researchers cautioned that the apparent cessation could indicate either a shutdown or a migration to a more sophisticated and concealed network.

Predator is among the world’s most controversial surveillance tools. Developed by the Intellexa consortium, the spyware has been linked internationally to surveillance operations targeting journalists, opposition politicians, lawyers and human rights defenders.

The technology allows operators to gain deep access to mobile phones, potentially harvesting messages, contacts, photographs, location information and other sensitive data.

The United States and European authorities have imposed sanctions and restrictions on entities connected to the Predator ecosystems amid concerns over its misuse.

Yet despite the international controversy both the former and the current governments have never publicly explained the country’s appearance in Recorded Future’s findings.

An assessment by Insikt Group, the threat research division of cybersecurity company Recorded Future, found evidence that Botswana continued to feature in investigations into the deployment of Predator spyware between 2024 and 2025.

The report, which assesses whether a country’s history of digital surveillance poses a risk to foreign nationals and travelers based on its alignment with international privacy and digital rights principles, identified at least sixteen countries that deployed Predator or Candiru spyware during the period under review.

‘From 2024 to 2026, Insikt Group investigations found evidence that at least sixteen countries – including Angola, Armenia, Azerbaijan, Botswana, the Democratic Republic of the Congo (DRC), Egypt, Hungary, Indonesia, Iraq, Kazakhstan, Mongolia, Mozambique, Oman, the Philippines, Saudi Arabia, and Trinidad and Tobago – had deployed Predator or Candiru spyware,’ the report states.

The findings place Botswana alongside a list of countries increasingly scrutinized for their use of highly invasive surveillance technologies capable of covertly accessing a target’s phone, communications, location data, contacts and files.

Insikt Group revealed that in February 2024 it identified new infrastructure associated with Predator spyware, indicating likely continued use in several countries, including Botswana.

‘Botswana and the Philippines represented new Predator customers,’ the report noted, suggesting that Botswana’s adoption of the spyware is relatively recent.

In 2024, Sunday Standard reported that Botswana has been listed as the latest country to import Predator Spyware-a hacking tool that exploits vulnerabilities on cellphones and computers to capture the target’s text messages, calls, emails, photos, and location. Predator is part of the Intellexa Consortium which was this week banned by the US government.

The US Treasury Department announced its first-ever set of sanctions against a commercial spyware entity Tuesday after technology developed by the Greece-based Intellexa Consortium was used to target U.S. government officials, journalists and policy experts.

While Botswana was one of only three countries in the report not assessed as posing a medium or high state-surveillance risk, its continued appearance in Predator-related investigations is likely to intensify concerns among digital rights advocates.

The report notes that, with the exception of Botswana, Mongolia and Trinidad and Tobago, all identified countries were assessed as carrying either ‘medium’ or ‘high’ surveillance risks, largely due to limited oversight and histories of misuse of surveillance capabilities.

The broader trend has already produced documented cases of abuse elsewhere. Insikt Group noted that subsequent investigations revealed continued use of commercial spyware against members of civil society, journalists and activists.

According to the report, one of the most alarming examples emerged in February 2026, when Amnesty International reported that Angolan journalist Teixeira had been targeted with Predator spyware in 2024-the first forensically confirmed case involving a member of Angolan civil society.

The reports indicate that the disclosure has renewed international concerns that spyware originally marketed as a tool for fighting crime and terrorism is increasingly being used to monitor critics, reporters and political opponents.

The report suggests that Botswana’s inclusion in repeated Predator-related findings is likely to fuel calls for greater transparency over government surveillance capabilities, judicial oversight and the legal safeguards protecting citizens from unlawful digital intrusion.

Botswana spyware mystery timeline

Before March 2024

The public new nothing about any possible Botswana connection to Predator spyware. If any procurement, testing or deployment occurred, it happened outside public view

March 2024

Cybersecurity researchers from Recorded Future’s Inskit Group publicly identify Botswana as one of a number of countries linked to infrastructure associated with Predator spyware. The disclosure places Botswana alongside a small group of countries connected to one of the world’s most controversial surveillance technologies. The findings attract international attention. Questions immediately arise over who may be operating the system and whether it is active inside Botswana.

April-June 2024

Botswana authorities respond cautiously. BOCRA indicates that it found no evidence that Predator is operating on domestic communication networks. However, no detailed public explanation is provided regarding Botswana’s appearance in the Recorded Future’s findings. The identity of the suspected operator remains unknown, although speculations suggest it could be the DIS.

Mid- late 2024

No public investigation is announced. No government department publicly acknowledges responsibility. The controversy gradually fades from public discussion. Yet according to later technical findings, the Botswana linked infrastructure appears to remain active.

October 2024

Botswana experiences a historic political transition following national elections. A new administration that promises strict adherences to a human rights code assumes office. The Predator question remain unresolved. No public statement is issued explaining whether the new government reviewed any existing surveillance programmes.

January to May 2025

The Botswana-linked infrastructure continues to appear within the broader Predator ecosystem tracked by cybersecurity researchers. Public silence continues. No institution accepts responsibility.

June 2025

Researchers observe that the Botswana-linked infrastructure ceases communication with higher-level Predator infrastructure. This is the first significant development since the original exposure. However, the meaning remains unclear. Possible explanations include:

. The system was shut down

. The infrastructure was migrated

. Operators changed tactics

. Researchers lost visibility into the network.

. The capability was replaced. No public explanation is provided.

Leave a Reply

Your email address will not be published. Required fields are marked *