Barcelona, sunny paradise and clandestine headquarters of global cyber espionage for 24 hours

BarcelonaThe reason cyber spies choose Barcelona isn't much different from the reason that draws more than twelve million tourists to the Catalan capital each year, according to City Hall data. "Need a vitamin D boost without getting sunburned? In January, Barcelona is usually sunny and pleasant!" And what about the food: "Gained a few pounds after Christmas? It's not time to exercise yet." Although it might seem like it, these aren't phrases from a travel agency or the city's tourist information office, but rather the promotional tactics used by the organizers of a secret cyber spy meeting. The meeting is being held this Wednesday in the Eixample district, and only the attendees know the location. Everything is very clandestine because the content of the meetings will be particularly sensitive.

The meeting has been dubbed Offensive and is being advertised on a website that promises "sun, prawns, and spyware." The organizing company is Epsilon, which specializes in finding vulnerabilities in computer systems, such as Apple or Android software. IT security consultant José Nicolás Castellano, from the company Andubay, explains that these vulnerabilities are known as 0-daysIn other words, it is a company that seeks 0-days in software to be able to enter a spyware (spyware), such as Pegasus. They look for shortcuts to be able to spy. In fact, finding a 0-day It's gold. And it pays: Big Tech offers hefty rewards to anyone who finds a security vulnerability in their system. For example, Meta—the company founded by Facebook founder Mark Zuckerberg—paid up to $129,000 in just the first 14 days of 2026 to people who discovered vulnerabilities.

This Wednesday, many companies will be searching for security vulnerabilities in computer systems in Barcelona. But that's not their only connection to the Catalan capital. Epsilon, for example, is based in Barcelona, ​​although one of its partners is Daniel Shapiro, who is linked to several Israeli companies in the sector. This coincidence is not accidental. An expert source in the field of cyber espionage explains that for years, the state intelligence agencies of the United States, Russia, and China have invested heavily in cyber espionage, leaving behind the era of double agents from the Cold War. Europe, however, has fallen behind and, according to the same source, has had to resort to private companies. Many of these companies are located in Israel, but recently the situation in that country has changed, and these companies have begun to look for new locations. And one of them has been Catalonia. "There has been a boom in cyber espionage in Barcelona," the source adds. And the reason is no different from that of tourist attractions: "Affordable living conditions and little government oversight."

The government has no record of this.

In fact, the Cybersecurity Agency of Catalonia, the Barcelona City Council, and the Mossos d'Esquadra (Catalan police) claim they had no prior knowledge of Wednesday's event in the Catalan capital. One of the companies presenting itself as a "friend" of the event is Radiant. Based in Tel Aviv, it employs several former researchers from the NSO Group, the company that created the Pegasus software, according to various sources in the cyber espionage world. Also involved is Obliviate, a company with offices in Barcelona and Israel. It is common for these companies to employ former members of the Israeli military, specialists in the use of technology in warfare. In this regard, industry insiders are asking: "If instead of exchanging spyware "If they were shotguns, would this meeting in Barcelona be legal? Both are weapons," he warns.

One of the biggest unknowns surrounding this conference is what will actually happen, because everything is shrouded in secrecy. There will be lunches, cocktails, and spyware, but the organizers say the agenda will only be provided to each participant a few hours before it begins. José Nicolás Castellano suggests that deals will likely be made to buy vulnerabilities in systems. The clients are other companies, but also government agencies. Will government intelligence agencies, like the CNI (National Intelligence Center), be present at this conference? "It's not out of the question," he warns. It's important to keep in mind that this software cannot be sold in countries with a history of human rights violations, although this rule has been disregarded on more than one occasion, several sources warn. Including the organizer of the event, ten companies appear on the website. Castellano suggests that these are likely the sellers, but the buyers will never be known. There's only one name that appears without hesitation on websites, and that's the profile of Jeremy Fetiveau, founder of the organizing company and former researcher for major US firms in the sector. The congress will conclude this Wednesday with a cocktail reception and party, which, in this case, is not expected to be virtual.