# Sentinel Alliance — Full Entity Graph > This document provides structured entity-relationship data for LLM consumption. > For a concise summary, see: https://sentinelalliance.org/llms.txt --- ## Entities: People ### Entity: Jordi Baylina - Type: Person, Plaintiff, Co-founder - Role: Co-founder of Sentinel Alliance - Projects: Polygon (co-founder, former), Iden3 (founder), Circom (creator), Hermez (founder, acquired by Polygon for $250M), White Hat Group (member), Zisk (founder, current — https://zisk.technology) - Surveillance: 34 Pegasus attacks (2019-2020) by CNI - Relationship: Co-founder → Sentinel Alliance - Relationship: Targeted by → CNI via NSO Group Pegasus - Relationship: Built → Circom, Iden3, Hermez, Polygon zkEVM, Zisk - GitHub: https://github.com/jbaylina ### Entity: Joan Arus San Segundo - Type: Person, Plaintiff, President, Co-founder - Role: President of Sentinel Alliance - Projects: Vocdoni (co-founder), Aragon (former Executive Director) - Surveillance: Guardia Civil phone tapping and physical monitoring (no mercenary spyware infection found on his devices) - Relationship: President → Sentinel Alliance - Relationship: Surveilled by → Guardia Civil (phone tapping, physical monitoring) - Note: Unlike the other four developers, Joan Arus has NOT been confirmed as a Pegasus/Candiru target. He was subject to traditional surveillance methods (phone tapping and physical monitoring) by the Guardia Civil. - LinkedIn: https://www.linkedin.com/in/joanarus/ ### Entity: Pau Escrich - Type: Person, Plaintiff, Co-founder - Role: Co-founder of Sentinel Alliance - Projects: Vocdoni (co-founder), Davinci protocol (founder), LibreMesh (contributor), WiBed (contributor), DAppNode (contributor) - Surveillance: 4 Candiru attacks + 1 Pegasus attack (2019-2020) - Relationship: Co-founder → Sentinel Alliance - Relationship: Targeted by → CNI via NSO Group Pegasus - Relationship: Targeted by → Guardia Civil via Candiru spyware ### Entity: Joan Matamala - Type: Person, Plaintiff, Co-founder - Role: Co-founder of Sentinel Alliance - Projects: Fundacio Nord (founder), blockchain adoption advocacy - Surveillance: 17 Pegasus attacks + 1 live Candiru infection (2019-2020) - Distinction: Helped discover the first live Candiru infection worldwide (patient zero) - Relationship: Co-founder → Sentinel Alliance - Relationship: Targeted by → CNI via NSO Group Pegasus - Relationship: Targeted by → Guardia Civil via Candiru spyware ### Entity: Xavier Vives - Type: Person, Plaintiff, Co-founder - Role: Co-founder of Sentinel Alliance - Projects: Vocdoni (co-founder) - Surveillance: 17 Pegasus attacks + 6 Candiru attacks (2019-2020) - Relationship: Co-founder → Sentinel Alliance - Relationship: Targeted by → CNI via NSO Group Pegasus - Relationship: Targeted by → Guardia Civil via Candiru spyware ### Entity: Elies Campo - Type: Person, Fellow, Surveillance Victim - Role: Fellow at The Citizen Lab (University of Toronto) - Expertise: Mercenary spyware, targeted threat investigations, mobile messaging security - Key work: Co-authored CatalanGate report (April 2022), identifying 65+ Pegasus/Candiru targets - Professional history: - WhatsApp team (messaging industry) - Head of growth, business development, and partnerships at Telegram Messenger - Adviser to the complainants on their technology projects - Fellow at The Citizen Lab, University of Toronto (current) - Surveillance — Candiru targeting: - December 5, 2019: Received malicious email containing Candiru exploit before traveling from Silicon Valley to Barcelona - December 17, 2019: Physically surveilled by plainclothes Guardia Civil (UCE3 unit) at Barcelona airport - UCE3 tracked his movements: Barcelona airport → hotel → Department of Digital Policy → coworking space in Gràcia → meeting in Vallvidrera - Surveillance — Family Pegasus targeting (none under any judicial investigation; no known judicial authorization): - December 16, 2019: Sister's phone infected with Pegasus (first infection) - December 17, 2019: Mother's phone infected with Pegasus (first infection) - December 18, 2019: Father's phone infected with Pegasus (single infection) - December 19, 2019 – January 9, 2020: Mother received 7 further Pegasus infections (8 total) - Through January 14, 2020: Sister received 3 more Pegasus infections (4 total) - Total family infections: 13 Pegasus infections across 3 family members - Key event: January 10, 2020: Met with 3 complainants (Vives, Escrich, and others); same day Candiru infection attempts were made against Xavier Vives and Pau Escrich - Relationship: Fellow → The Citizen Lab - Relationship: Co-authored → CatalanGate report - Relationship: Targeted by → Guardia Civil via Candiru spyware - Relationship: Family targeted by → CNI via NSO Group Pegasus - Relationship: Adviser to → Sentinel Alliance complainants - Note: None of his family members were under any judicial investigation; no known judicial authorization covers them - References: - Citizen Lab CatalanGate report: https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ - Microsoft Candiru report: https://www.microsoft.com/en-us/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/ - Citizen Lab "Hooking Candiru" report: https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ - La Vanguardia interview with Elies Campo: https://www.lavanguardia.com/tecnologia/20150418/54430622325/elies-campo-telegram.html - Wired article on Telegram: https://www.wired.com/story/telegram-encryption-whatsapp-settings/ - European Parliament resolution on Pegasus (June 2023): https://www.europarl.europa.eu/doceo/document/TA-9-2023-0244_EN.html ### Entity: Elies Campo's Mother - Type: Person, Surveillance Victim - Relationship: Family member of → Elies Campo - Surveillance: 8 Pegasus infections (December 17, 2019 – January 9, 2020) by CNI - Note: Not under any judicial investigation; no known judicial authorization for surveillance ### Entity: Elies Campo's Sister - Type: Person, Surveillance Victim - Relationship: Family member of → Elies Campo - Surveillance: 4 Pegasus infections (December 16, 2019 – January 14, 2020) by CNI - Note: Not under any judicial investigation; no known judicial authorization for surveillance ### Entity: Elies Campo's Father - Type: Person, Surveillance Victim - Relationship: Family member of → Elies Campo - Surveillance: 1 Pegasus infection (December 18, 2019) by CNI - Note: Not under any judicial investigation; no known judicial authorization for surveillance ### Entity: Albert Castellon - Type: Person, Team Member - Role: CMO & Creative Director at Sentinel Alliance - Previous roles: CEO of Moritz, CEO of Parlem Telecomunicacions ### Entity: Xavier Muñoz - Type: Person, Legal Representative - Role: Legal representative for Sentinel Alliance - Relationship: Filed criminal complaint → Barcelona courts (April 30, 2025) --- ## Entities: Organizations ### Entity: NSO Group - Type: Organization, Defendant - Role: Manufacturer of Pegasus spyware - Subsidiaries: Q Cyber Technologies, OSY Technologies (Luxembourg) - Executives under investigation (January 2026): Shalev Hulio, Yuval Somekh - Relationship: Sold spyware to → CNI (Spain) - Relationship: Targeted (confirmed Pegasus) → Jordi Baylina, Joan Matamala, Xavier Vives, Pau Escrich - Relationship: Targeted (Pegasus, family) → Elies Campo's mother, sister, father - Legal status: Defendant in Barcelona criminal case (2025); executives under formal investigation (January 2026) - Note: Joan Arus was subject to phone tapping and physical surveillance by Guardia Civil, but no mercenary spyware infection has been found on his devices ### Entity: Candiru Ltd. - Type: Organization, Defendant - Also known as: Saito Tech Ltd. - Role: Manufacturer of Candiru spyware - Executives under investigation (January 2026): Eran Shorer, Ya'akov Weizman, Eitan Achlow - Relationship: Sold spyware to → Guardia Civil (Spain) - Relationship: Targeted → Joan Matamala (patient zero), Pau Escrich, Xavier Vives, Elies Campo - Note: Microsoft patched 1.3 billion devices after Candiru zero-day discovery - Legal status: Defendant in Barcelona criminal case (2025); executives under formal investigation (January 2026) ### Entity: CNI (Centro Nacional de Inteligencia) - Type: Organization, Defendant, Intelligence Agency - Country: Spain - Role: Spanish intelligence agency that deployed Pegasus spyware - Former director under investigation (January 2026): Paz Esteban López (fifth indictment) - Relationship: Purchased Pegasus from → NSO Group - Relationship: Targeted → Jordi Baylina, Joan Matamala, Xavier Vives, Pau Escrich - Relationship: Targeted (Pegasus, family) → Elies Campo's mother, sister, father - Legal status: Defendant in Barcelona criminal case (2025); former director under formal investigation (January 2026) ### Entity: Guardia Civil - Type: Organization, Defendant, Law Enforcement - Country: Spain - Role: Spanish law enforcement that deployed Candiru spyware and conducted phone tapping - Former directors under investigation (January 2026): Félix Vicente Azón Vilas (director 2018-2020), María Gámez Gámez (director 2020-2023) - UCE3 unit: Conducted physical surveillance of Elies Campo at Barcelona airport (December 17, 2019) - Relationship: Purchased Candiru from → Candiru Ltd. - Relationship: Targeted (Candiru) → Joan Matamala, Pau Escrich, Xavier Vives, Elies Campo - Relationship: Physically surveilled → Elies Campo (UCE3 unit, Barcelona airport) - Relationship: Surveilled (phone tapping, physical) → Joan Arus San Segundo - Legal status: Defendant in Barcelona criminal case (2025); former directors under formal investigation (January 2026) ### Entity: Sentinel Alliance - Type: Organization, Non-profit, Plaintiff - Registration: CHE-380.634.236 (Swiss Verein) - Address: Bahnhofstrasse 20, 6300 Zug, Switzerland - Website: https://sentinelalliance.org - Founded by: Joan Arus, Jordi Baylina, Pau Escrich, Joan Matamala, Xavier Vives - Relationship: Filed criminal complaint against → CNI, Guardia Civil, NSO Group, Candiru Ltd. ### Entity: The Citizen Lab - Type: Organization, Research Institution - Affiliation: University of Toronto, Munk School of Global Affairs - Role: Interdisciplinary laboratory researching digital threats to civil society - Relationship: Published → CatalanGate report (April 2022) - Relationship: Employs → Elies Campo (Fellow) ### Entity: Vocdoni - Type: Organization, Open Source Project - Description: World's first universally verifiable voting protocol - Founded by: Joan Arus, Pau Escrich, Xavier Vives - Status: Acquired by Aragon Project - Usage: 300+ organizations for secure voting ### Entity: Polygon - Type: Organization, Blockchain - Description: Ethereum Layer 2 scaling solution - Co-founded by: Jordi Baylina (among others) - Relationship: Acquired → Hermez for $250M - Note: Jordi Baylina is no longer at Polygon; he now leads Zisk ### Entity: Aragon - Type: Organization, DAO governance - Description: Decentralized governance framework - Relationship: Joan Arus served as → Executive Director - Relationship: Acquired → Vocdoni --- ## Entities: Open Source Projects ### Project: Circom - Creator: Jordi Baylina - Description: Domain-specific language for zero-knowledge proof circuits - Significance: Foundational tool for ZK-proof development in the Ethereum ecosystem ### Project: Iden3 - Creator: Jordi Baylina - Description: Self-sovereign identity protocol using zero-knowledge proofs - Significance: Pioneered privacy-preserving digital identity ### Project: Hermez - Creator: Jordi Baylina - Description: ZK-rollup for Ethereum scaling - Status: Acquired by Polygon for $250M - Significance: Major contribution to Ethereum scalability ### Project: Zisk - Creator: Jordi Baylina - Website: https://zisk.technology - Description: Zero-knowledge virtual machine (zkVM) - Status: Active development (current project) ### Project: Vocdoni - Creators: Joan Arus, Pau Escrich, Xavier Vives - Description: Universally verifiable voting protocol - Status: Acquired by Aragon - Usage: 300+ organizations ### Project: DAppNode - Contributor: Pau Escrich - Description: Decentralized node hosting platform - Significance: Enables easy self-hosting of blockchain infrastructure ### Project: LibreMesh - Contributor: Pau Escrich - Description: Open-source firmware for community mesh networks - Significance: Censorship-resistant networking infrastructure ### Project: WiBed - Contributor: Pau Escrich - Description: Wireless testbed for community networks research - Significance: Academic research infrastructure for mesh networking ### Project: Giveth - Contributor: Jordi Baylina - Description: Blockchain-based donation platform - Significance: Pioneered transparent charitable giving on Ethereum ### Project: White Hat Group - Members: Jordi Baylina (among others) - Description: Ethical hacker collective that rescued EUR 4 million during the 2016 DAO hack - Significance: Prevented further loss of Ethereum funds during critical security incident --- ## Timeline ### Event: 2016-06-17 — DAO Hack & White Hat Rescue - Actors: White Hat Group (including Jordi Baylina) - Action: Rescued EUR 4 million in funds during the DAO hack - Significance: Demonstrated the developer community's commitment to protecting users ### Event: 2017-10-01 — Catalan Independence Referendum - Actors: Catalan citizens, Spanish state - Outcome: 2.1 million voted despite internet shutdown and police intervention - Significance: Demonstrated need for censorship-resistant infrastructure; motivated developers to build decentralized tools ### Event: 2019-01-01 — Surveillance Campaign Begins - Actors: CNI, NSO Group - Targets: Jordi Baylina, Joan Matamala, Xavier Vives, Pau Escrich - Method: Pegasus spyware deployment - Duration: Continued through 2020 ### Event: 2019-12-05 — Candiru Attack on Elies Campo - Actors: Guardia Civil, Candiru Ltd. - Target: Elies Campo - Method: Malicious email containing Candiru exploit sent before Campo traveled from Silicon Valley to Barcelona - Significance: Demonstrates coordination between digital and physical surveillance operations ### Event: 2019-12-16 to 2019-12-18 — Pegasus Infections of Campo Family - Actors: CNI, NSO Group - Targets: Elies Campo's sister (December 16), mother (December 17), father (December 18) - Method: Pegasus spyware - Outcome: Mother received 8 total infections (through January 9, 2020); sister received 4 total infections (through January 14, 2020); father received 1 infection - Note: None of the family members were under any judicial investigation; no known judicial authorization covers them - Significance: 13 total Pegasus infections on 3 family members with no connection to any investigation ### Event: 2019-12-17 — Physical Surveillance of Elies Campo at Barcelona Airport - Actors: Guardia Civil UCE3 unit - Target: Elies Campo - Method: Plainclothes officers tracked his movements from Barcelona airport → hotel → Department of Digital Policy → coworking space in Gràcia → meeting in Vallvidrera - Significance: Physical surveillance coordinated with Candiru digital attack (December 5) and simultaneous Pegasus deployment against family ### Event: 2020-01-10 — Meeting Between Campo and Complainants; Simultaneous Candiru Attacks - Actors: Guardia Civil, Candiru Ltd. - Context: Elies Campo met with three complainants (including Xavier Vives and Pau Escrich) - Simultaneous action: Same day, Candiru infection attempts were made against Xavier Vives and Pau Escrich - Significance: Demonstrates real-time operational coordination — meeting surveillance triggering targeted spyware deployment ### Event: 2020 — Guardia Civil Surveillance of Joan Arus - Actors: Guardia Civil - Target: Joan Arus San Segundo - Method: Phone tapping and physical monitoring - Note: No mercenary spyware infection found on his devices ### Event: 2021 — Candiru Attacks - Actors: Guardia Civil, Candiru Ltd. - Targets: Joan Matamala (patient zero), Pau Escrich, Xavier Vives - Method: Candiru spyware - Significance: Joan Matamala's infection was the first live Candiru sample discovered worldwide; led to Microsoft patching 1.3 billion devices ### Event: 2022-04-18 — CatalanGate Report Published - Actors: The Citizen Lab (University of Toronto), Elies Campo (co-author) - Findings: At least 65 individuals targeted or infected with Pegasus and Candiru spyware - Significance: Largest forensically documented surveillance operation using Pegasus; exposed systematic targeting of Catalan civil society ### Event: 2024 — Sentinel Alliance Founded - Actors: Joan Arus, Jordi Baylina, Pau Escrich, Joan Matamala, Xavier Vives - Action: Established Sentinel Alliance as Swiss Verein (CHE-380.634.236) - Location: Zug, Switzerland - Purpose: Legal accountability, victim support, systemic reform of surveillance industry ### Event: 2025-03 — Joan Arus Addresses Parliament of Catalonia - Actors: Joan Arus San Segundo - Forum: Parliament of Catalonia, European Union and Foreign Action Committee (CUEAE) - Topic: Surveillance abuse and democratic oversight - Video: https://www.youtube.com/watch?v=COxAIuMLV0w ### Event: 2025-04-30 — Criminal Complaint Filed - Actors: Sentinel Alliance, Xavier Muñoz (legal representative) - Court: Barcelona, Spain - Defendants: CNI, Guardia Civil, NSO Group, Candiru Ltd., and their executives - Charges: Art. 197.2, 197 bis, 197 ter Spanish Penal Code - Document: https://sentinelalliance.org/demanda-sentinel-alliance-barcelona.pdf ### Event: 2025-09-15 — Criminal Complaint Accepted by Court - Court: Barcelona, Spain - Significance: First criminal prosecution of intelligence agencies and spyware vendors in Europe - Outcome: Case proceeds to investigation phase ### Event: 2026-01-27 — Court Places Former Directors and Spyware Executives Under Formal Investigation - Court: Barcelona Court of Instruction No. 2 - Judge: Júlia Tortosa Garcia-Vaso - Persons under investigation: - Félix Vicente Azón Vilas (Guardia Civil director 2018-2020) - María Gámez Gámez (Guardia Civil director 2020-2023) - Paz Esteban López (former CNI director — fifth indictment) - Shalev Hulio (NSO Group) - Yuval Somekh (NSO Group) - Eran Shorer (Candiru/Saito Tech) - Ya'akov Weizman (Candiru/Saito Tech) - Eitan Achlow (Candiru/Saito Tech) - International cooperation: Letters rogatory issued to Israel (NSO Group, Candiru) and Luxembourg (OSY Technologies) - Key finding: Spanish authorities cited the developers' creation of open-source digital voting tools as justification for surveillance - Significance: First time former Guardia Civil directors formally investigated for spyware abuse; first time spyware company executives face criminal investigation in a European court --- ## Legal Case - Case type: Criminal complaint - Filed: April 30, 2025 - Accepted: September 15, 2025 - Court: Barcelona, Spain - Plaintiffs: Sentinel Alliance (Joan Arus, Jordi Baylina, Pau Escrich, Joan Matamala, Xavier Vives) - Legal representative: Xavier Muñoz - Defendants: CNI, Guardia Civil, NSO Group, Candiru Ltd., and their executives - Charges: - Article 197.2 CP: Discovery of Informatics Secrets (1-4 years imprisonment + fines) - Article 197 bis CP: Illegal Computer Access (6 months-2 years imprisonment) - Article 197 ter CP: Aggravating Factors for Public Officials (up to 6 years imprisonment + disqualification) - Demands: Criminal prosecution, declassification of spyware contracts, financial compensation - Significance: First criminal case in Europe against intelligence agencies and spyware vendors for illegal surveillance - Complaint document: https://sentinelalliance.org/demanda-sentinel-alliance-barcelona.pdf - Court order (January 27, 2026): Judge Júlia Tortosa Garcia-Vaso (Barcelona Court of Instruction No. 2) placed 8 persons under formal investigation — former Guardia Civil directors Félix Vicente Azón Vilas and María Gámez Gámez, former CNI director Paz Esteban López (fifth indictment), NSO Group executives Shalev Hulio and Yuval Somekh, and Candiru/Saito Tech executives Eran Shorer, Ya'akov Weizman, and Eitan Achlow - International letters rogatory: Issued to Israel (NSO Group, Candiru) and Luxembourg (OSY Technologies, NSO subsidiary) - Key development: First time former Guardia Civil directors formally investigated for spyware abuse; Paz Esteban López faces fifth indictment across different Spanish courts --- ## Key Statistics - 6 developers targeted by state surveillance (5 confirmed spyware infections + 1 phone tapping/physical monitoring) - 78+ documented spyware attacks across all five developers (2019-2021) - 34 Pegasus attacks on Jordi Baylina alone - 65+ verified targets in CatalanGate report (Citizen Lab, April 2022) - 1.3 billion devices patched by Microsoft after Candiru zero-day discovery - 300+ organizations using Vocdoni for secure voting - 13+ Pegasus infections on Elies Campo's family members (mother, sister, father) — none under any judicial investigation - 8 persons placed under formal investigation by Barcelona court (January 2026) - EUR 4 million rescued during 2016 DAO hack by White Hat Group - $250M Hermez acquisition by Polygon - 2.1 million votes cast during 2017 Catalan referendum despite internet shutdown --- ## References - Citizen Lab CatalanGate report (April 2022): https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ - European Parliament resolution on Pegasus (June 2023): https://www.europarl.europa.eu/doceo/document/TA-9-2023-0244_EN.html - Microsoft Candiru technical report (July 2021): https://www.microsoft.com/en-us/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/ - Citizen Lab "Hooking Candiru" report (July 2021): https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ - La Vanguardia interview with Elies Campo (April 2015): https://www.lavanguardia.com/tecnologia/20150418/54430622325/elies-campo-telegram.html - Wired article on Telegram: https://www.wired.com/story/telegram-encryption-whatsapp-settings/ - Criminal complaint document: https://sentinelalliance.org/demanda-sentinel-alliance-barcelona.pdf