Russian authorities hacked into the phone of a prominent political opponent while he was in custody, using technology made by forensics firm Cellebrite — even after the company had said it cut ties with Putin’s government agencies, according to a new report that raises fresh questions about whether Western tech companies can truly control how their tools are used once they’re in the wild.

The case is a cautionary tale for any technology company that sells to governments. Cellebrite, an Israeli outfit with a second headquarters in Virginia that sells to governments all over the world — including in the U.S — had announced it would stop providing hardware and software to Russia. It apparently didn’t, or couldn’t, follow through.

Researchers at The Citizen Lab, digital rights group based at the University of Toronto, said they found evidence that a Russian government investigative unit used a phone hacking tool made by Cellebrite to break into the iPhone of local human rights dissident and opposition politician Andrey Pivovarov in June 2021.

Three months before that hack, Cellebrite had announced that it would “immediately” stop selling its technology to its Russian government customers. On its official website, Cellebrite claims that as of March 2021, when it cut ties with Putin’s government, the company “can stop the device from functioning or receiving software updates.”