Move over, NSO, there’s a new kid in town. Though it is the undisputed king of the “legitimate” cyber-crime business category, NSO has some new competition. Though there is enough overlap between investors and legal representation, that NSO and its competitor share more in common than whatever might divide them.
Citizen Lab and Microsoft have jointly revealed that the Israeli firm, Candiru, set up 750 fake domain names meant to spoof legitimate human rights and social justice causes. The spyware operation tempted targets to click on links which would download malware that hacked cell phones and PCs, offering hackers unlimited access to all their contents. Hundreds of individuals including political dissidents, human rights activists, academics, journalists and lawyers were targeted. They ranged geographically from Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, to Singapore.
The mercenary spyware company was founded in 2014 by Yaakov Weitzman and Eran Shorer. It’s largest shareholder is Issac Zak. Its current CEO is Eitan Achlow. Optas and Universal Motors Israel are among its largest corporate investors.
Candiru sold this dirty tech to repressive regimes around the world whose intelligence agencies sought to penetrate the privacy of regime opponents. Though contracts the company signed prohibited clients from targeting victims in Russia, China, the is and Israel, nevertheless these provision were ignored and citizens of a number of these states were attacked.
Not only could attackers gain full access to e mail, passwords, screen, microphone, texts, phone calls, web browsing, photo and video. Their malware can infect PCs, Macs, Android, IOS and cloud accounts. They could even break into apps like Signal, whose encryption technology is meant to defeat precisely these sorts of exploits. This is the first time I’ve heard of a successful penetration of Signal. Though to be clear, the hackers have gained access to the Signal content once it’s downloaded to the target’s device. This involves hacking the device rather than Signal’s technology.
This is yet another example of Israel’s leading role in exporting the national surveillance state throughout the world. The IDF’s Unit 8200, develops battle-tested spyware to surveil Israel’s enemies. Veterans of the unit then enter the commercial world where they sell their expertise to the highest technology bidder. That in turn creates an attractive surveillance product to promote to foreign clients.
NSO and Candiru’s Major Client: Saudi Arabia
The NY Times reports that there are four Israeli cyber-malware companies, including NSO and Candiru, selling their wares to Saudi Arabia oppressive regime. But after its Crown Prince Mohammed Bin Salman ordered the assassination of dissident journalist, Jamal Khashoggi, NSO stopped doing business with the regime. Its Pegasus malware was widely accused of playing a key role in his murder.
After the murder, NSO made a big show of developing ethical principles which it would follow in deciding which clients it would engage with and which it would shun. It invited human rights groups to offer their advice on how to implement such protocols. It also hired lobbyists and consultants to ethics-wash its business practices. Among them was Julie Kayyem, who resigned after her involvement was made public. Another such figure was Daniel Shapiro, Obama’s ambassador to Israel.
The advisory group they joined advised NSO and its then private investor-owner, Francisco Partners, to end its business relationship with NSO, which it did. However, after Francisco’s ownership stake was purchased by Novalpina Capital, the new owners ignored the board’s advice and resume selling the technology which enables Saudi state terror:
…The Israeli government encouraged NSO and two other companies to continue working with Saudi Arabia, and issued a new license for a fourth to do similar work, overriding any concerns about human rights abuses, according to one senior Israeli official and three people affiliated with the companies.
Since then, Saudi Arabia has continued to use the spyware to monitor dissidents and political opponents.
The fact that Israel’s government has encouraged its private companies to do security work for the kingdom — one of its historic adversaries and a nation that still does not formally recognize Israel — is yet more evidence of the reordering of traditional alliances in the region and the strategy by Israel and several Persian Gulf countries to join forces to isolate Iran.
…NSO sold Pegasus to Saudi Arabia in 2017. The kingdom used the spyware as part of a ruthless campaign to crush dissent inside the kingdom and to hunt down Saudi dissidents abroad.
This makes clear that Israel willingly sacrifices human rights and human life on the altar of national interest. Bibi Netanyahu, who met “several times” with Bin Salman considers such meetings far more important to his country than the life of a renegade journalist.
The Times also notes that Candiru has been selling its product to the Saudis since 2018. The other two companies doing business there are Verint and Quaddream. Cellebrite too has contracts with the Saudis, but does business without defense ministry approval. Though the article doesn’t explain why, all of these companies create foreign subsidiaries which sign contracts with countries considered enemies of Israel (and therefore off limits for commercial relations). Cellebrite may have signed the Saudi deal through one of these subsidiaries and thus averted ministry oversight.
In response to a Times query, the ministry released this mendacious statement:
If the Defense Ministry “discovers that the purchased item is being used in contravention of the terms of the license, especially after any violation of human rights, a procedure of cancellation of the defense export license or of enforcing its terms is initiated.”
In fact, the ministry exerts no oversight to speak of regarding such exports. It also compels licensees to conceal the identity of their clients under threat of cancellation. The State does not wish the world to know with which dirty regimes it’s shacked up.
It’s immensely pleased with such commercial deals which are a major source of export revenue, they also project Israeli power abroad and advance the country’s interests (see below). Major media outlets, including the Times itself, have documented scores of cases in which Israeli technology has led not only to the arrest and jailing of innocent civilians, but to their death. Israel has made a cold, hard calculation that these products are more valuable than the freedom of individuals or even their lives.
There is one odd aspect of the Times article: Ronen Bergman, considered the Israeli journalist closest to Israeli intelligence, wrote a breathlessly glowing profile of NSO for Ynet in 2019, after he was given an exclusive interview by its CEO. He faithfully touted the company’s talking points about its products only being used to combat drug gangs and terrorism:
It helped bring down drug lords, thwart terror attacks and stop pedophiles, but despite its determination to paint itself as the enemy of ‘bad guys’ everywhere, Israeli tech company NSO Group is facing some unsavory claims…CEO Shalev Hulio talks for the first time about his life, his work and what he really wants to achieve with the one of the most sophisticated spyware in the world.
Either Bergman writes one version for his Israeli audience and a contradictory one for his NY Times audience; or he’s gotten religion and seen the error of NSO’s ways. Which is it?
As Israel implements racism and apartheid at home, it offers oppressive foreign governments new means of adopting the worst of Israeli practices in their home countries. Feeling threatened by dissidents organizing to topple your authoritarian regime? Need new methods to penetrate their movements and disrupt their plans? Look no further, Israel has a plan for you. From Kashmir to Moscow, from Tehran to Ramallah, Israel helps the worst of the worst hunt down the good guys and throw them in prison or worse (cf Jamal Khashoggi).
It’s of course no irony that the company takes its name from a fierce flesh-eating Latin American fish, the Candiru. Just as Israel gobbles up freedom and human rights and consumes them whole, Candiru assists intelligence agents and police thugs in exerting massive levels of social control and consuming all the oxygen in the political environment. The result, they hope, is suffocation of their enemies.
Candiru, as a private company, is not bound by Israeli laws which restrict contact with “hostile nations.” Thus the Qatari sovereign wealth fund could take a partial ownership stake in the company without running afoul of Israeli laws.
As Forensic Architecture noted in its presentation about NSO’s role in promoting state terrorism, exports of such commercial products, and investment in such companies by former Arab enemy states, advances Israel’s diplomatic interests. The Godfather once said: “I want my friends close and my enemies closer.” There are few motives stronger than greed and profit to cement ties between authoritarian regimes.