intellexa – Techdirt (original) (raw)

Investigation Shows Israeli Malware Firms Pitching Spyware To Embargoed Countries, Serial Human Rights Abusers

from the never-even-bothering-to-ask,-are-we-the-baddies? dept

As we’re all painfully aware by now, former Israeli intelligence analysts are capable of producing private sector malware companies faster than the CIA can produce successful coups.

While both are capable of handing over inordinate amounts of power to truly terrible people, only the Israeli companies have been formally asked by the US federal government to knock it the fuck off.

The sanctions handed down by the US Commerce Department were the direct results of months of negative press detailing the endless abuse of Israel-based NSO Group’s malware by the abusive governments it chose to sell to, including several countries listed in the world yearbook as Most Likely To Want Israel Dead.

NSO and Cytrox — companies that both have extensive sordid histories — were sanctioned. NSO, despite being best buddies with the Israeli government, found itself being investigated by the same government that had aided and abetted its malware sales to international death merchants, resulting in the extremely belated trimming of “Acceptable Customers” list.

The negative press has failed to subside. But not all of it is NSO-focused. Plenty of other Israeli companies founded by ex-Israeli intelligence analysts have similarly chosen to sell spyware to the worst governments on earth, resulting in the sort of worldwide press that’s normally the result of press junkets by confirmed misanthropes.

Every country has its own blacklists. The UN maintains its own. Several other not-specifically blacklisted countries are just considered bad to do business with. But, for Israeli malware merchants, nothing was off limits, even when some of it actually (in the legal sense) was.

This investigative report published by Israeli news outlet Haaretz provides more details on Israeli spyware firms and the questionable governments they chose to do business with. Most of this was facilitated by a third party located outside of Israel, providing plausible deniability to the Israeli malware firms it represented. Deniability, however implausible, was definitely needed, considering the deals being brokered by this third party.

A global investigation published Thursday into Intellexa, an alliance of digital arms and surveillance firms owned by Israelis but operating from outside of Israel, reveals how the company sold its spyware to Egypt, where it was used against critics of the regime. Intellexa also pitched its capabilities to Saudi Arabia, Malaysia, Cameroon, Mauritius, Sierra Leone and others, per the investigation.

The front group was headed by ex-Israelis, but located conveniently offshore in locations that are often home to entities that wish to evade the legalities of doing business in their own countries. Intellexa, most recently registered in Greece, also calls Ireland and North Macedonia “home.”

From these home bases, Israeli-created malware could be pitched to countries the Israeli government refuses to (officially) do business with.

According to the investigation, in 2021 a sales pitch was made to the regime of Khalifa Haftar in Benghazi, which controls eastern Libya. The regime is under an international arms embargo but the offer – bearing the logos of Intellexa and AMES – included cell phone spyware. A deal was ultimately signed for other eavesdropping and cellular interception technology, however, getting the tech to the sanctioned regime was a problem.

“We have a request from a super bad country,” the French CEO told the company’s legal advisor in a May 2021 phone call. “I wanted to know if it is completely prohibited, or what our options are.” The legal counsel was unequivocal: “Forget about it… You know about the arms embargo, about the EU effort against Libya. They are very strict.”

This deal, headed up by the French CEO of Dubai-based Advanced Middle East Systems (AMES), ultimately fell through. A similar pitch was made to the government of Egypt in 2019. That deal — which followed the Arab Spring uprising in that country — apparently went through. Subsequent investigations of spyware-infested phones linked the infections to Israeli-produced spyware deployed by the Egyptian government against exiled politicians and opposition leaders.

This partnership with an autocratic government — one apparently aided by former Israeli Prime Minister Ehud Olmert’s work for Intellexa — was a success, one celebrated by executives thrilled to have made the world just a little bit worse.

At the end of 2020 a contract was signed. The French CEO reported this in the Nexa-Intellexa WhatsApp group – adding three champagne bottle emojis. “Amazing,” Intellexa’s VP of Sales replied, with Dilian adding: “Great!!! Happy New Year.”

If there’s any upshot — at least for NSO Group — it’s that NSO is not the actual worst of the worst when it comes to Israeli spyware sellers. That title belongs to those who have flown further under the radar, thanks in large part for their use of foreign-based fronts for international sales.

Unlike Pegasus spyware maker NSO, which is regulated by the Israeli Defense Ministry and sold its wares to Saudi Arabia with Israel’s blessing, Intellexa has long operated outside of Israel and away from Israeli oversight.

The only upside here is that these companies have yet to produce phone malware as powerful as NSO’s flagship product, the zero-click Pegasus exploit. But even their off-brand knock-offs are capable of compromising phones, even if they might require a bit more direct interaction with their targets. But there’s no real good news to report. This latest set of revelations confirms what’s always been feared: that “good guys” with malware are more than willing to sell their products to the “bad guys” of the world.

Filed Under: human rights, israel, malware, surveillance
Companies: ames, cytrox, intellexa, nso group

Phone Malware Company Linked To Greek Domestic Surveillance Scandal Raided By Law Enforcement

from the bad-times-for-bad-actors dept

NSO Group isn’t the only phone malware firm to draw international attention. Sure, NSO’s decision to sell to human rights abusers and aid/abet surveillance of journalists, lawyers, government critics, and political leaders drew the most attention, but there were others. And all of these malware purveyors seem to have sprung from the same source: spies whose last employer was the Israeli government.

NSO Group and its lesser known competitor, Candiru, managed to secure themselves sanctions from the US Commerce Department. In addition, NSO found itself targeted by the very government that allowed it to flourish before the bad press started rolling in.

Meanwhile, another exploit developer flew under the radar, only surfacing occasionally until it finally found itself at the center of a surveillance scandal. Cytrox, owned by Intellexa, sells its Predator malware to government agencies around the world. One of those customers was the Greek government, which apparently used it to target leaders of opposition parties — the sort of thing people generally don’t want allegedly democratic governments to be doing.

Following the resignation of the head of the Greek government’s intelligence service, the government finally decided to start policing itself. But, instead of erecting rules preventing this sort of abuse, it amended its surveillance laws to make it easier for the government to plausibly deny engaging in abuse of its surveillance powers. The stated goal was more transparency. The end result was something else entirely, even if it did finally provide potentially surveilled Greek citizens with an avenue to obtain information about domestic surveillance efforts.

Perhaps this is just a minimal effort meant to make the Greek government look a little less authoritarian, but it’s still surprising. According to this report from Haaretz, Cytrox is now facing the sort of scrutiny that involves armed officers breaking down doors and seizing anything they can find.

Greek police raided the Athens offices of the Israeli company behind the Predator spyware on Tuesday, local media reported, the latest turn of events in a months-long wiretapping affair that has rocked Greece over the past several months.

The offices of Intellexa, the Israeli-owned spyware company, and five other firms were raided by police in the Greek capital, Kathimerini reported on Tuesday. The raids also targeted the company executives’ homes.

The raid of the offices is unexpected. That this was extended to the homes of executives shows the Greek government is possibly aware the offices may have been cleansed of anything incriminating shortly after news broke of the illegal domestic surveillance.

It may also be an indication the government realized the surveillance scandal wasn’t simply going to evaporate into the news cycle ether. More bad news arrived shortly before this raid.

On Sunday, Greek newspaper Documento released a dossier revealing that dozens of acting ministers, military leaders, businessmen and media figures were also under surveillance.

Pretty much NSO Group, in other words. Give governments powerful surveillance tools capable of compromising phones and you should expect, at minimum, periodic abuse. The tools are too powerful and too tempting to be used only for the objectives stated when acquiring the malware. You know, things like criminal investigations of violent crimes or protecting the nation against terrorist attacks. Once acquired, governments — even those not considered to be habitual rights abusers — tend to target anyone deemed a threat to leaders’ job security, which is not nearly the same thing as national security.

Haaretz also reports Cytrox/Intellexa is being sued by Thanasis Koukakis, an investigative journalist apparently targeted by the malware. It’s not a civil suit. It’s a set of criminal accusations, filed with prosecutors in Athens.

That being said, there will be no day of reckoning for these governments or the tech companies who sell them the exploits they abuse. There will be case-by-case wins, but rest assured, the nasty business of malware development will continue. There are far too many well-paying customers out there, many of which appear to desire better ways to keep an eye on people governments don’t like, all while trying to maintain the pretense these acquisitions are necessary to securing nations and ensuring public safety.

Filed Under: greece, malware, predator, spyware, surveillance
Companies: candiru, cytox, intellexa, nso group