Israeli Surveillance Startup That ‘Hacks WhatsApp And Signal’
Paragon Solutions doesn’t have a website. There’s very
little information at all about them online, even if the Tel Aviv-based
smartphone surveillance startup’s employees are all over LinkedIn, more than 50
of them. That’s not a bad headcount for a company that’s still in stealth mode.
But it does have a cofounder, director and chief shareholder
that will turn heads: Ehud Schneorson, the former commander of Israel’s NSA
equivalent, known as Unit 8200. The other cofounders - CEO Idan Nurick, CTO
Igor Bogudlov and vice president of research Liad Avraham - are ex-Israeli
intelligence too. Also on the board is cofounding director and former Israeli
prime minister Ehud Barak.
They also have a significant American financial backer:
Boston, Massachusetts-based Battery Ventures. According to two senior employees
at companies in the Israeli surveillance industry, who spoke on the condition
of anonymity, the venture capital business put in between $5 and $10 million,
though Battery declined to comment on the nature of its investment, which is
only mentioned in brief on the company’s website.
Paragon’s product will also likely get spyware critics and
surveillance experts alike rubbernecking: It claims to give police the power to
remotely break into encrypted instant messaging communications, whether that’s
WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One
other spyware industry executive said it also promises to get longer-lasting
access to a device, even when it’s rebooted.
The startup, founded in 2019, is quietly building up steam
at a time when its ilk in the smartphone hackers-for-hire industry are under
heavy fire. The Pegasus Project, a coalition of nonprofits and global
publications, this month claimed to have uncloaked worldwide surveillance of
journalists, lawyers and high-profile elected politicians by clients of
Israel’s best known spyware provider NSO Group.
The company’s CEO has rebuffed the claims made by the
Project’s partners, saying it had no evidence that its tools were used to
target those named in reports, from the wife of murdered journalist Jamal
Khashoggi to French president Emmanuel Macron. The French government has
already begun its investigation, but other administrations around the world are
now being called on to probe just who was hacked by NSO’s spyware and why. Even
before the Pegasus Project, Microsoft president Brad Smith warned the $12
billion industry as a whole represented a threat, writing: “An industry segment
that aids offensive cyberattacks spells bad news on two fronts.
First, it adds even more capability to the leading
nation-state attackers, and second, it generates cyberattack proliferation to
other governments that have the money but not the people to create their own
weapons. In short, it adds another significant element to the cybersecurity
threat landscape.”
A senior executive at Paragon, who declined to comment on
the record, told Forbes that he did not want to talk about its products. He
said the company does not yet have customers. But, in an attempt to avoid the
trouble NSO has had with some of its clients who were barred over misuse, the
executive added that Paragon would only sell to countries that abide by
international norms and respect fundamental rights and freedoms. Authoritarian
or non-democratic regimes would never be customers, he added.
Two industry sources said they believed Paragon was trying
to set itself apart further by promising to get access to the instant messaging
applications on a device, rather than taking complete control of everything on
a phone. One of the sources said they understood that Paragon’s spyware
exploits the protocols of end-to-end encrypted apps, meaning it would hack into
messages via vulnerabilities in the core ways in which the software operates.
The company’s staff, according to LinkedIn profiles, have
strong backgrounds in surveillance, with its VP of operations and HR lead being
ex-NSO, and many of its developers coming from Israel Defense Forces
intelligence units. One of its software developers, Alon Weinberg, previously
presented research on hacking the software running on Intel and AMD chips at
famous U.S. hacking conference Def Con.
Israeli surveillance on American money
With an American backer, it appears Paragon is going to try
and crack American law enforcement agencies where others like NSO have failed.
According to a LinkedIn profile, a 30-year veteran of Israeli intelligence,
Menachem Pakman, has been employed to help find business in the U.S. There’s no
indication that they have clients across the Atlantic yet, however.
According to the corporate filing for the company, Battery
invested via two of its venture capital vehicles in September 2019, indicating
it helped launch the business, while its Israel-based vice president Aaron
Rinberg is a board observer at Paragon. Battery, which has raised more than $9
billion since its founding in 1983, has claimed some hugely successful
investments in its time, including Coinbase, Groupon, Splunk, SkullCandy and
Pokémon Go creator Niantic. The company hadn’t commented on its investment in
the Israeli smartphone surveillance game at the time of publication.
John Scott-Railton, senior researcher at Citizen Lab at the
University of Toronto’s Munk School, said that if the aim of Paragon’s business
is to help American agencies target Americans, then it needs to be scrutinized.
“Any American investor that is putting money into the industry right now,
urgently needs serious scrutiny. We are going to need to know who their
customers are.
We’ve learned what happens when the industry operates in
secrecy and says they care about protecting human rights,” he said. “The
hack-for-hire industry has gone way far out on a legal limb.” The Paragon
executive said the company would not disclose future customers.
Paragon isn’t the first Israeli company to take American
venture capital on launch. Toka, which focuses on helping law enforcement hack
into Internet of Things devices like Amazon Echos for forensics or during
property raids, raised $12.5 million in 2018, in a round that included funding
from Dell Technologies Capital and Andreessen Horowitz. NSO, meanwhile, was
majority-owned by U.S. private equity firm Francisco Partners until a U.K.
private equity company, Novalpina Capital, took control.
Paragon’s leadership are also in the interesting position of
working for both cyber defense and offensive companies. The CEO Nurick is
cofounder of Hunters.ai, a startup promising artificial intelligence that can
hunt down hackers on a network and is backed by Microsoft’s investment arm M12.
Schneorson is listed as a board member of that business and as an advisor for
ZecOps, a mobile security business that has, in the past, uncovered phone hacks
developed by surveillance businesses.
Comments
Post a Comment