Israeli companies face Trojan horse dilemma

Israeli cyberattack companies like Cognyte and Quadream are torn between filling the vacuum left by NSO, or abandoning the business.

The diplomatic and media storm around Israeli cyberattack company NSO Group is not abating. In addition to its attempts to remove its name from the US Department of Commerce blacklist, on which it was put in November, NSO is also preparing to change its strategy. NSO is mulling selling Pegasus, its controversial Trojan horse spyware, and becoming a cybersecurity company.

NSO is not operating in a vacuum and events are being carefully monitored by its existing and potential rivals. So while the US administration conducts a public campaign against cyberattack companies, other companies are also considering their next steps and possible new moves.

Sources inform "Globes" that Israeli company Cognyte (Nasdaq: CGNT) is currently holding discussions about its Trojan horse product, which it developed as part of its Ace Labs activities. The company is waiting to see what becomes of NSO and will decided accordingly. If US actions against Israeli cyberattack companies intensify, Cognyte is likely to sell its Trojan horse activities, or even shut them down. Another option that the company is considering is to capture at least some of the market vacuum left by NSO, if Pegasus is taken off the market. Cognyte has the legitimacy of a publicly-traded company on Wall Street, a strong presence in the Middle East, and capital that would allow it to invest in gaining the customers that NSO might lose.

A Trojan horse that doesn't compete directly with NSO

Cognyte does not compete directly with NSO. The company operates primarily in providing platforms that intercept intelligence transmissions for government agencies and security forces engaged in intelligence gathering, from various sources like social media networks, the dark web and phone networks in order to track terror and criminal suspects.

Cognyte achieves this, among other things, by connecting to the switches of telecom providers in countries like the UAE, where it operates as part of a contract worth hundreds of millions of dollars, and also by overseeing data transmissions on international fiber optics cables.

But in recent years, Cognyte has also developed Trojan horse software activities through its Ace Labs division. The software serves the user and allows devices to be breached in order to record and document telephone conversations or surveille data. The Trojan horse is installed after a tactical device is placed close to the person being monitored and 'hijacks' the device's WiFi connection and installs the Trojan horse software through the hijacked connection.

However, Cognyte has not gone all the way - its Trojan horse software only focuses on Android devices and in order to 'infect' the end device the user must be coaxed into clicking on a link, so that the software will be installed without them knowing. In contrast, NSO's Pegasus can infect both iPhones and Android phones without any contact, or action by the targeted user. In addition to the UAE, Cognyte has customers in Mexico, Singapore and South Sudan.

Share price has fallen 50% this year, the image has been tarnished

Despite the big opportunity that stands before Cognyte, the company has suffered recently from a sharp fall in its share price and damage to its image and brand, following a report issued by Meta (formerly Facebook) about Israeli intelligence surveillance companies.

Cognyte's share price has fallen 50% since January 2021, among other things due to its fall in profitability and lack of revenue growth, an almost precise mirror image of the movement in the share price of Verint Systems (Nasdaq: VRNT), from which Cognyte was spun off at the start of the year, which has risen 50% this year. Verint's rival NICE-Systems Ltd. (Nasdaq: NICE; TASE:NICE) has also had a good year with a 10% rise in its share price and market cap, making it the most valuable Israeli company on Wall Street.

Two weeks ago, Meta announced that it had removed 100 Facebook and Instagram accounts connected to Cognyte and its customers, after it claimed that Cognyte allowed security forces to manage fake profiles on the social networks, implement social engineering and gather information about users in countries including Israel, Serbia, Kenya, Morocco, Mexico, Jordan, Thailand, and Indonesia. Among those targeted, according to Meta's report, were journalists and politicians. However, Meta's criticism is not connected to Trojan horse software but intelligence products based on monitoring web intelligence (webint).

Quadream is also examining what to do with Trojan horses

Another Israeli company, which over the past few weeks has been weighing up its next move, is Quadream, which is considered NSO's biggest rival on global markets for contactless installation of Trojan horse software. Quadream is based in Israel and sells worldwide through Cypriot based sales company InReach, which is managed by Roy Glasberg Keller and owns the shares in Quadream.

The company is also considering what to do next with on the one hand the opportunity that they have identified to capture a share of the companies not working with NSO, such as the Moroccan government, or change strategy which would include jettisoning to some extent Trojan horse activities.

"The state benefits and now it is abandoning us"

A senior manager at one of Israel's cyberattack companies told "Globes," "Those managing cyberattack companies, who helped in the global struggle against crime and terror, are going through a difficult period that includes re-evaluating their position in the industry. There is a saying heard everywhere that reflects the frustration of the entrepreneurs: why not leave cyberattack and sell weapons, it's easier.

"After all for a long time, the state benefitted from the hegemony of Israeli cyberattack companies on the world market and the flow of revenue from taxes and the option of granting these systems as a gift for friendly countries but when they were called on to protect us, they abandoned us. Hypocrisy rules and meanwhile American cyberattack companies get the backing of their administration, while Apple and Facebook attack Israeli companies."