The company trying to give cyber intel a good name

Paragon Solutions, backed by former prime minister Ehud Barak and Battery Ventures, hopes to succeed by playing by the rules.

When the administration of US President Joe Biden was formed a year ago, it adopted an aggressive attitude towards cyberattack companies whose products make it possible to take over computers and telephones and extract their contents. Last November, the administration placed Israeli companies NSO and Candiru, alongside companies from Singapore and Russia, on its list of companies acting against US national security and foreign policy interests. This status makes it very difficult for NSO to continue working with US security agencies.

As reported by "Globes" last week, NSO is examining acquisition offers by US funds at a valuation of $1-1.2 billion, with the aim of becoming a US company and being removed from the blacklist.

To close ranks, Biden convened the Summit for Democracy, with the participation of 100 countries that in his view maintain the values of an enlightened democratic regime, and condemned companies developing invasive technology and aiding dictatorships and semi-democracies to spy on opponents of the regime, political rivals, journalists, and human rights activists.

The activity of the Biden-Harris administration comes after years of investigations by human rights organizations like Citizen Lab, Amnesty, and Forbidden Stories, prominent press and media outlets like "The New York Times", the "Telegraph", and CBS network's "60 Minutes", as well as lawsuits by Facebook and Apple. All these things brought about international negative public sentiment towards the Israeli company from Herzliya that makes it possible, at the push of a button, to take over a telephone remotely, record conversations via its microphone, film via its camera, or determine its location, without its owner knowing.

Investigative reports by "Calcalist" the other week into the use of its technology by the Israel Police only worsened NSO's standing in the eyes of the Israeli public, although most of the criticism was directed at the police.

All the same, even in Western governments, including the Biden administration itself, it is recognized that there is no avoiding the use of Trojan horses and various technologies that infringe citizens' privacy. Crime organizations use encrypted communications, on apps such as Telegram and Signal, and in countries like Russia and China the problem has been solved very simply: giant US companies like Google and Meta, and Chinese ones like WeChat and Weibo, provide the authorities with the key to read chat or listen to voice calls on their apps without having to break the encryption.

European intelligence services were caught helpless by the terrorist attacks on them by Isis in 2015-2017. This was despite the fact that European countries were pioneers of planting Torjan horses and developing vulnerabilities for hacking telephones, among them Italian company Hacking Team, which was shut down and re-emerged as Memento Labs, and Amesys, which sold eavesdropping technology to General Gaddafi's Libya and to Egypt, was shut down, and re-emerged in the UAE.

This is the reason that even enlightened Western democracies - such as Germany, which recently bought a system from NSO - are adopting more and more technologies for planting Trojan horses for their police forces and intelligence agencies. Governments also understand that even if NSO divests itself of its Pegasus software - which is not currently on the agenda - other companies are already on the starting line to replace it. Israeli company Quadream is selling to Middle Eastern and African countries systems with capabilities similar to those of NSO, in collaboration with a Cypriot sales company InReach Technologies, while Cognyte, formerly the offensive cyber division of Verint, is already developing the next generation of its Trojan horses in a secret division called Ace Labs. And it's not just Israeli companies: there are offensive cyber companies with high capabilities in France, Switzerland, the UAE, and the US.

At the same time, these companies are pondering their future. The way it looks now, from a market in which many NSO-like companies are operating in secret in a race to provide remote hacking of telephones, alongside other intelligence services such as monitoring activity on the Internet - the market is dividing into two: those that wish to abide by Western moral criteria, and those that will continue to serve dictators and semi-democracies, burning their bridges with the West. Quadream and Cognyte, as we have previously reported, are at this crossroads.

On the one hand, they have the technological ability to compete with NSO and take market share in Western and Middle Eastern countries - Cognyte is currently active in the UAE and Quadream in Saudi Arabia. On the other hand, the growing pressure from the Ministry of Defense after the arms export rules were tightened, the Biden administration's policy, Meta's actions against Israeli intelligence companies, and the public atmosphere in Israel and the world, have led them to review their activity, and consider whether perhaps they should come closer to the US consensus.

One company trying to adapt to the new era is Paragon Solutions, an offensive cyber company founded two-and-a-half years ago by former IDF intelligence unit 8200 commander Ehud Schneerson, and Idan Nurick and Igor Bogudlov, who served in the unit, together with former prime minister Ehud Barak. The company is shy of publicity, refuses to talk to the press, and has no Internet presence, other than a page on social media site LinkedIn, which it uses to recruit workers.

Nevertheless, from talking to a source who had business contact with Paragon, it appears that the company has imposed stricter restrictions on itself than its competitors have. First of all, the company does not extract the entire contents of a device that it targets, but only transactional information, that is, only information from conversations via chat apps like Telegram and Signal, whether voice or written. For example, it will facilitate recording of a telephone conversation between two parties, but will not use a telephone's microphone to record conversation between people in a closed room. It is thus suitable for police forces and intelligence agencies that seek to abide by a narrow definition of telephone tapping.

Secondly, the company has limited itself to dealing with intelligence agencies, security agencies, and police forces in only 39 countries that meet the standards of an enlightened democracy.

Before Paragon undertakes a pilot program, it checks various criteria to establish whether the country in question comes within the definition of an enlightened democracy: a functioning, independent system of justice; criminal injunctions by the justice system only in cases of serious crime or security offences, but not of suspected sedition or political opposition; and a parliamentary committee that oversees phone tapping by security agencies. Countries like Poland, Romania, and even India, the largest democracy in the world, are not on the list, for reasons to do with, for example, high levels of corruption and a lack of sufficient separation of powers between arms of government.

Some of this stems from the fact that the company has American DNA. It raised initial capital from Battery Ventures, a high-profile US-based venture capital firm, which has among its Israeli investments Anobit, which was sold to Apple, and JFrog, which was floated in New York. The investment from Battery Ventures was, however, managed from the firm's Israeli branch, by Itzik Parnafes, who has since left the firm.

Sources inform "Globes" that, when the company was set up, it received investment personally from Eran Gorev, a partner in private equity firm Francisco Partners. Gorev was involved on Francisco Partners' behalf in the acquisition of rival company NSO in 2014, and served as CEO and chairperson of that company until 2019, when founders Omri Lavie and Shalev Hulio bought out Francisco Partners' stake at a valuation of $1 billion. Gorev has meanwhile sold his shares in the company through a trustee.

How does Paragon's technology work? Like its competitors, it apparently plants a Trojan horse in the user's telephone, but it's a weak sort of Trojan horse that monitors chat applications only, such as Telegram and Signal. The system adapts itself to telephone tapping warrants, which contain permits to gather information between specific dates, and to gather historical information.

Despite its ethical scrupulousness, or perhaps because of it, Paragon still has no active customers. It is in pilot programs with security agencies in East Asia and Western Europe, after something of a delay in the development of its products.

In the past year, the company has grown to 110 employees, most of them people recently demobilized from the IDF who served in 8200's cyber units, and the rest former employees of companies like NSO, Check Point, Cobwebs Technologies, and Cyberbit. Paragon has raised $30 million since it was founded from Ehud Barak, Battery Ventures, and Yoram Oron's Red Dot Capital, which has also invested in Global-e and Aramis.