Israel's cyberattack industry crumbles

Quadream's offices in Ramat Gan  credit: Nir Elias, Reuters
Quadream's offices in Ramat Gan credit: Nir Elias, Reuters

The closure of NSO-competitor Quadream is but the latest blow, as tougher export regulations send know-how fleeing overseas.

On Sunday evening, the employees of another cyberattack company received notice that their workplace was about to shut down. This time, it was the turn of Ramat Gan-based Quadream, which maintains secrecy and whose managers have never given interviews. But if in the past it was smaller cyberattack companies that were closed - such as Nemesis - or cyberattack divisions of larger companies - as happened at Cognyte - the closure of Quadream indicates that the damage to the spyware industry in Israel has gone deep into the core.

Quadream is not just another cyberattack technology company. It is one of the main competitors of NSO in offensive intelligence that enables security authorities to take over remotely the telephones of terror or criminal suspects and pump out their contents, alongside companies such as Candiru and, with all its differences, American-funded Paragon Solutions.

The pressure of the Defense Exports Control Agency (DECA) in the Ministry of Defense to restrict sales licenses for spyware to democratic countries only, a restriction that came into force in early 2022 following the NSO affair, and pressure from the US government, are taking their toll, and have so far led to the closure of three companies and the layoffs of hundreds of people. NSO itself dismissed 150 employees last August. Dozens of people who were employed in spyware development roles and in identifying cyber weaknesses in such companies are believed to have left Israel in the past couple of years for countries like Greece, Cyprus, Macedonia, Singapore, and the UAE, in order to develop competing solutions for overseas companies. The judicial overhaul in Israel has further spurred this exit, according to sources familiar with the matter.

Therefore, the sources say, the weakening of the spyware industry because of US pressure and the lack of willingness on the part of the Ministry of Defense to pursue an active policy are liable to lead in the long term to a weakening of Israel’s advantage in this field, and the transfer of know-how to countries like Singapore and the UAE, and from there even to China and Iran.

Long decline

Quadream, which until a few days ago employed 40 people, has been in a prolonged process of decline in the past year, since the Ministry of Defense introduced its restrictions on the export of Trojan Horse spyware that enables security forces to take over suspects’ telephones.

Until 2021, Quadream was substantial company with dozens of employees selling its spyware system to a double-digit customer list. Quadream tried to take market share from NSO in the Middle East, Africa, and East Asia, and it was reported in the past that it had sold its system to countries such as Ghana and Saudi Arabia. The media storm surrounding NSO in July 2021 and the subsequent placing of that company on the US Commerce Department’s "Entity List", barring US companies from doing business with it without special permission, gave Quadream a golden opportunity to take market share among customers that did not want to be involved with an Israeli brand linked to a scandal. As "Globes" revealed, a Quadream sales team visited Morocco a few days after the report in "Le Monde", which was denied, that Moroccan intelligence services were eavesdropping on people in France using NSO’s Pegasus software.

US pressure

A month ago, Quadream was exposed on its own initiative for the first time when it responded to a claim by a former employee in the Bat Yam Labor Court. Quadream revealed that, together with the entire cyberattack industry, it was in the midst of a crisis that had led it to lay off employees in the past few months. "The crisis in the industry began with the public exposure of the activity of some of the companies from 2018 onwards, leading up to the US Commerce Department placing NSO and Candiru on its Entity List in November 2021," Quadream’s statement of defense said. "Immediately after that, in early 2022, the regulator in Israel decided to reduce the number of countries to which it would be permissible to sell the products of the companies in the industry from 102 to just 37, which caused a severe financial crisis in the entire industry," the statement continued.

As a result, Israeli companies that sought to sell new systems to non-democratic countries like the UAE, Bahrain, Qatar and Saudi Arabia, or even to partially democratic countries such as India, Poland, Azerbaijan, or Argentina, met with refusal from DECA.

Quadream also said last month that in November 2022 a sharply negative development had taken place in its business that harmed its cash flow. "In order to avoid the fate of other companies in the industry, the company was compelled to carry out substantial cuts in its workforce in a deep and painful round of layoffs, including some managers at the most senior level," it stated.

A week ago, research organization Citizen Lab, part of the University of Toronto, claimed that Quadream’s spyware had helped the governments of Ghana, Mexico, the UAE, the Czech Republic, and Bulgaria to carry out surveillance on their own citizens.

Beneficiaries of the crisis

Paragon Solutions, a company founded Ehud Schneorson, a former commander of IDF signals intelligence unit 8200, Idan Nurick, Liad Avraham, and Igor Bogudlov, has escaped the pressure from DECA and the US government. The company, which has raised tens of millions of dollars from Battery Ventures, Red Dot Capital Partners, former prime minister Ehud Barak, and former NSO CEO Eran Gorev, employs some 200 people. It was founded in the first place to serve democratic countries only, in Western Europe and North America, and is believed to sell systems to fifteen customers. One of these, as reported by "The New York Times", is the US Drug Enforcement Administration.

Unlike its competitors, Paragon addresses a niche of customers prepared to compromise on a solution that does not make use of a telephone’s camera and microphone to monitor suspects, but only extracts unencrypted messages from chat apps, which covers most of the requirements for surveillance of criminal suspects.

Other beneficiaries of the toughened policy of the Ministry of Defense are Israelis who develop competing systems overseas, evading DECA’s supervision. Prominent among these is Tal Dilian, who sells spyware product Predator through his company Intellexa from Greece and North Macedonia. Among his customers are the authorities in Greece.

UAE-based DarkMatter Group also attracts Israelis who work for it from Cyprus and Dubai, while Singapore assists a group of Israeli former security people who live there in developing software that exploits cyber weaknesses.

Published by Globes, Israel business news - en.globes.co.il - on April 18, 2023.

© Copyright of Globes Publisher Itonut (1983) Ltd., 2023.

Quadream's offices in Ramat Gan  credit: Nir Elias, Reuters
Quadream's offices in Ramat Gan credit: Nir Elias, Reuters
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018