By Ersin Çahmutoğlu *
Today, when the world is integrated with cyberspace, many states are developing cyber strategies within the scope of national security. These strategies include cyber defense and cyber attack.
Through cyber technologies, the efforts of states for national security have become easier and more practical. The most important of these are undoubtedly cyber espionage instruments.
Today, cyber espionage instruments are among the leading instruments developed, purchased and used by intelligence services or security forces of states. These cyber espionage instruments are also known as spyware.
Who is eavesdropping on whom?
In recent years, eavesdropping by intelligence services has been carried out through highly specific cyber technologies. The foremost among these is spyware.
Due to the complex and uncertain nature of the cyber world, it is difficult to determine with certainty which state is behind a certain cyber espionage activity. For example, verifiable data is needed to be able to say with certainty, which is the state or actor eavesdropping on a state institution. In the light of some technical reports and disclosed information, it is possible to identify which states or actors carry out them and how.
The most famous spyware is Pegasus, a strategic product of the Israeli NSO Group.
Apart from the NSO Group, another Israeli company, Intellexa, founded in Greece, is the producer of the Predator spyware that has been much discussed around the world in recent days. Also dozens of Israeli companies and spyware companies in European countries are also known to be influential actors in the global cyber weapons industry.
Israel and the global cyber weapons industry
Israel plays an important role in the global cyber espionage industry. In the last 10 years, Israeli cyber espionage companies have been exporting cyber weapons to many countries around the world, especially European ones. According to 2021 official data, Israel exported $11 billion worth of cyber intelligence and software technologies.
It is believed that 80 percent of the founders and/or executives of Israeli companies held important positions in the Israeli technical intelligence units Unit8200 and Unit81 in the past. In addition, among the founders and directors of some companies are former Prime Minister Ehud Barak, former Mossad chiefs Tamir Pardo, Meir Dagan and Efraim Halevy.
The global activities of dozens of large-scale cyber espionage companies, including the NSO Group, are subject to specific Tel Aviv regulations. The Defense Export Control Agency (DECA) within the Israeli Ministry of Defense is the authority that authorizes the sale of these cyber espionage products.
NSO Group and Pegasus
Israel’s major player in this field is the NSO Group. Founded in 2010, the company has been one of the leaders in the global cyber espionage market for many years.
The NSO was founded by Niv Carmi, Shalev Hulio and Omri Lavie, former technical intelligence experts and former members of the Israeli military intelligence unit 8200. After the 2016 scandals the NSO has undergone several structural changes.
Numerous scandals about the NSO have been reported in the Israeli and international media. NSO has always been a controversial company, with scandals involving names on its management team and advisory board, shell companies in the British Virgin Islands and tax havens, wiretapping of high-level government officials, and spying on and killing innocent civilians.
As for the NSO’s strategic cyber weapon Pegasus, here we are dealing with a highly sophisticated cyber weapon. The nature of Pegasus, its specific aspects, prominent features and distinguishing characteristics can be read in a company document from 2014.
The leaked document describes Pegasus as follows: “Pegasus is a world-leading ‘spy’ in dynamic cyber warfare that secretly collects data from devices. This ‘spy’ was developed by the elite experts of intelligence agencies.”
The document states that Pegasus has superior capabilities and that the ‘spy’ can infiltrate the target person’s device anytime and anywhere. Pegasus can access all data on the infiltrated device. It has the ability to access encrypted files, read messages in apps such as WhatsApp, Signal, detect the actual location of the device via GPS and Cell ID and monitor it in real time.
Intellexa and Predator
Another well-known company is Intellexa, founded in Cyprus by Israeli Tal Dilian. However, after the scandal and legal problems that emerged in 2019, the company moved to Greece in 2020. Intellexa also has a sub-company, Thalestris Limited, registered in the British Virgin Islands.
One of the co-founders of the company is Avraham Shahak Avni, an Israeli businessman who is said to be the leader of a Jewish community in Southern Cyprus and the owner of the company NCIS Intelligence. Avni, who holds citizenship in Cyprus and Greece in addition to Israel, is said to have very close relations with the governments of both countries. It is known that Avni helped “solve” Tal Dilian’s problems in Southern Cyprus and helped move Intellexa to Greece.
At the heart of the recent spyware scandals in Europe, Intellexa’s main product Predator, was sold to several European countries. Especially the purchase and use of Predator by the Greek intelligence service EYP has led to scandals. In the wake of the scandals, EYP’s chief Panagiotis Kontoleon resigned.
Intellexa competes with NSO and these two companies, the biggest players in the cyber weapons industry, are thought to dominate the market. Just like NSO’s Pegasus, Intellexa’s Predator has similar features and specific capabilities. Both cyber weapons are valued at over 10 million Euros.
Other Israeli and European actors
Apart from these companies, many other Israeli companies are active. Paragon, founded by former Israeli Prime Minister Ehud Barak, XM Cyber, founded by former Mossad chief Tamir Pardo, and Black Cube, run by former Mossad directors Meir Dagan and Efraim Halevy, are some of the most notable of these companies.
A recent example is Dream Security, a spyware company founded by former Austrian Prime Minister Sebastian Kurz and NSO founder Shalev Hulio, which has been in the news in recent weeks. It is seen that those who lead this sector in Israel continue their activities in the field at full speed with new initiatives.
Companies such as Cellebrite, Cognyte, Kaymera, Verint, Ability and Rayzone, which have been active for a long time, are also noteworthy. Finally QuaDream developed a product targeting “0-day” weaknesses in the latest model iPhones for states such as Saudi Arabia.
Apart from Israeli companies, many countries in Europe are also important actors in the spyware market. The activities of countries such as France, Italy and Germany first became widely known in the early 2010s.
The Italian company Hacking Team (now known as Memento Labs) is one of these companies. RCS Lab, which is very influential in Italy today, is also known for its eavesdropping systems developed for telecommunication weaknesses around the world.
Though not as active as in the past, there are companies in France and Germany that operate in the field of cyber espionage, but most of them face some legal regulatory problems.
Eavesdropping activities in Europe
After 2020, spyware scandals broke out in many European countries and were called “Europe’s Watergate”. In May 2021, the European Parliament established the PEGA Committee to investigate Pegasus and related spyware.
The main players in these scandals are the Israeli NSO Group and Intellexa, a Greek company of Israeli origin. These companies have many European clients. The reports draw attention to Southern Cyprus, which has been identified as the gateway to Europe for Israeli spyware companies.
NSO’s Pegasus spyware has been discussed mostly since 2018. At that time and since, it was revealed that Pegasus had been used to spy on political opponents, prosecutors, lawyers, journalists and businesspeople in countries like Spain, Hungary, Poland, Malaysia, India, the United Arab Emirates and Saudi Arabia.
Intellexa is mostly discussed in countries like Greece, Southern Cyprus, France and Spain. Last April, Spain’s intelligence chief and in August Greece’s intelligence chief resigned due to spyware scandals. It was also revealed that Intellexa’s spyware had targeted many senior politicians and lawyers in Europe, including the European Parliament.
Spyware threat will grow
The growth of the cyber-espionage market and the power of cyber-weapons show how great the danger is in the future. Many countries around the world, particularly in Europe, have expressed the need for tough and effective action against spyware.
Global concern over Israeli spyware targeting heads of state, businesspeople, prosecutors, judges, journalists and innocent people is growing as new scandals come to light. It is discussed that states and international organizations should take measures against the production and export of spyware that threaten states and citizens.
* Cyber security expert.