Despite blacklisting the Israeli NSO Group spyware company last year, the US has been using spyware from different Israeli firms to hack mobile phones, The New York Times reported on Thursday.
The Drug Enforcement Administration has deployed a tool called Graphite, made by the Israeli firm Paragon, five people familiar with the agency’s operations told the Times.
Paragon has largely avoided the limelight and doesn't even have a website. Last year, Forbes revealed that the firm was cofounded and directed by Ehud Schneorson, the former commander of the IDF Intelligence Directorate's Unit 8200, and former prime minister Ehud Barak.
The firm claims to give customers the power to remotely break into encrypted messaging platforms, such as WhatsApp, Signal, Facebook Messenger and Gmail, according to Forbes.
At the time, a senior executive at Paragon told Forbes that the company did not yet have customers and would only sell to countries that abide by international norms and respect fundamental rights and freedoms.
The company is also backed by the American venture capital business Battery Ventures.
The DEA told the Times that "the men and women of the DEA are using every lawful investigative tool available to pursue the foreign-based cartels and individuals operating around the world responsible for the drug-poisoning deaths of 107,622 Americans last year."
The Times additionally found that the CIA had purchased NSO's Pegasus for the government of Djibouti under the Trump administration and that the FBI had attempted to deploy Pegasus as well in 2020 and 2021, but eventually abandoned the idea.
US blacklists two Israeli spyware firms, but still uses other firms
Last year, the US Commerce Department placed NSO and another Israeli firm called Candiru on a blacklist, banning American companies from doing business with them. The White House has also warned that it would fight the "illegitimate use of technology, including commercial spyware and surveillance technology, and we will stand against digital authoritarianism.”
The administration's action against commercial spyware hasn't stopped it from allowing the DEA to use Graphite against drug cartels. A DEA official told the Times that the spyware has only been used against targets outside the US.
While Graphite can invade mobile phones to extract data, it is distinct from NSO's Pegasus as it collects data mostly from the cloud, while Pegasus collects data from the phone's storage. This fact can make Graphite harder to discover, cybersecurity experts told the Times.
Last month, Wired revealed that Corellium, a cybersecurity startup that sells phone-virtualization software for catching security bugs, sold its tools to spyware companies in Israel, the UAE and Russia, including Paragon and another Israeli company called Cellebrite. The company also provided trials of its tools to the NSO Group, but decided not to sell them the tools after a vetting process.
Israel restricting spyware trade amid confusion surrounding US policy
Amir Eshel, the director general of the Defense Ministry, noted to the Times that they have been trying to get the US to explain its redlines on commercial spyware, saying "senior government officials are not ready to answer us, address the issue or explain their point of view.”
Two senior Israeli officials and an Israeli tech company executive told the newspaper that tougher restrictions have been placed on Israel's cybersecurity industry in order to prevent further blacklisting, including a restriction on the number of countries to which the companies can sell their spyware. This has led to severe financial consequences and sent three companies into bankruptcy.
The Israeli Globes business daily reported in April that the Defense Ministry has been making it extremely difficult for spyware companies to sell software abroad, even canceling existing permits before they expire.
Amid the controversy surrounding NSO and other firms, Tal Dilian, who spent 24 years in the IDF in an elite combat unit and as chief commander in the technological unit of the IDF's Intelligence Directorate, began founding spyware companies in Cyprus and Greece, including a company called Circles that eventually merged with the NSO Group.
Three people who were senior officers in the Intelligence Directorate told the Times, the Dilian was forced to retire from the IDF in 2003 after an internal investigation raised suspicions that he had been involved in funds mismanagement.
In 2019, Cyprus police began investigating Dilian after he spoke to Forbes about a surveillance van he was testing in the island nation as part of a company he owned called WiSpear. The spy van, a converted GMC ambulance equipped with millions of dollars of surveillance equipment, could access any phone with a 1-kilometer radius and read their WhatsApp messages, Facebook chats, texts, contacts and more from the phone.
The tech in the van can also recognize your face wherever you travel, listen in on your calls, and locate all the phones in an entire country within minutes, according to Dilian, adding that every 15 minutes, he can know where you are.
Dilian also founded Intellexa in Greece, which aims to provide what Dilian called "the good guys" with the ability to hack and spy on encrypted communications.
"We are here. We will build beautiful systems that will work for the benefit of the good guys and the universe. And we need to say it, and I don't think we need to hide it," said Dilian to Forbes, attempting to ease fears about the risks of such technology.
"We are not the policemen of the world, and we are not the judges of the world. We work with the good guys. And sometimes the good guys don’t behave."
Israeli spyware mogul Tal Dilian
Dilian added that the companies that provide this tech can't be held responsible for abuses. "We are not the policemen of the world, and we are not the judges of the world. We work with the good guys. And sometimes the good guys don’t behave."
Intellexa's central spyware product is Predator, which infects a phone after the targeted user clicks on a link. The spyware uses carefully crafted, personalized instant messages with the infected links to pages mimicking established websites.
At least eight Israelis were hired by Intellexa, according to the Times. The Predator spyware has been used in Armenia, Egypt, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, Serbia, Colombia, Ivory Coast, Vietnam, the Philippines and Germany.
A journalist and two politicians in Greece reported this year that they discovered Predator was used to hack their phones. The three have filed lawsuits on the matter.
Intellexa also attempted to sell the software to Ukraine in 2021, although Ukraine decided not to purchase it. The Times published the full proposal the company sent to Ukraine on Thursday. The entire suite of spyware would have cost Ukraine about $14,300,000 (NIS 49,200,000), according to the document.
Eshel told the Times that the Defense Ministry has little power over Dilian or any other Israeli who sets up businesses outside Israel “It certainly disturbs me that a veteran of our intelligence and cyber units, who employs other former senior officials, operates around the world without any oversight.