How do you build the next $1 billion unicorn start-up in the hacking industry? One group of spy technology entrepreneurs says it’s found the answer.
Centered in the Middle East and with connections around the world, a largely hidden multibillion-dollar economy focuses on one specific task: Hacking into iPhones, breaking wifi security, as well as eavesdropping on conversations and data chosen by governments willing to pay a premium for access to everything connected to the internet.
The spy tech industry’s most famous company, widely known as NSO Group but now renamed Q Cyber Technologies, sells hacking tools to governments on every continent with little apparent oversight and targets ranging from drug cartels and terrorists to journalists and human rights activists.
As in every lucrative business, competition is heating up.
A host of nascent hacking firms, some with roots within NSO Group itself, plan next week to formally announce a close business alliance known as Intellexa with the goal of building a “one-stop-shop” for quick and effective hacking of any target no matter the circumstance. The ambition is to sell powerful hacking tools targeting virtually everything on the internet, a product line that can compete with the likes of NSO Group and firms like Verint, a billion-dollar company with a global interception and surveillance empires.
On Thursday, NSO Group was sold for $1 billion from the American private equity firm Francisco Partners back to the company’s founders Shalev Hulio and Omri Lavie along with European private equity firm Novalpina Capital. The company reported dozens of customers adding up to revenue of $250 million in 2018.
Inside Intellexa itself, the new deal is being compared to the Star Alliance, a partnership between 27 airline companies allowing each company to have global reach through the alliance, according to Tal Dilian, one of the founding members of the Intellexa alliance. Intellexa’s member companies hope to bring to market offerings that will provide the world’s governments increased ability to target anyone they choose.
Silicon Valley tech titans have long taken close notice of the rising industry and are devoting increasing money and resources to understanding and, they hope, beating the well-resourced adversaries and their government customers. Inside the tech industry, the view is that companies like NSO Group or Intellexa endanger Silicon Valley’s already rotting reputation, put users at risk, lack real global oversight, and often sell their wares to despots and dictators. Several security officials from Silicon Valley companies spoke to Gizmodo about the issue but none were authorized to speak publicly.
“The industry has realized that all of these guys are a pretty big threat and nation-states are turning more toward using these private industry third-party hacking solutions than rolling out their own program from scratch,” said Cooper Quintin, a technologist at the Electronic Frontier Foundation. “It’s often cheaper and it makes attribution harder. If these guys get caught, you might be able to say this is Intellexa malware, but you’ll have a much harder time figuring out which country paid Intellexa for that malware.”
Quintin warns that the offensive hacking industry has exploded in recent years, thus further endangering those who may be targeted by their wares. “We can see this from the number of countries getting into the game,” he said. “It’s growing and getting cheaper.”
The last five years have seen an unprecedented spotlight thrown on this industry including a mountain of critical articles. If you think that’s hamstrung the businesses, however, you’re mistaken. The last five years have been good for the “interception” industry, Dilian said, and even the negative press drastically raises awareness for the latest hacking tools on the market and can act as a global advertisement. He estimates it’s now a $3 billion per year industry and growing.
“It goes to show there is commoditization of these hacking tools,” said Michael Flossman, head of threat intelligence at the security company Lookout. “It’s quite easy for buyers, regardless of financial constraints or technical sophistication to buy into this space, either through vendors offering tools or groups internally developing these tools themselves.”
Intellexa’s marketing boasts of its ability to intercept 2G, 3G, 4G and wifi communications. The companies within the alliance provide both remote stationery and close-proximity mobile systems ranging from vehicles to backpacks or specially equipped drones and helicopters.
“Intellexa will provide law enforcement and intelligence agencies with an end-to-end intelligence solution, including a premium field intelligence collection platform as well as robust remote collection and analysis systems,” the group’s marketing material, included below, reads.
Publicly, the Intellexa partnership is made up of Nexa Technologies, WiSpear, and Cytrox. The alliance also includes five other non-public partners, according to Dilian.
WiSpear is a wifi interception firm founded by Dilian who previously worked on Circles, a telecom-interception firm that was acquired by NSO Group. WiSpear recently acquired Cytrox, a European firm specializing in developing exploits that can break into devices used by a target.
The alliance also includes Nexa Technologies, a French firm previously known as Amesys, that’s been under investigation for sales of surveillance technology to the military dictatorship in Egypt. One of the original players in this industry, Amesys was named one of the world’s “Enemies of the Internet” in a 2013 report from Reporters Without Borders. They’re perhaps most famous for selling packet monitoring software to Libyan dictator Muammar Gaddafi, who was killed in 2011.
Intellexa operates offices in Tel Aviv, Paris, Dubai, and Jakarta in order to give close geographic support to the alliance companies’ existing customers. The group also has current customers in Latin America and hopes to establish an office there soon.
“Our immediate goal is to become a one-stop-shop for all of our customers’ field intelligence collection needs,” Dilian said.
Intellexa will be first announced at IDEX, a military industry conference in Abu Dhabi famous as an event for buying and selling cutting-edge hacking tools. The Persian Gulf region is currently the world’s foremost hotbed for the hacking market, Dilian told Gizmodo, largely because Asian and African governments feel comfortable purchasing these tools in that region. Critics say it’s an environment that offers little legal or ethical oversight of their growing business.
“I think there is growing awareness that these companies exist and [of what] their capabilities are exactly,” EFF’s Quintin said. “Whereas companies like NSO Group or DarkMatter are providing very high-end services, what you’ll see is a medium to low-end range of companies come on the market as well that can cater to countries that don’t have as big a budget for these operations.”
The industry has a global reach but is most successful in key areas like the Middle East, Africa, and some particularly tumultuous areas of Latin America.
“We see a lot of comparisons to areas with kinetic warfare,” Lookout’s Flossman said. “The Middle East is a really good example of that. Volatility in the physical world bleeds over into the digital world and increases demands for these kinds of hacking tools.”
Dilian strongly disputes the hacking industry’s dark reputation, saying they are the people giving governments the necessary modern tools to defend against criminals and terrorists. He repeatedly told Gizmodo that his company and the industry are “the good guys” due to their work with law enforcement and intelligence agencies.
Dilian knows, however, that there is a growing chorus of critics including EFF’s Quintin.
“The problem with these companies is that they don’t seem to care whether the governments they’re selling to are acting within the rule of law or within international human rights norms,” Quintin said. “It’s extremely problematic. It is on these companies to make sure they’re not selling these technologies to countries that will use them to commit torture or kidnap people. It’s important the companies know who they’re selling to and what we’ve seen is these countries selling to countries that are extreme violators of human rights like Gaddafi. That doesn’t seem like it’s going to stop. They’re still willing to sell to anyone.”
If you have an inside perspective on the interception industry, intelligence, or Silicon Valley, Gizmodo would like to know more: Email email@example.com or use Signal to message +1-650-488-7247.