The New Normal; Jacob and the Beast, ‘Spies-R-Us’; Cellphone Hacking and Millions in Gulf Deals: Inner Workings of Top Secret Israeli Cyberattack Firm Revealed. A company of 150 (5+5+5) employees. Company logo is ‘the dragon.’ $360 million (6×6) in contracts. Opportunities in 60 (6) countries.
Leaked documents confirm that Candiru does not just operate spyware for computers but also has operational mobile spytech. Here’s what we know about the cyberattack firm offering ‘untraceable’ mic and camera manipulation
Haaretz, September 7, 2020
It has no website, its workers must sign stringent nondisclosure agreements and they do not even update their LinkedIn profiles with their place of employment. That’s how Candiru, one of Israel’s most mysterious cyber warfare companies, operates. But leaked documents obtained by TheMarker, Haaretz’s sister publication, and court filings made as part of a labor dispute between the company and a former senior employee reveal some details about it and provide a rare glimpse into their secret operations.
Offensive cyber is a big business in Israel, with industry sources saying it generates about $1 billion in sales a year. The biggest and most controversial of the players is NSO, which has been cited repeatedly for selling its equipment to countries like Saudi Arabia and Mexico that have used them to spy and crack down on dissidents.
NSO’s specialty is hacking smartphones. Up till now, little was known about Candiru. TheMarker has revealed that the firm offers hacking tools used to break into computers and servers, and now, for the first time, has confirmed it also has technology for breaking into mobile devices.
According to a document signed by an unnamed vice president for Candiru, they also offer a “high-end cyber intelligence platform dedicated to infiltrate PC computers, networks, mobile handsets, by using explosions and disseminations operations.”
The system, the document explains, enables “effective and scalable cyber intelligence operations covertly within individual [mobile devices]. Proprietary infligtation agents are silently deployed into target PCs or mobile handsets with minimal requirements of target interaction.”
“Once deployed”, the company boasts, “the untraceable agents immediately identify and map networks the target is connected to.” In tandem, the system “initiate[s] undetected data exfiltration tasks, throughout manipulation and control of device harward and local programs” – these include social media accounts, communication programs or apps and the phone or computer’s microphone or camera.
Boasting three different modes – PC/Windows, iOX (iPhone) and Android – the document says that, “Due to the sensitive and strategic nature of cyber intelligence operations the system is designed as an off-the-shelf product, deployable as a stand-alone platform.” Candiru claims the service can operate around the globe, but notes that it cannot be deployed in the U.S., Israel, Russia and China. NSO – which offers a similar service – includes a similar caveat.
The document is the first confirmation that much like its competitor NSO, the spyware company has not only finished developing spytech focused on mobile phones, but also that this technology is now operational and already up for sale.
Candiru was founded in 2015 by Eran Shorer and Yaakov Weizman. The largest shareholder in Isaac Zack, who has been its chairman since the beginning and was also a founding funder of NSO. The company has moved offices frequently and is now located on Ha’arba’a Street in Tel Aviv. It has also changed names several times. It started out as Candiru, then became D.F. Associates, then morphed into Greenwick Solutions. Over the past year it’s also been called Tabatha Ltd., and now it’s known as Saito Tech, Ltd. But everyone in the industry still refers to it as Candiru.
The company helps law enforcement and intelligence agencies in various countries hack into computer systems without permission, to conduct surveillance, steal information and even cause damage. But what the company actually does remains largely a riddle. However, a lawsuit filed by a former employee sheds light on some of their operations, which it seems the firm would prefer be kept in the dark.
The name of the senior employee can be found online, but we will call him S. He was vice president of sales for Candiru between November 2015 and December 2018. The lawsuit, which he filed through attorney Tomer Hadas and Maayan Weiss Levi from the Holin-Hadas law firm, centers on financial compensation he feels are coming to him, as well damages for aggravation caused to him by what he claims is humiliating treatment and a dismissal process that he says was improperly conducted.
The little evidence there is indicates that Candiru’s specialty is hacking computers, but the court documents reveal Candiru began developing a solution for cellular attacks as an alternative to its regular services.
“In 2017, (year MbS became ‘Crown Prince’) the defendant’s senior management decided to develop a line of new products, include cyber capabilities in the world of cellular phones. Until then, the defendant had dealt with the cyber field and computers alone.,” S.’s attorneys wrote. “However, for some reason, in early 2018, Zack, for reasons known only to him, ordered a halt to the sale and marketing of these products.”
Candiru’s attorneys, however, describe the company as solely computer-focused: “The company has a product that collects intelligence from computer networks, which it has started to market to government agencies.”
Code name Sphinx
According to the lawsuit, when S. joined the company at the end of 2015, the company had only 12 employees. It then states that by “the end of 2018,” it had 70 employees. How many does it have now? One of the announcements documented in the lawsuit speaks of “a company of 150 employees.”
According to the suit, during its first year of existence Candiru had no clients but was in the midst of two different negotiations. However, S. claims that, “By the beginning of 2016 the defendant has a large number of deals in the advanced stage with clients in Europe, the former Soviet Union, the Persian Gulf, Asia and Latin America. The results showed impressive sales of $10 million in 2016.”
Later on, S. argues, “In 2017 the defendant had sales of nearly $30 million throughout the world, to clients in the Persian Gulf, Western Europe, the Far East and more.”
One of the lines of defense offered by offensive cyber companies is that they sell their services only to democratic regimes. According to this lawsuit, this is not the case with Candiru, since there are no democratic countries in the Persian Gulf, nor are most of the former Soviet countries democratic.
These quotes also reveal information on Candiru’s revenues: agreements worth $30 million as of 2017. But it’s reasonable to assume that these were multiyear agreements, as one can discern from another part of the lawsuit, in which S. demands the bonus coming to him as vice president of sales – 1 percent of the company’s revenues. Based on his calculation, company revenues in 2018 were 65 million shekels (around $20 million).
But S. is also insisting on his share of deals, “For which payment was not yet received by the defendant as of the date of termination.” He attaches a fascinating appendix that ostensibly details the company’s entire stream of future transactions. The projects are given code names – Sphinx, Tiger, Ukulele, Otron1, Oltron2, Pointer1, Pointer2 and so on – a total of $367 million in deals (apparently over several years). The scope of the projects range from half a million dollars to $20 million. The lawsuit also reveals that Candiru conducts negotiations at various levels in dozens of countries. “The extent of the sales activity included all the world’s continents [that is, including Africa] and opportunities in more than 60 countries,” it states.
The legal dispute sheds light on another significant component of the offensive cyber market – the innards of the industry – the use of “agents” in the target countries. These are intermediaries who live in the target countries who help complete the deals and get commissions.
The legal action reveals that the commission paid to such agents is 15 percent, at least that’s what Candiru pays. It’s no small sum when taking into account the size of their different deals, at times worth millions of dollars.
According to Candiru, “To uphold the strict regulations that apply to it with regard to everything connected to engaging agents, the company set up an agents committee whose job is to approve all agents in advance before they are engaged, and to set the commission to be paid to him. Zack serves as chairman of the company’s agents committee and signing an agreement with an agent who hasn’t been approved in advance by the committee is forbidden.” The lawsuit argues that S. signed up agents “and engaged them without their being approved as required.”
Candiru argues that S. undermined these rules, set up to prevent bribery and corruption, an especially sensitive issue for weapons and cyberattack firms that are also subject to international conventions, and which has led to trouble for other big firms in the past.
Candiru, through its attorneys, complained that S. has revealed secret security information in his lawsuit, which is why it’s demanding the court conduct its hearings behind closed doors, “And order the secret information be stored in the court’s safe in a closed envelope, and that all secret information be removed the court system’s [public online system].”
A merger with NSO?
In addition to “problems with the product and its lack of technological readiness for the market,” as plaintiff’s attorneys put it, S. also claims a problem of conflict of interests at Candiru. “Even in 2017, […] substantial difficulties stemmed from the intervention of the controlling shareholder, Zack, intervention that bordered on a serious conflict of interest that went against the financial interest of the [company].
What conflict of interest might this be? It’s possible that the plaintiff is arguing that Zack has a conflict of interest because he holds a cyber offense company on the one hand (Candiru), while on the other hand is invested in several cyber defense firms.
In the past, Zack (through the Founders Investment Fund) held shares in NSO, and coincidentally, the law firm that represents NSO, Erdinast, Ben Nathen Toledano, & Co., also represents Candiru.
In July we revealed that in December 2019, several companies had invested in Candiru, foremost among them Universal Motors. Universal invested $9 million in Candiru in exchange for 10 percent of the company. The importer thus replaced another shareholder who wanted to get out of the company – venture capitalist Eli Wartman. The deal sets Candiru’s value at $90 million – not a high value for a high-tech company, let alone one that deals in cyber offense.
Candiru’s future is unclear but based on cautious market estimates, at a certain point it will likely merge with NSO, either through a direct purchase by NSO or through Novalpina Capital, a private equity firm that controls NSO. These two cyber firms have complementary capabilities – one specializes in mobile phones (NSO) while the other in computers, so there would be logic to such a merger. In any case, if such a deal should go through, we will presumably see it through UMI’s public holdings in Candiru shares.
Candiru refused to respond for this article
Night Watchman Note; We are to ‘be watchful’ in helping to understand today’s events as related to biblical prophecy. That is what ‘watchmen or women’ do. Jesus made clear that when He actually does come for His disciples, His wise and faithful servants would be aware of the time because they would be watching. They would know the season of the times by WATCHING those things ‘coming to pass or occurring’ as Jesus said they would. The ‘BENCHMARK SIGN(s)’ always point towards Israel / Jacob. God’s prophetic timepiece. The FALSE PEACE COVENANT confirmed by the Prince/Beast among MENA (the many) is the ‘key sign’ of the times or the season of the times. Yes, we are in that period. The Prince/Beast will likely confirm and enhance the current ‘normalization’ agreement with Jacob to be a ‘peace’ agreement, to be extended to 7 years from the current 5 years, to include some agreement permitting the rebuilding of the third temple in exchange for ‘some portion of Jerusalem.’ The current ‘investment’ period for the Palestinians stands at five (5) years. This will likely occur AFTER the Bride, Disciples or True Church is removed from the earth via the Rapture / Harpazo / Redemption / ‘Twinkling’.
Seven (7) References to ‘BE WATCHING or WATCHFUL.’
Matthew 24:42; Watch therefore: for ye know not what hour your Lord doth come.
Matthew 25:13; Watch therefore, for ye know neither the day nor the hour wherein the Son of man cometh.
Mark 13:35; Watch ye therefore: for ye know not when the master of the house cometh, at even, or at midnight, or at the cockcrowing, or in the morning.
Luke 21:36; Watch ye therefore, and pray always, that ye may be accounted worthy to escape all these things that shall come to pass, and to stand before the Son of man
Luke 12:37-39; Blessed are those servants, whom the lord when he cometh shall find watching: verily I say unto you, that he shall gird himself, and make them to sit down to meat, and will come forth and serve them.And if he shall come in the second watch, or come in the third watch, and find them so, blessed are those servants.And this know, that if the goodman of the house had known what hour the thief would come, he would have watched, and not have suffered his house to be broken through.
1 Thessalonians 5:2-4; For yourselves know perfectly that the day of the Lord so cometh as a thief in the night. For when they shall say, Peace and safety; then sudden destruction cometh upon them, as travail upon a woman with child; and they shall not escape. But ye, brethren, are not in darkness, that that day should overtake you as a thief. (Be Watching).
John 13:19 Now I tell you before it come, that, when it is come to pass, ye may believe that I am he.
John 14:29 And now I have told you before it come to pass, that, when it is come to pass, ye might believe.
Luke 21:31 So likewise ye, when ye see these things come to pass, know ye that the kingdom of God is nigh at hand.
Mark 13:29 So ye in like manner, when ye shall see these things come to pass, know that it is nigh, even at the doors.
Luke 21:28 And when these things begin to come to pass, then look up, and lift up your heads; for your redemption draweth nigh.
Revelation 1:1 The Revelation of Jesus Christ, which God gave unto him, to shew unto his servants things which must shortly come to pass; and he sent and signified it by his angel unto his servant John:
‘Increasing Like Labor Pains.’ ‘Fearful Sights.’ ‘Perilous Times.’ ‘Men’s hearts failing with fear.’ Great Convergence of Signs.’ REDEMPTION IMMINENT.
In His Service,
Night Watchman Ministries
Make Your Decision for Christ NOW!!!!!!! Time is Up!!!!!!!
Jesus Christ’s Offer of Salvation:
The ABCs of Salvation through Jesus Christ (the Lamb)
A. Admit/Acknowledge/Accept that you are sinner. Ask God’s forgiveness and repent of your sins.
. . . “For all have sinned, and come short of the glory of God.” (Romans 3:23).
. . . “As it is written, There is none righteous, no, not one.” (Romans 3:10).
. . . “If we say that we have no sin, we deceive ourselves, and the truth is not in us.” (1 John 1:8).
B. Believe Jesus is Lord. Believe that Jesus Christ is who He claimed to be; that He was both fully God and fully man and that we are saved through His death, burial, and resurrection. Put your trust in Him as your only hope of salvation. Become a son or daughter of God by receiving Christ.
. . . “That whosoever believeth in him should not perish, but have eternal life. For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life. For God sent not his son into the world to condemn the world; but that the world through him might be saved. (John 3:15-17). For whosoever shall call upon the name of the Lord shall be saved.” (Romans 10:13).
C. Call upon His name, Confess with your heart and with your lips that Jesus is your Lord and Savior.
. . . “That if thou shalt confess with thy mouth the Lord Jesus, and shalt believe in thine heart that God hath raised him from the dead, thou shalt be saved. For with the heart man believeth unto righteousness; and with the mouth confession is made unto salvation.” (Romans 10:9-10).
. . . “If we say that we have no sin, we deceive ourselves, and the truth is not in us. If we confess our sins, he is faithful and just to forgive us our sins, and to cleanse us from all unrighteousness. If we say that we have not sinned, we make him a liar, and his word is not in us.” (John 1:8-10).
. . . “And he is the propitiation for our sins: and not for ours only, but also for the sins of the whole world. (John 2:2).
. . . “In this was manifested the love of god toward us, because that God sent his only begotten Son into the world, that we might live through him. And we have seen and do testify that the Father sent the Son to be the Saviour of the world. Whosoever shall confess that Jesus is the Son of God, God dwelleth in him, and he in God.” (1 John 4:9, 14-15).
. . . “But God commendeth his love toward us, in that, while we were yet sinners, Christ died for us. Much more then, being now justified by his blood, we shall be saved from wrath through him. For if, when we were enemies, we were reconciled to God by the death of his Son, much more, being reconciled, we shall be saved by his life.” (Romans 5:8-10).
. . . “For the wages of sin is death; but the gift of God is eternal life through Jesus Christ our Lord.” (Romans 6:23).
. . . “Jesus saith unto them, I am the way, the truth, and the life, no man cometh unto the Father, but by me.” (John 14:6).
. . . “For I am not ashamed of the gospel of Christ: for it is the power of God unto salvation to everyone that believeth.” (Romans 1:16).
. . . “Neither is there salvation in any other: for there is none other name under heaven given among men, whereby we must be saved.” (Acts: 4:12).
. . . “Who will have all men to be saved, and to come unto the knowledge of the truth for there is one God, and one mediator between God and men, the man Christ Jesus.” (1 Timothy 2:4-6).
. . . “For God did not appoint us to suffer wrath but to receive salvation through our Lord Jesus Christ.” (1 Thessalonians 5:9).
. . . “But as many as received him, to them gave the power to become the sons of God, even to them that believe on his name.” (John 1:12).
True Church / Bride of Christ Spared from God’s Wrath:
Romans 5:8-10. “But God commendeth his love toward us, in that, while we were yet sinners, Christ died for us. Much more then, being now justified by his blood, we shall be saved from wrath through him. For if, when we were enemies, we were reconciled to God by the death of his Son, much more, being reconciled, we shall be saved by his life.”
Romans 12:19. Dearly beloved, avenge not yourselves, but rather give place unto wrath: for it is written, Vengeance is mine; I will repay, saith the Lord.
1 Thessalonians 1:10. And to wait for his Son from heaven, whom he raised from the dead, even Jesus, which delivered us from the wrath to come.
1 Thessalonians 5:9. For God hath not appointed us to wrath, but to obtain salvation by our Lord Jesus Christ,
Romans 8:35. Who shall separate us from the love of Christ? shall tribulation, or distress, or persecution, or famine, or nakedness, or peril, or sword?
Jeremiah 30:7. Alas! for that day is great, so that none is like it: it is even the time of Jacob’s trouble, but he shall be saved out of it.
Revelation 3:10 Because thou hast kept the word of my patience, I also will keep thee from the hour of temptation, which shall come upon all the world, to try them that dwell upon the earth.