An Israeli surveillance firm’s hacking technology has been used against journalists and opposition figures in at least ten countries around the world, a cybersecurity watchdog revealed on Tuesday.
QuaDream Ltd. software called REIGN grants users full surveillance capabilities over another person’s phone, including the ability to record calls, read messages and take photos by exploiting a security flaw in Apple iPhones, Citizen Lab writes in a new report.
QuaDream is a smaller competitor of Israel’s NSO Group, which was blacklisted by the US in 2021 for its ties to the illegal surveillance of government officials, journalists, dissidents and others often paid by authoritarian regimes.
REIGN’s “Premium Collection” capabilities included “real-time call recordings, camera activation — front and back,” and “microphone activation,” according to a company brochure uncovered by Citizen Lab.
The brochure said the cost for being able to launch 50 smartphone break-ins per year was $2.2 million, exclusive of maintenance costs. But two sources familiar with the software’s sales said the price for REIGN was typically higher, Citizen Lab found.
Citizen Lab identified QuaDream clients in Bulgaria, Czech Republic, Hungary, Ghana, Israel, Mexico, Romania, Singapore, United Arab Emirates and Uzbekistan.
“Once QuaDream infections become discoverable through technical methods, a predictable cast of victims emerged: civil society and journalists,” the Citizen Lab report stated, while not identifying those that were allegedly targeted.
— Reuters Asia (@ReutersAsia) February 3, 2022
In a separate report also published Tuesday, Microsoft said it believed with high confidence that the spyware found on several civil society activists’ phones was “strongly linked to QuaDream.”
Citizen Lab researcher Bill Marczak told The Wall Street Journal that QuaDream’s hacking technology is as sophisticated as NSO Group’s, though it took greater pains than the more well-known group to fudge its fingerprints from the devices targeted by its spyware.
QuaDream did not respond to requests for comment.
Reuters reported on the QuaDream technology last year, saying that the Israeli firm developed the hacking technique allowing clients to break into iPhones without the target needing to click any link in 2021 around the same time as NSO Group.
Three of the sources told Reuters at the time that NSO and QuaDream’s exploits were similar because they leveraged many of the same vulnerabilities hidden deep inside Apple’s instant messaging platform and used a comparable approach to plant malicious software on targeted devices, in order to gain unauthorized access to data.
The exploits were so similar that when Apple fixed the underlying flaws in September 2021 it rendered both NSO and QuaDream’s software ineffective, two people familiar with the matter told the news agency last year.
NSO says it sells its hacking software, Pegasus, only to governments for the purpose of fighting crime and terrorism, and all sales require approval from the Defense Ministry. While it says it has safeguards in place to prevent abuse, NSO says it has no control over how a client uses the product and no access to the data they collect. It says it has terminated several contracts due to the inappropriate use of Pegasus.
The company has been involved in numerous scandals in recent years and has faced a torrent of international criticism over allegations it helps governments, including dictatorships and authoritarian regimes, spy on dissidents and rights activists.
But unlike NSO, QuaDream has kept a lower profile despite serving some of the same government clients. A source familiar with the company told Reuters it has no website touting its business, and its employees have been told to keep any reference to their employer off social media.
QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and by two former NSO employees, Guy Geva and Nimrod Reznik, according to Israeli corporate records and two people familiar with the business, the report said.
QuaDream and NSO Group have employed some of the same engineering talent over the years, three people familiar with the matter said. However, in line with NSO’s spokesperson, two of those sources said the companies did not collaborate on their iPhone hacks, with each coming up with their own ways to take advantage of vulnerabilities.
One of QuaDream’s first clients was the Singaporean government, two of the sources claimed. Documentation reviewed by Reuters showed the company also pitched its software to the Indonesian government. It was not clear if Indonesia became a client, the report said.
Several of QuaDream’s buyers — including Saudi Arabia — have also overlapped with NSO’s, four of the sources were quoted as telling Reuters last year.
In 2021, it was reported that QuaDream began working with Saudi Arabia following the killing of dissident journalist Jamal Khashoggi. Riyadh reportedly lost its license for NSO’s Pegasus, after it was allegedly used in the lead-up to Khashoggi’s murder in 2018.