Secretive Israeli Cyber Firm Selling Spy-tech to Saudi Arabia

There’s no sign on the door, no logo indicating that this office is home to a cyber company carrying out online offensives. But if you made it to the 19th floor of this nondescript office building in Ramat Gan, you either know where you’re going or you’re in the wrong place and are unwelcome. Even couriers are not allowed inside and there’s a special box where food ordered by workers can be placed and picked up by those who are allowed inside.

Welcome to the offices of Quadream. Searching for the name of the Israeli cyber firm online yields little to no results. A few paywalled reports link its name to other reports from Ghana but not much else.

Quadream is an offensive cyber company focused on breaking into and hacking mobile phones. They provide technological solutions to those who want to extract data from smartphones and even allow their clients to turn those phones into remotely operated spying devices that track their unwitting owners.

Israel is the world leader in such technologies, and it is the main exporter of such services - with clientele not always coming from the most democratic of countries.

Among Quadream’s clients are law enforcement agencies from a number of legitimate countries, a source says, “but there are also others.” Haaretz has discovered that the firm provided its services to one of the most oppressive and least democratic regimes in the Middle East: Saudi Arabia.

According to foreign reports, Quadream is not the only Israeli company active in Saudi Arabia. NSO, the controversial hackers-for-hire firm, has also reportedly done business with the Saudis and seemingly provides a similar service. Why would the Saudis need both?

Quadream was set up in 2016 by three Israelis. Two founders provide the technological side: Guy Geva and Nimrod Reznik. Both men worked in the cyber industry prior to setting up Quadream. The third founder has a different background: Ilan Dabelstien who for years served as a senior official in Israel’s military intelligence. The company’s CEO is a man called Avi Rabinovtich.

• A Shady Israeli Intel Genius, His Cyber-spy Van and Million-dollar Deals
• Israel's Cyber-spy Industry Helps Dictators Hunt Dissidents and Gays
• Cyprus, Cyberspies and the Dark Side of Israeli Intel

Export oversight

A sales deck intended for potential clients and obtained by Haaretz reveals that Quadream uses a Cyprus-based company called InReach to sell its services abroad. InReach is a stockholder in Quadrum. According to the deck, the main hacking tool - the virus that actually infects target phones, called Reign - belongs to InReach itself.

Reign, the InReach deck claims, has zero-click capabilities for iPhones. This means that it can infect a phone without the owner having to even click on a single link, as malicious software usually requires. Most mobile devices that run on Android can be hacked by Reign too, the deck continues, but these do require the owner to click on a link of some sorts.

According to the deck, once infected with Reign, the software can extract any form of data from the phone. For example, according to InReach’s sales presentation, Reign can lift any document or data stored on the phone, including photos, videos, emails, WhatsApp messages or those belonging to other messaging apps like Telegram. However, that’s not all: it can also operate the camera remotely, as well as eavesdrop through the phone’s microphone or turn on its GPS system to track the owner.

The use of a Cypriot company as its front sales office may have regulatory consequences. Israeli cyber companies are subjected to the oversight of Israel’s defense export regulator. But this does not apply to a Cypriot entity. The Defense Ministry did not respond to Haaretz’s questions regarding the oversight of Quadream and InReach. Quadream also did not respond.

The point of Israel’s defense expert oversight is to prevent Israeli tech from falling into the wrong hands - specifically those involved in terrorism. It is also supposed to make sure the that Israeli tech is not used for illegal purposes and is limited to legal efforts to fight terrorism and crime - and not for example political persecution.

Between MBS & NSO

Jamal Khashoggi was murdered inside the Saudi embassy in Istanbul in 2018. His assassination was the peak of a process that began two years prior when Mohammed bin Salman was named crown prince of Saudi Arabia and began cracking down on those opposed to his growing power within the kingdom, famously locking other royals in the Ritz in Riyadh.

According to Citizen Lab, NSO has worked with the Saudis and its tech may have even played a role in tracking Khashoggi. NSO has vehemently denied the report.

Quadream, Haaretz has learned, has worked with the Saudi regime since 2019 and therefore their technology it seems has nothing to do with the Khashoggi case. However, it does beg the question as to why MBS would need such a similar service and for what end.

Quadream, Haaretz has learned, has worked with the Saudi regime since 2019 and therefore their technology has nothing to do with the Khashoggi case. On the other hand, Quadream began providing hacking capabilities to MBS's Saudi Arabia after the ruthless nature of his regime towards its political rivals was well known. The question remains, why would the Saudis need what seems like a very similar service from two different providers?

A source that is knowledgeable about Quadream says that unlike NSO, which does face oversight, InReach’s technology cannot be remotely turned off. NSO like many others have the ability to kill their software in cases when it is abused and its terms of use are infringed. Quadream does not have such an ability. This difference may be key to explaining why MBS’ regime also wanted to use Quadream.

The sales deck, which was recently pitched to a foriegn government, does not note that InReach can be remotely shut off. Though it should be noted that the presentation does repeatedly stress the technology should only be used for lawful purposes and by law enforcement.

An additional explanation, according to industry sources, is that alongside some differences in their capabilities, Quadream’s services are generally cheaper than those provided by NSO.

“The thing with hacking into mobile phones is that at any moment the services can disconnect. There is no one who can provide a service that is 100 percent and most products out there today are nowhere near that number,” a source in the cyber industry said.

“All it takes is for the target to update their phone’s operating system and [the hack] is disconnected. Therefore, you need people on call around the clock who can spring into action and hack into the phone again a few hours after the new operating system is launched.

“Those who buy expensive services know they have 24-hour support from the most expensive workers in the market so that only a minimum amount of time passes between the disconnect and the new connection. If you are targeting people who are not that sensitive and you can allow yourself to lose track of them for a few hours or even days, then in that case you may prefer a cheaper service.”

14 men in Ghana

In September 2020, reports from Ghana said that 14 Israelis from the cyber industry arrived in the country. Some of them were from Quadream and, according to the reports, they were there at the invitation of the country’s President Nana Akufo-Addo who reportedly had a project for them.

The leader was heading into a reelection scheduled for December 2020 that he eventually won.

Haaretz has confirmed two key aspects of the report: Firstly, staff from Quadream did arrive in Ghana at that time and secondly, Quadream has worked for the Ghanian government. However, Haaretz did not confirm for what end they were in the country or what was the project they were involved in.

Haaretz also confirmed that Quadream pitched its services to an official agency in Indonesia.

Quadream declined to comment on this report.