The Biden administration announced Monday that six new countries have joined the international coalition to combat the spread of commercial spyware sold by companies such as NSO Group and Intellexa.
Now, some investors are announcing that they are going all in on the fight against spyware. But at least one of those investors, Paladin Capital Group, had previously invested in companies that developed malware, according to leaked slide decks dated 2021 obtained by TechCrunch. He previously told TechCrunch that he “exited” the company at some point.
In recent years, the U.S. government has led efforts to limit, or at least curb, the use of spyware around the world by blocklisting surveillance technology manufacturers such as NSO Group, Candiru, and Intellexa and imposing export restrictions on spyware. I've been doing it. Visa restrictions for those companies and industry personnel. Recently, the government has imposed direct economic sanctions not only on companies, but also on the executives who founded Intellexa. These actions have also alarmed other players in the spyware industry.
In a Monday call with reporters attended by TechCrunch, Biden administration officials said Paladin representatives were working with national governments for meetings at the White House on March 7 and the Democracy Summit in Seoul this week. He said he attended a meeting where Discuss spyware.
Paladin, one of the largest investors in cybersecurity startups, and several other venture firms have announced a set of voluntary investment principles that support the defense, national security, and defense of free and open societies. , said it would invest in companies that “strengthen its foreign policy interests.” ”
“For us, it's important to explain to investors that we understand that investments should not go to companies that contract to sell products or sell to customers that may undermine a free and fair society. was an important first step,” a senior government official said. Journalists agreed not to name the officials on the call.
Listening to these investors, you'd think spyware wouldn't exist in a free and open society.
In an interview with TechCrunch, Paladin founder and managing partner Michael Steed explained the company's thought process when considering investments in cybersecurity companies. “Can this technology be used in the commercial spyware space?” he asked rhetorically. “We look at these technologies from the perspective of protecting the economic, national security, and foreign policy interests of a free and open society.”
However, Paladin has previously invested in Boldend, a lesser-known offensive cybersecurity startup founded in 2017 and based in California.
Among several other products, Boldend claims to have developed an “all-in-one malware platform” called Origen, which “makes it easy to create any malware on any platform,” according to leaked slide decks. It means.
Ballend touted Origen as being able to “automate every conceivable attack” on Windows, Linux, Mac, and Android devices, and informally described Origen as a “device management tool.” In another slide, Ballend said Origen's future goal is to perform “automated compromise, horizontalization, and forensic takedown.”
In other words, this is Boldend's platform for hacking into someone's device and extracting data.
Contact Us Want to know more about Boldend? Or spyware providers? Securely contact Lorenzo Franceschi-Bicchierai from your non-work device on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb or by email You can contact. You can also contact TechCrunch via SecureDrop.
Steed said Paladin would no longer invest in the ball end, but did not say why. Steed did not respond to follow-up questions seeking to clarify how the relationship between Paladin and Ball End ended.
“It didn't work out the way we wanted it to. So we were able to get out of there,” Steed told TechCrunch.
Ballend did not respond to a request for comment. His website for the startup is barebones, with little information about what the company does. When contacted by TechCrunch in October 2023, Mike Barry, a member of Boldend's board of directors and currently listed on LinkedIn as the company's CEO, said the startup was “very much alive.” said.
In leaked slide decks, Ballend claims to have sold its “cyber weapons and expertise” to Raytheon, Novetta, FEDDATA, the Department of Defense, the U.S. Cyber Command, and the broader intelligence community. . Ballend also said it has received funding from Peter Thiel's giant venture capital firm Founders Fund and Gra Tech Adventures.
The leaked slides provide an overview of several different products. Apart from Origen, there is his Kevlar, an automated platform for analyzing implants. Hedgemaze, an obfuscated traffic routing platform for managing your infrastructure. Cricket is a portable hardware platform that launches Wi-Fi-based attacks.
Ballend said in the slide that it wants to develop software for “full turnkey cyber operations,” including offensive cyber capabilities, electronic warfare, and signals intelligence. A hacking service licensed by the US government. The AI platform will “dynamically identify and leverage online personas to perform a variety of intelligence tasks while maintaining forensic integrity,” including the creation and dissemination of “fake news articles using social media.” “We don't just build, we build infrastructure.”
In one of the slides, Boldend claims to have developed a tool for “remote access to all WhatsApp on any Android.” It took a year to develop that feature, but it “stopped working due to an update.” The New York Times first reported on Bolend's creation of his WhatsApp exploit.
Gula Tech, which invested in Boldend, also signed on to the principles and commitments published by Paladin. Ron Gula, president and co-founder of Gula Tech, declined to comment for this article.
Gula Tech and Paladin's investment in Boldend, essentially a U.S.-based exploit and hacking software maker, and both investment firms' commitment not to invest in spyware companies may seem contradictory. But the investor pledge leaves open the door to invest in specific companies that serve the interests of the United States and a “free and open society.”
Exactly how far do these principles apply in relation to other countries that are close allies of the United States but have a history of potential human rights abuses? Does this mean that we will not invest in companies that have Steed would not respond directly.
“If you talk to Israel, if you talk to Saudi Arabia, they'll say they're a free and open society and they're allies of the United States. We're still very careful. Whether it's Israel or Saudi Arabia. We are very cautious about what we invest in, whether it's France or Germany,” Steed said. “This is to ensure that there are no violations of the concept of a free and open society.”
Only investors seem to know what a free and open society means and where its red lines lie.