In the summer of 2019, when Paragon Solutions was building one of the world’s most powerful cyber weapons, the company made a prescient decision: Before courting a single client, it might as well put the Americans on its side.
The Israeli startup has seen local rival NSO Group, maker of the controversial Pegasus spyware, clash with the Biden administration and be blacklisted in the US. So Paragon sought guidance from top U.S. advisers, secured funding from U.S. venture capital groups, and eventually landed a big client that eschewed competition: the U.S. government.
Interviews with six industry figures about the two companies’ divergent paths highlight how the shadowy spyware industry is being reshaped around those who benefit U.S. interests.
The DEA is one of the largest customers of Paragon’s signature product, nicknamed Graphite, according to four of the people.
The malware stealthily breaches the protections of modern smartphones and evades the encryption of messaging apps like Signal or WhatsApp, sometimes harvesting data from cloud backups — as Pegasus did.
Paragon was established by Ehud Schneorson, a retired commander of Unit 8200, the Israeli Army’s elite signals intelligence unit. The company, whose board includes former Prime Minister Ehud Barak, has received investments from two U.S. venture capital firms, Battery Ventures and Red Dot, according to people familiar with the matter.
Paragon, Barak, Battery Ventures and Red Dot declined to comment.
In 2019, even before the work on Graphite was complete, Paragon hired Washington, D.C.-based WestExec Advisors, an influential advisory group of former Obama White House officials, on the advice of a retired senior Mossad official , including Michele Flournoy, avril haynes and Anthony Blinken. Former U.S. ambassador to Israel Dan Shapiro was also consulted, the people said. Shapiro declined to comment.
WestExec said it “advised Paragon on the development of its strategic approach to the US and European markets, as well as its industry-leading ethical commitment to ensure the appropriate use of its technology,” adding that it “advised us on these Proud to contribute to key areas.”
After the election of Democratic President Joe Biden in 2021, Blinken was named secretary of state, and Haynes is now the director of national intelligence. The lobbying firm said both had left WestExec by the time the Paragon contract was signed. Flournoy — once considered to lead the Defense Department — remains an influential voice in U.S. foreign affairs.
US endorsement, even if indirect, is central to Paragon’s strategy. The company sought a list of U.S. allies that have no objection to deploying Graphite. There are 35 countries on the list, the people said, but could not identify which countries were involved. Most are in the European Union and some in Asia, the people said.
“Everything they do is so that at the end of the day, America should see them as good people,” said a person familiar with the decisions.
This stands in stark contrast to NSO’s recent troubles. By 2019, with the help of regional diplomacy from Prime Minister Benjamin Netanyahu, NSO was a $1 billion company selling to Saudi Arabia, Mexico and dozens of other countries.
By the time the Biden administration took office, NSO’s lucrative clientele proved to be its Achilles’ heel, as many of those regimes continued to deploy multimillion-dollar weapons against journalists, dissidents and opposition leaders.
As evidence of abuse spread, such as the targeting of US diplomats in Uganda in 2021, NSO found itself targeted by the US government and the world’s largest tech companies. Apple and WhatsApp owner Meta are suing it.
“There is a growing consensus that this particular type of malware is so invasive and stealthy that its proliferation poses human rights risks and counterintelligence risks to the United States,” said Stephen Feldstein , who has studied the spread of spyware such as Pegasus and Graphite for the Carnegie Foundation.
For nearly a decade, the only restriction on some of the biggest spyware makers was Israeli export controls, which regulated malware like Pegasus as a weapon. Feldstein said Israeli officials “make decisions based on geopolitical solutions, not on human rights violations.”
Paragon’s founders, however, are more sensitive to the increasingly murky U.S. view of the proliferation of cyber weapons.
Paragon rejected a request from the Israeli government to replace Pegasus in the Saudi armory with Graphite after NSO’s malware was traced to the phone of a colleague of murdered Saudi columnist Jamal Khashoggi, according to two people familiar with the matter.
Paragon’s decision to walk away from a valuable Saudi contract ultimately paid off. Two other Israeli companies, Quadream and Candiru, which sold similar hacking capabilities to the Saudi government, were eliminated by Microsoft and rights group Citizen Lab after their malware was used on journalists and dissidents. Candiru was blacklisted along with NSO in November 2021. Quadream recently shut down operations, Israeli newspaper Calcalist reported.
The U.S. has stepped in to reshape the spyware market to support those who sell cyberweapons to the U.S. and its allies, while reining in those who sign lucrative contracts with authoritarian regimes.
President Biden signed a executive orderr Banned any U.S. agency in March from buying spyware that “poses a risk to national security or has been misused by foreign actors to commit human rights abuses worldwide.”
The language of the executive order was seen by experts as targeting the NSO, while opening up space for companies like Paragon to continue selling similar spyware, but only to the closest U.S. allies. The U.S. expectation — as yet unproven — is that friendly nations are less likely to abuse such weapons against civil society, or to spy on U.S. government officials deployed abroad.
“This really demonstrates that the United States considers many of these tools to be illegal,” said David Kaye, a U.N. free speech rapporteur who has spent years trying to hold NSO Group accountable for its clients’ misuse of its services. spyware. “If the proliferation of these tools is a national security issue, then this really changes the conversation from being a human rights issue.”
NSO said it “does not believe its inclusion (on the U.S. Department of Commerce blacklist) is justified,” adding: “It is ironic that other cyber intelligence firms that are not subject to the The state sells and the NSO refuses to sell (to).”
However, the DEA’s purchase of Graphite, reportedly only for its partners in Mexico to help fight drug cartels, has come under scrutiny. The DEA said it used: “all available legal investigative tools to go after foreign cartels and individuals operating around the world responsible for 107,735 drug poisoning deaths in the United States last year.”
Rep. Adam Schiff, chairman of the House Intelligence Committee, sent a letter to the DEA in December requesting more details about the purchase. Mexico was one of the worst abusers of NSO Pegasus, which was acquired nearly a decade ago.
“Such use (of spyware) could have potential implications for U.S. national security and is contrary to efforts to prevent the widespread spread of powerful surveillance capabilities to authoritarian regimes and others who might abuse them,” Schiff wrote.