Investors’ pledge to fight spyware undercut by past investments in US malware maker
Reading Time: 3 minutesOn Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa.
In the last couple of years, the U.S. government has led an effort to limit or at least restrain the use of spyware across the world by putting surveillance tech makers like NSO Group, Candiru and Intellexa on blocklists, as well as imposing export controls on those companies and visa restrictions on people involved in the industry. More recently, the government has imposed economic sanctions not only on companies, but also directly on the executive who founded Intellexa. These actions have put others in the spyware industry on alert.
Paladin, one of the biggest investors in cybersecurity startups, and several other venture firms published a set of voluntary investment principles, noting that they would invest in companies that ‘enhance the defense, national security, and foreign policy interests of free and open societies.’
‘For us, it was an important first step in having an investor outline both recognition that investments should not be going towards companies that are undertaking selling products, and selling to clients that can undermine free and fair societies,’ the senior administration official said in the call, where journalists agreed not to quote the officials by name.
To hear some of these investors talk, you’d think that spyware has no place in a free and open society.
Yet, in the past, Paladin invested in Boldend, a little-known offensive cybersecurity startup founded in 2017 and based in California.
Among several other products, Boldend claims to have developed an ‘all-in-one malware platform’ called Origen, which ‘enables the easy creation of any piece of malware for any platform,’ according to the leaked slide deck.
Boldend advertised Origen as ‘capable of automating any conceivable attack’ against Windows, Linux, Mac and Android devices, describing Origen informally as a ‘device management tool.’ In another slide, Boldend said a future goal of Origen was to perform ‘automatic compromise, lateralization, and forensic removal.’
In other words, this is Boldend’s platform for hacking into and extracting data from someone’s device.
Steed said that Paladin no longer invests in Boldend, though he declined to explain why. Steed did not respond to follow-up questions attempting to clarify how Paladin’s relationship with Boldend ended.
In the leaked slide deck, Boldend claims to have sold its ‘cyber munitions and expertise’ to Raytheon, Novetta, FEDDATA, the Department of Defense, the U.S. Cyber Command and more broadly, the intelligence community. Boldend also said it got funding from Founders Fund, the massive venture capital firm led by Peter Thiel, and Gula Tech Adventures.
The leaked slides outline several different products. Apart from Origen, there’s Kevlar, an automated platform to analyze implants; Hedgemaze, an obfuscated traffic routing platform to manage infrastructure; and Cricket, a portable hardware platform to launch Wi-Fi-based attacks.
Boldend states in the slides that it hoped to develop software for ‘full turn-key cyber operations’ like offensive cyber capabilities, electronic warfare and signals intelligence; hack-back services sanctioned by the U.S. government; and an AI platform ‘to dynamically identify, exploit, build infrastructure, as well as create online personas to perform a variety of intelligence tasks while maintaining forensic integrity,’ including creating and diffusing ‘fake news story with social media.’
In one of the slides, Boldend claims that it developed tools to gain ‘remote access into all WhatsApp on all Android.’ And that it spent a year developing that capability, but it ‘got burned by an update.’ The New York Times first reported Boldend’s creation of the WhatsApp exploit.
Gula Tech, which also invested in Boldend, also signed the principles and commitments published by Paladin. Ron Gula, the president and co-founder of Gula Tech, declined to comment for this article.
Gula Tech and Paladin’s investment in Boldend — effectively a U.S.-based exploit and hacking software maker — and the two investment firms’ commitment to not invest in spyware companies might seem at odds. But the investors’ pledge leaves the door open for investing in certain companies, if they serve the interests of the United States, and ‘free and open societies.’
Exactly how far do those principles stretch as it relates to other countries that are close allies of the United States but with histories of potential human rights violations? Does that mean, for example, that Paladin wouldn’t invest in companies based in Saudi Arabia or Israeli companies? Steed would not commit to a direct answer.
‘If you talk to Israel, you talk to Saudi, they would tell you that they’re free and open societies and they are the allies of the United States. We still are very careful. No matter whether it’s Israel, or Saudi, or France or Germany, we’re still very careful about what we invest in,’ said Steed. ‘To make sure that we’re not violating the free and open society concept.’
What free and open society means, and where that red line resides, appears to be something only the investors know.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG