Israeli Cyber-Attack Firm: Named After a Literal Human-Invading Parasite
IF YOU ENTER the lobby of the Tel Aviv building that acts as its headquarters, you won’t find its name in the directory. You also won’t find a Web site for it because it doesn’t have one. Its 120 or so employees don’t post profiles on LinkedIn and sign strict confidentiality agreements. Inquiries elicit a polite but firm “no comment.”
The company is known as Candiru, named after an Amazon fish known for its alleged tendency to invade and parasitize the human urethra. The name fits the company’s business, which is “offensive cyber,” the technology used to hack into computers or smartphones and spy on users.
Offensive cyber is a big business in Israel, with industry sources saying it generates about $1 billion in sales a year. The biggest and most controversial of the players is NSO, which has been cited repeatedly for selling its equipment to countries like Saudi Arabia and Mexico that have used them to spy and crack down on dissidents.
NSO’s specialty is hacking smartphones. Candiru’s hacking tools are used to break into computers and servers, although some sources said that it also has technology for breaking into mobile devices as well.
Israel regards offensive cyber tools as no different than other weapons and exports must be approved by the Defense Ministry. However, while the ministry is sensitive to security risks to Israel from exports, it is has less concerns about human rights violations by buyers.
Candiru is also different from many other offensive cyber companies, such as hacking team and FinFisher, that only sell attack tools, because Candiru sells a complete system.
“They have a user interface through which the customer sees how many targets have been penetrated, what information has been obtained and so forth,” said one source. ”In addition, they offer a very sophisticated service, so that if a certain attack tool doesn’t work they’ll produce a new one that will work. They sell a pre-loaded ‘cartridge’ of attack tools.”
Formed four years ago, Candiru is shrouded in secrecy. It is believed to employ 120 people and generate annual sales of $30 million a year, but that is only speculation by outsiders. If true, that would make it Israel’s second-largest offensive cyber company after NSO, not counting publicly traded Verint and general defense companies.
What is known is that Candiru’s founder is Isaac Zack, who was also a founder of NSO. Zack is a venture capital investor and among the founders of the investment firms Founders Group and Pico Venture Partners.
Candiru’s CEO is Eitan Achlow, who was previously an executive at the Israeli ride-sharing company Gett. But in line with Candiru’s veil of secrecy, Achlow’s LinkedIn page lists him as working in a company in stealth mode, a startup industry term for companies that haven’t launched a product and are working without publicity.
According to the Dun & Bradstreet guide, Zack is on the boards of 13 companies, among them the cybersecurity startups Cy-Ot and Orchestra — all of them in the field of protective cybersecurity. Keeping with the secrecy surrounding Candiru, its name isn’t listed among Zack’s directorships.
That is because Candiru is not the company’s registered name. It was originally registered under the name Grindavik Solutions in September 2014. It changed it to LDF Associates in March 2017 and back to Grindavik last April.
Like other companies in Israel’s renowned cybersecurity industry, Candiru recruits heavily from the Israel Defense Forces 8200 intelligence unit. They are typically paid 80,000 shekels ($21,400) a month and some make 90,000.
“They take the best hackers that were in 8200,” said one cybersecurity entrepreneur, who spoke on condition of anonymity. “Candiru has no defined work conditions — you can do what you want. They even have one employee that lives in France and starts up his computer when he feels like it.”
* * *
Source: Haaretz, Archive.is, and National Vanguard correspondents