Israeli QuaDream Spying Program: For Who Was Produced?

After Pegasus, the Canadian laboratory, Citizen Lab, revealed on April 11, 2023, a new Israeli spying program similar to the first one called QuaDream.

Just as it was revealed that Arab countries such as Saudi Arabia, Morocco, and the United Arab Emirates had purchased Pegasus, they have also acquired the new program and dealt with the new Israeli company.

The new program has been used to target journalists and opposition politicians in several countries, including Arab countries, according to Citizen Lab, a specialist in cyberspace, global security, and human rights.

It was designed by an unknown Israeli company named QuaDream Ltd., founded by a former Israeli military official and former employees of the NSO Group, the company behind Pegasus, perhaps to escape the previous program's poor reputation.

According to AP, on April 12, 2023, Citizen Lab managed to communicate with at least five individuals who were targeted by the QuaDream program in the Middle East, North America, Central Asia, Southeast Asia, and Europe.

The list of victims included journalists, opposition political figures, and a member of a non-governmental organization, according to Citizen Lab, but their identities have not been disclosed at the moment for security reasons.

 

What Is QuaDream?

QuaDream is a spyware program similar to Pegasus, which was exposed in 2022. It was reported then that it was designed to target opposition journalists and politicians from 10 countries, including Arab states.

The company behind the program is QuaDream, based in a building in Ramat Gan, Tel Aviv, on the 19th floor, with no signs identifying it, according to Haaretz, on June 8, 2021.

This company is a less well-known competitor to the Israeli company NSO Group, which also specializes in spyware programs, including Pegasus. The latter was included in the U.S. government's blacklist in 2022, following allegations of hacking in America, in addition to Arab countries and other countries.

QuaDream was founded in 2016 by Ilan Dabelstein, a former Israeli military official, and two former NSO employees.

However, the Hebrew newspaper, Yedioth Ahronoth, stated in September 2022 that the company launching the new surveillance application was founded by a former officer from the elite Israeli commando unit, who held a senior position in the Israeli Military Intelligence (Aman), named Tal Dilian.

Dilian holds the rank of colonel in the Israeli army, was the commander of Unit 81, and is a senior officer in the army's special operations unit.

After hacking into someone's phone or computer, the new spyware program QuaDream works to record external calls and sounds, capture images from mobile cameras, and search device files without the user's knowledge, according to Citizen Lab.

Like Pegasus, the new spying program can control the smartphone and collect instant messages from services such as WhatsApp, Telegram, and Signal, as well as email messages.

It can also access photos, texts, and contacts, according to two brochures issued by this program in 2019 and 2020, Reuters news agency reported on February 4, 2022.

However, the Wall Street Journal stated that QuaDream has denied that it has ever produced a spyware program.

The laboratory stated that the company QuaDream marketed its spyware programs to government clients in Saudi Arabia, Morocco, Singapore, Mexico, Ghana, Indonesia, and other countries.

Through the capabilities of the Premium suite and the REIGN feature, this new Israeli spyware program can record calls in real-time, activate the front and rear cameras, and activate the microphone, as stated in one of the program's brochures.

The price of the program is determined based on the scope of the desired phone and electronic device breaches. For example, a program that breaches 50 smartphones costs $2.2 million, excluding maintenance costs, according to a 2019 brochure.

 

Why Israeli Programs?

Before Citizen Lab exposed this new Israeli spyware program, five individuals had reported a vulnerability in Apple's iPhone software that was exploited by the new company, QuaDream.

They claimed to have been previous victims of the NSO Group's spyware program in 2021 and then were targeted by the new company, QuaDream, indicating that they were targeted by Pegasus spies themselves.

According to Reuters on February 4, 2022, QuaDream is a smaller and less renowned Israeli company that also works on developing remote mobile penetration tools for government clients.

Both companies use the same advanced hacking technique known as "zero-click," which infects the device without the victims' knowledge or any action on their part.

"People want to believe they're secure, and phone companies want you to believe they're secure. What we've learned is, they're not," said Dave Aitel, a partner at Cordyceps Systems, a cybersecurity firm.

Technology experts believe that after the exposure of governments and other entities using the Pegasus program to spy on opposition figures and the media, and the ensuing global criticism, some spies within the company created another company as a response.

Citizen Lab confirmed that the Israeli company behind the new program includes Israeli military and technical officials who previously worked for the NSO Group, the company that developed Pegasus.

Spyware programs like Pegasus have been widely used by governments and other entities to spy on opposition figures, media organizations, and activists.

In September 2022, Yedioth Ahronoth revealed that the new spyware program was launched by a company whose owner is a former officer in the Israeli elite unit, taking advantage of the restrictions and sanctions imposed on the NSO Group.

Experts who analyzed the intrusion programs developed by the Israeli companies, NSO Group and QuaDream, believe that they both used very similar programs known as ForcedEntry to breach iPhones by implanting malicious software on the targeted phones.

In a written statement to Reuters, an NSO spokesperson attempted to deny their cooperation with the new company, QuaDream, stating that they did not collaborate with them.

However, they mentioned that the electronic intelligence industry continues to grow rapidly worldwide.

Israeli companies and other surveillance software vendors try to claim that they sell high-precision technology to help governments counter national security threats.

However, human rights organizations and journalists have repeatedly documented the use of spyware programs to attack dissenting systems, spy on journalists and activists, and interfere in elections.

In late March 2022, the White House considered that governments purchasing the Pegasus program used it to facilitate repression and enable human rights violations.

 

The Customers Themselves

On February 4, 2022, four sources revealed to Reuters that many governments that purchased the new Israeli spyware program were the same ones that bought the old program, Pegasus, including Saudi Arabia and the United Arab Emirates, to target political opponents.

The Washington Post confirmed on April 11, 2023, that Microsoft discovered the new Israeli spyware application sold to 10 countries in previous versions of Apple's iOS software for iPhones, and Citizen Lab worked on disabling it.

On December 15, 2022, Microsoft, Meta (formerly Facebook), and Apple stated that they are making continuous efforts to disable spyware programs found on their applications and combat "online mercenaries."

Meta officially announced that it had disabled 250 accounts used for this purpose.

In a statement on April 11, 2023, Microsoft warned that the growing presence of mercenary spyware companies poses a threat to democracy and human rights, emphasizing that countering such offensive entities requires collective efforts and cooperation among stakeholders.

On January 20, 2022, Haaretz newspaper revealed that it obtained a definitive and final list of all the victims targeted by the Israeli-made spyware program Pegasus, whether they were Arabs or foreigners.

The Hebrew newspaper stated that the collected list included journalists, politicians, human rights activists, businessmen, activists, and even drug dealers. The list comprised 178 individuals from Azerbaijan, El Salvador, France, Hungary, India, Jordan, Kazakhstan, Morocco, the West Bank, Poland, Rwanda, Saudi Arabia, the United Arab Emirates, Britain, and Mexico.

The newspaper mentioned that the victims included 34 journalists from Al Jazeera channel, three Palestinian activists from the West Bank, 24 French journalists, and 11 American officials in Uganda.

The newspaper revealed that the UAE spied on human rights activist Alaa al-Siddiq, who died in a car accident in London in June 2021—Abu Dhabi was accused of being involved in her murder.

Other individuals were targeted including journalist Rania Dridi, former Egyptian presidential candidate Ayman Nour, journalist Tamer al-Mishal from Al Jazeera, Bahraini activist Ebtisam al-Saegh affiliated with the Peace for Democracy and Human Rights organization, and dozens of others.

The list also included Emirati human rights activist Ahmed Mansour, Saudi activist Yahya Assiri, Sheikha Latifa, daughter of Dubai ruler Sheikh Mohammed bin Rashid Al Maktoum, Princess Haya bint Hussein, the former wife of Sheikh Mohammed, and Princess Aisha bint Hussein, the sister of Jordan's King Abdullah II.

Reports published by American, British, and French newspapers, such as The Washington Post, The Guardian, and Le Monde, on July 18, 2021, confirmed that the Pegasus program was used to target activists, journalists, and politicians worldwide.

The investigation conducted by these newspapers revealed that the list of individuals subjected to surveillance through Israeli-made Pegasus included heads of states, heads of governments, members of royal families, diplomats, politicians, and activists.

According to these reports, many of the numbers on the list belong to individuals from ten countries, namely Saudi Arabia, the United Arab Emirates, Bahrain, Azerbaijan, Hungary, India, Kazakhstan, Mexico, Morocco, and Rwanda. These countries are nearly the same ones targeted by the new Israeli company.