‘Two-sided’ investment: Anti-spying but supporting malware?

Although cybersecurity investors regularly affirm their commitment to combating spyware, there have been cases where a company in the sector has invested in a manufacturer of exploitative software.

On Monday, the Biden administration announced six countries joining an international coalition aimed at curbing the rise of commercial spyware. This type of software is provided by companies such as NSO Group and Intellexa.

Although some investors claim to be against spyware, it has emerged that at least one of them, Paladin Capital Group, has invested in companies that develop malware. According to a leaked slide deck from 2021, Paladin Capital Group once invested in this company. However, they confirmed that they had “exited” from this investment before. This calls into question Paladin Capital Group’s commitment to fighting spyware.

Over the past few years, the US government has led the effort to limit or at least curb the use of spyware worldwide by bringing in surveillance technology makers such as NSO Group, Candiru and Blacklisting Intellexa, as well as imposing export controls on those companies and visa restrictions on those involved in the industry. More recently, the government imposed economic sanctions not only on the companies but also directly on the founding executive of Intellexa. These actions have made others in the spyware industry wary.

On Monday, in an interview with reporters, a senior Biden administration official revealed that Paladin representatives attended meetings at the White House on March 7. In addition, the official also said that Paladin representatives were present at meetings taking place in Seoul this week, where governments gathered for the Democracy Summit to discuss the issue of spyware. message.

Paladin, one of the largest venture capitalists in cybersecurity, along with several other venture capitalists, has announced a set of voluntary investment principles. Accordingly, they will prioritize investing in companies that are able to: Enhance national defense and security capabilities and advance the foreign policy interests of free and open societies.

This set of principles marks an important turning point in directing venture capital flows into key areas for national security and foreign policy interests.

A senior administration official on a conference call (with journalists agreeing to keep their identities confidential) asserted: “For us, this is an important first step for investors to realize that Investing in companies that sell products and serve customers that could harm a free and fair society should be avoided.”

Listening to these investors share, it is easy to see their views on spyware: it is inappropriate and cannot exist in a society that values ​​freedom and openness.

In an interview with Techlade, Michael Steed, founder and managing partner at Paladin, shared the company’s evaluation process when considering investing in a cybersecurity business. He posed the central question: “Does this technology have potential applications in the field of commercial spyware?”. Paladin approaches the evaluation of cybersecurity technologies with the goal of protecting economic, national security, and foreign policy interests in a free and open society.

Despite this, Paladin previously funded Boldend, a little-known offensive cybersecurity startup founded in 2017 and headquartered in California.

Boldend, according to a leaked deck slide, has developed Origen, an “all-in-one malware platform”. This platform allows users to easily create any type of malware for any operating system.

Boldend advertises Origen as a powerful device management tool, capable of automating any form of attack imaginable on Windows, Linux, Mac and Android operating systems. Origen’s future goals are mentioned in another slide, which is to automate intrusions, lateral movement and forensic removal.

Many investors are facing a paradox: They are committed to fighting spyware, but at the same time have previous investments in the American malware makers that were the source of the malware. this spyware.

In other words, this is Boldend’s platform for hacking and extracting data from someone’s device.

Steed confirmed that Paladin had stopped cooperating with Boldend, but he did not reveal the specific reason for this decision. When asked more about how Paladin and Boldend ended their relationship, Steed avoided answering.

Steed told Techlade that the project did not achieve the results they expected, leading to their decision to withdraw.

Boldend did not respond to a request for comment. This startup’s website is very simple and says very little about what the company does. When contacted by Techlade in October 2023, Boldend board member Mike Barry, now listed on LinkedIn as the company’s chief executive, said the startup was “still doing very well.”

In the leaked set of slides, Boldend claims to have sold “cyber security ammunition and expertise” to Raytheon, Novetta, FEDDATA, the Department of Defense, US Cyber ​​Command and more broadly, to the community Intelligence. Boldend also said it received funding from Founders Fund, the giant venture capital firm led by Peter Thiel, and Gula Tech Adventures.

The leaked slide provides a summary of some of the group’s various products, including:

• Origen: Automated vulnerability analysis platform.
• Kevlar: An anonymous traffic routing platform for infrastructure management.
• Hedgemaze: Mobile hardware platform that enables Wi-Fi based attacks.

Boldend stated in the slides that it hopes to develop software for “full-stack cybersecurity operations” such as offensive cyber capabilities, electronic warfare and signals intelligence; US government approved hacking services; and an AI platform “to dynamically identify, exploit, build infrastructure, and create online personas to perform a variety of intelligence tasks while maintaining integrity.” forensic integrity”, including creating and spreading “fake news on social networks”.

In a slide, Boldend claims it has developed tools to get “remote access to all WhatsApp on all Android”. And it took them a year to develop that capability, but it was “disabled by an update”. The New York Times first reported about Boldend creating the WhatsApp vulnerability.

Gula Tech , which also invested in Boldend, has also signed the principles and commitments announced by Paladin. Ron Gula, President and co-founder of Gula Tech, declined to comment for this article.

Gula Tech and Paladin’s investment in Boldend, a US-based hacking and exploitation software company, appears to contradict the companies’ commitment not to invest in spyware companies. message. However, this commitment still allows them to invest in certain companies, as long as their activities serve the interests of the United States and “free and open societies.”

How far do those principles extend to other countries that are close allies of the United States but have a history of potential human rights violations? For example, does that mean Paladin will not invest in companies based in Saudi Arabia or Israeli companies? Steed did not give a direct answer.

“Whether we dialogue with Israel, Saudi Arabia or European countries like France and Germany, we are cautious in investing. Our goal is to ensure investments comply with the principles of a free and open society,” Steed emphasized.

What a free and open society means, and where that line lies, seems to be known only to investors.