Revealed: Top Secret Israeli Hackers For Hire

Candiru, named after an Amazon fish known to parasitise the human urethra, recruits heavily from 8200 intelligence unit and sells offensive tools for hacking computer systems. The name fits the company’s business, which is offensive cyber, the technology used to hack into computers or smartphones and spy on users.

In the Tel Aviv building that acts as its headquarters, Candiru name is not in the directory. Also it is not on a website as it doesn’t have one. Its 120 or so employees don’t post profiles on LinkedIn and sign strict confidentiality agreements. Inquiries by TheMarker elicited a polite but firm “no comment”.

Offensive cyber is a big business in Israel, with industry sources saying it generates about $1 billion in sales a year. The biggest and most controversial of the players is NSO, which has been cited repeatedly for selling its equipment to Arabia and Mexico that have used them to spy and crack-down on dissidents.

NSO’s specialty is hacking smartphones. Candiru’s hacking tools are used to break into computers and servers, although some sources told TheMarker that it also has technology for breaking into mobile devices as well. 

Unlike NSO, Candiru is more conservative in its choice of customers. Most of them are in Western Europe and none of them are from Africa. In fact, the company reportedly doesn’t sell equipment to Israel, although that is for business, not political, reasons, they say.

“For example, if Germany needs offensive cyber equipment for some national security matter, it will develop it in-house without question,” explained one source, who asked not to be identified. “But if it needs to contend with human trafficking from Turkey, for instance, it will buy cyber gear from an outside source where the issue is less sensitive.”

Candiru’s sales policy is an internal decision, and many Israeli companies in the business have found themselves in hot water for selling to regimes with poor records on democracy and human rights.

Israel regards offensive cyber tools as no different than other weapons and exports must be approved by the Defense Ministry. However, while the ministry is sensitive to security risks to Israel from exports, it is less concerns about democracy and human rights violations by buyers.

Candiru is also different from many other offensive cyber companies, such as hacking team and FinFisher, that only sell attack tools, because Candiru sells a complete system.

“They have a user interface through which the customer sees how many targets have been penetrated, what information has been obtained and so forth,” said one source. 

“In addition, they offer a very sophisticated service, so that if a certain attack tool doesn’t work they’ll produce a new one that will work. They sell a pre-loaded 'cartridge' of attack tools.”

Formed four years ago, Candiru is shrouded in secrecy. It is believed to employ 120 people and generate annual sales of $30 million a year, but that is only speculation by outsiders. If true, that would make it Israel’s second-largest offensive cyber company after NSO, not counting publicly traded Verint and general defense companies.

What is known is that Candiru’s founder is Isaac Zack, who was also a founder of NSO. Zack is a venture capital investor and among the founders of the investment firms Founders Group and Pico Venture Partners.

Candiru’s CEO is Eitan Achlow, who was previously an executive at the Israeli ride-sharing company Gett. But in line with Candiru’s veil of secrecy, Achlow’s LinkedIn page lists him as working in a company in stealth mode, a startup industry term for companies that haven’t launched a product and are working without publicity.

According to the Dun & Bradstreet guide, Zack is on the boards of 13 companies, among them the cybersecurity startups Cy-Ot and Orchestra, all of them in the field of protective cybersecurity. Keeping with the secrecy surrounding Candiru, its name isn’t listed among Zack’s directorships.

That is because Candiru is not the company’s registered name. It was originally registered under the name Grindavik Solutions in September 2014. It changed it to LDF Associates in March 2017 and back to Grindavik last April. 

Like other companies in Israel's renowned cybersecurity industry, Candiru recruits heavily from the Israel Defense Forces 8200 intelligence unit. They are typically paid 80,000 shekels ($21,400) a month and some make 90,000.

“They take the best hackers…,” said one cybersecurity entrepreneur, who spoke on condition of anonymity. “Candiru has no defined work conditions, you can do what you want. They even have one employee that lives in France and starts up his computer when he feels like it.”

Haaretz:      Guardian:     Computing

You Might Also Read:

Israel: The Cyber Power:

 

« Optimising Maritime Cybersecurity
Hackers Demand Ransom For Stolen 911 Documents »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.