Advertisement

Investors' pledge to fight spyware undercut by past investments in US malware maker

On Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa.

Now, some investors have announced that they too are committed to fighting spyware. But at least one of those investors, Paladin Capital Group, has previously invested in a company that developed malware, according to a leaked 2021-dated slide deck obtained by TechCrunch, although the firm tells TechCrunch it "got out" of the firm some time ago.

In the last couple of years, the U.S. government has led an effort to limit or at least restrain the use of spyware across the world by putting surveillance tech makers like NSO Group, Candiru and Intellexa on blocklists, as well as imposing export controls on those companies and visa restrictions on people involved in the industry. More recently, the government has imposed economic sanctions not only on companies, but also directly on the executive who founded Intellexa. These actions have put others in the spyware industry on alert.

In a call with reporters on Monday that TechCrunch attended, a senior Biden administration official said that a representative from Paladin participated in meetings at the White House on March 7, as well as this week in Seoul, where governments gathered for the Summit for Democracy to discuss spyware.

Paladin, one of the biggest investors in cybersecurity startups, and several other venture firms published a set of voluntary investment principles, noting that they would invest in companies that "enhance the defense, national security, and foreign policy interests of free and open societies."

“For us, it was an important first step in having an investor outline both recognition that investments should not be going towards companies that are undertaking selling products, and selling to clients that can undermine free and fair societies,” the senior administration official said in the call, where journalists agreed not to quote the officials by name.

To hear some of these investors talk, you'd think that spyware has no place in a free and open society.

In an interview with TechCrunch, Michael Steed, founder and managing partner at Paladin, explained the firm's thought process when considering investing in a cybersecurity company. “Could this technology be utilized in the commercial spyware area?” he asked rhetorically. “We're looking at those technologies in a way in which we're looking to protect the economic, national security and foreign policy interests in a free and open society.”

Yet, in the past, Paladin invested in Boldend, a little-known offensive cybersecurity startup founded in 2017 and based in California.

Among several other products, Boldend claims to have developed an “all-in-one malware platform” called Origen, which “enables the easy creation of any piece of malware for any platform,” according to the leaked slide deck.

Boldend advertised Origen as "capable of automating any conceivable attack" against Windows, Linux, Mac and Android devices, describing Origen informally as a "device management tool." In another slide, Boldend said a future goal of Origen was to perform "automatic compromise, lateralization, and forensic removal."

In other words, this is Boldend’s platform for hacking into and extracting data from someone's device.

Contact Us

Do you know more about Boldend? Or about spyware providers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

Steed said that Paladin no longer invests in Boldend, though he declined to explain why. Steed did not respond to follow-up questions attempting to clarify how Paladin’s relationship with Boldend ended.

“It didn't do what we wanted it to do. So we got out of it,” Steed told TechCrunch.

Boldend did not respond to a request for comment. The startup's website is barebones and says little about what the company does. When reached by TechCrunch in October 2023, Boldend's board member Mike Barry, now listed on LinkedIn as the company's chief executive, said that the startup was “very much alive and well.”

In the leaked slide deck, Boldend claims to have sold its “cyber munitions and expertise” to Raytheon, Novetta, FEDDATA, the Department of Defense, the U.S. Cyber Command and more broadly, the intelligence community. Boldend also said it got funding from Founders Fund, the massive venture capital firm led by Peter Thiel, and Gula Tech Adventures.

The leaked slides outline several different products. Apart from Origen, there’s Kevlar, an automated platform to analyze implants; Hedgemaze, an obfuscated traffic routing platform to manage infrastructure; and Cricket, a portable hardware platform to launch Wi-Fi-based attacks.

Boldend states in the slides that it hoped to develop software for “full turn-key cyber operations" like offensive cyber capabilities, electronic warfare and signals intelligence; hack-back services sanctioned by the U.S. government; and an AI platform “to dynamically identify, exploit, build infrastructure, as well as create online personas to perform a variety of intelligence tasks while maintaining forensic integrity,” including creating and diffusing “fake news story with social media.”

In one of the slides, Boldend claims that it developed tools to gain “remote access into all WhatsApp on all Android.” And that it spent a year developing that capability, but it “got burned by an update.” The New York Times first reported Boldend's creation of the WhatsApp exploit.

Gula Tech, which also invested in Boldend, also signed the principles and commitments published by Paladin. Ron Gula, the president and co-founder of Gula Tech, declined to comment for this article.

Gula Tech and Paladin’s investment in Boldend — effectively a U.S.-based exploit and hacking software maker — and the two investment firms' commitment to not invest in spyware companies might seem at odds. But the investors' pledge leaves the door open for investing in certain companies, if they serve the interests of the United States, and “free and open societies.”

Exactly how far do those principles stretch as it relates to other countries that are close allies of the United States but with histories of potential human rights violations? Does that mean, for example, that Paladin wouldn’t invest in companies based in Saudi Arabia or Israeli companies? Steed would not commit to a direct answer.

“If you talk to Israel, you talk to Saudi, they would tell you that they're free and open societies and they are the allies of the United States. We still are very careful. No matter whether it's Israel, or Saudi, or France or Germany, we're still very careful about what we invest in,” said Steed. “To make sure that we're not violating the free and open society concept.”

What free and open society means, and where that red line resides, appears to be something only the investors know.