Orchestra Group hired Ballard Partners to lobby the Department of Homeland Security on “issues related to cybersecurity," in 2020 and early 2021.July 30, 2021 3:14 pm
A company run by a founder of the cyber-surveillance firm NSO Group hired a Trump-allied lobbyist in 2020 to lobby the Department of Homeland Security (DHS), Forensic News can reveal.
Documents filed with the U.S. Senate under the Lobbying Disclosure Act reveal that Orchestra Technology, a company purportedly based out of New York and owned by Israeli spyware veterans, paid Brian Ballard’s Ballard Partners $240,000 over an approximate eight-month period in 2020 and early 2021.
The three lobbying forms filed by Ballard Partners indicate that Orchestra Group hired the firm to lobby DHS on “issues related to cybersecurity.” No further details were included.
Unlike other companies started by the founders of Orchestra Group that are known for their hacking abilities, Orchestra says that they focus exclusively on defensive cybersecurity.
Created in 2018, the company offers “a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration,” according to their website. In recent months, Orchestra has signed partnership deals with private companies in Asia and elsewhere.
An Orchestra marketing presentation from September 2020 shows that the company counts the Israeli and, perhaps more confoundingly, the Russian governments as clients.
Among the Orchestra customers in Russia are the powerful state telecommunications and banking behemoths Rostelecom and Sberbank. Another company on the list is owned by billionaire Russian oligarch Andrey Melnichenko. Through a representative, Melnichenko stated that neither he nor the company mentioned as a client by Orchestra, the Siberian Generating Company, were ever clients of the Israeli firm. “Mr. Melnichenko has nothing to do either with this company or its software,” the representative with Eurasia Advisory said.
In Israel, the Ministry of Religious Services is an Orchestra customer, according to the documents, which also list the University of Haifa.
Orchestra has been funded to the tune of $7.5 million by two venture capital firms, Prytek and Target Global. Prytek was founded in 2017 and its financial backers include Russian and Israeli businessmen. Target Global is funded by a largely opaque Russian venture capital fund called Invest AG.
Two of Orchestra’s shareholders — Omri Lavie and Isaac Zack — are well-known figures in the spyware world, while the third shareholder, Jacob Ukelson, has a business management and tech background.
Lavie co-founded the now-infamous cyber-surveillance firm called NSO in 2010, building the company to a value of approximately 1 billion dollars over the succeeding decade.
The corporate behemoth behind NSO spans over eight countries and spyware developed, marketed, and sold by that network of companies has been used by government agencies around the world.
Though ostensibly meant to stop terrorism and other serious crimes, the powerful NSO tools, including their flagship hacking product called Pegasus, have been used by authoritarian regimes to infiltrate the cellphones of journalists, human rights activists, business executives, politicians, and other government officials.
The most prolific customers of NSO are Saudi Arabia, the United Arab Emirates, and Mexico, though dozens of countries have been identified as clients.
In recent weeks, a media consortium titled the Pegasus Project, after the spyware’s name, identified over 1,000 individuals across the world whose phones were targeted or surveilled.
Another Orchestra partner is Isaac Zack, who co-founded a different hacking outfit in Israel called Candiru that has, like NSO, found itself in the middle of controversy after its tools were used to spy on civil society members.
A joint investigation by Microsoft and the University of Toronto’s Citizen Lab found that Candiru “cyberweapons…were being used in precision attacks targeting more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents.”
“Based on our analysis of Internet scanning data,” the Citizen Lab wrote, “we believe that there are Candiru systems operated from Saudi Arabia, Israel, UAE, Hungary, and Indonesia, among other countries.”
Brian Ballard, the lobbyist hired by Orchestra, was already a successful political influencer with offices in six cities, when he found immense power with the inauguration of the Trump administration. In the four years after opening its first D.C. branch in 2017, Ballard Partners’ annual income rocketed from $9.7 million to $24.4 million.
At least some of the firm’s success can be attributed to Ballard’s relationship with then-President Donald Trump. His experience as a top fundraiser for Trump’s 2016 campaign and key transition advisor gave Ballard the ability to “bridge the gap” between the establishment, corporate clients, and Trump.
In addition to corporations like Amazon and Uber, Ballard Partners lobbied on behalf of foreign clients, including Zimbabwe’s deposed dictator Robert Mugabe, and the indicted Turkish bank Halkbank. More recently, Ballard opened its first office in Israel.
On the lobbying documents filed by Ballard Partners, the client is listed as “Orchestra Technology, Inc.” in New York, but a query of the state’s corporate database returned no results for that company name or variations. The address ascribed to “Orchestra Technology, Inc.” houses coworking office spaces.
The documents also indicate that the New York branch of Orchestra is controlled by the London and Israeli branches. Corporate records from the UK confirm that Lavie, Zack, and Ukelson are co-equal shareholders of Orchestra.
The exact nature and scope of the Ballard Partners lobbying of DHS on behalf of the Lavie-Zack-Ukelson cybersecurity group remains unclear. Ballard Partners, Orchestra, and DHS did not reply to requests for information.
Forensic News filed a Freedom of Information Act request seeking information on any contacts between DHS and Ballard Partners regarding their work for Orchestra, but the information was not expected for months.
The oxymoronic actions of Lavie and Zack in leading separate entities that simultaneously create tools that hack devices and create tools that defend from hacks, result in much more business and earning potential.
As detailed in a Citizen Lab report on NSO’s Pegasus infecting the phones of iPhone users, the company uses “zero-day” attacks, which “take place when hackers exploit the flaw before developers have a chance to address it,” per Kaspersky. Lavie’s other main business, Orchestra, promises to protect you against such hacks.
For Lavie, the cyber businesses have made him a multi-millionaire. He purchased a $4 million, 12,000 sq. ft. mansion in New Jersey in 2017.
In a promotional video for Orchestra, Zack mentions NSO, saying that he “was involved” with the company, but didn’t elaborate. It has been previously reported that Zack was an early investor in NSO.
The two are also involved in Founders Group, a small venture capital firm headed by Zack, Lavie, and his NSO co-founder Shalev Hulio. Their portfolio consists primarily of cybersecurity and cyber intelligence companies.
NSO Under the Gun
Years of research and reports into NSO finally came into the forefront in recent weeks when a list of 50,000 phone numbers was analyzed by a number of news outlets including Forbidden Stories, the Washington Post, and others, and was deemed to be connected to NSO’s spyware, Pegasus.
The list has led to revelations that countries that have purchased Pegasus have selected at least 180 journalists for targeting. Other members of high-class around the world that were selected for targeting include French President Emmanuel Macron, the King of Morocco, and other doctors, businessmen, human rights defenders, academics, and many others. NSO denies that the list of 50,000 numbers has anything to do with the company.
The project has had an almost immediate impact. Macron met with the Israeli Defense Minister to demand answers regarding the disclosures. Israel itself conducted an “inspection” of NSO’s offices.
A source familiar with the Pegasus Project told Forensic News that the list of 50,000 Pegasus targets does not include any targets of NSO’s sister company Circles. Unlike NSO, Circles is based in Cyprus and Bulgaria, and has largely flown under-the-radar in the context of the Pegasus Project.
The nearly quarter of a million dollars spent by Orchestra to lobby the Trump DHS is the most direct example of any individuals associated with NSO lobbying the United States government in the cyber space, though it is not Lavie’s first foray into lobbying. In 2018, his company hired another firm to lobby on issues related to immigration. One person familiar with Lavie said that he was attempting to become a U.S. citizen.
A federal investigation into NSO’s activities in the United States appears ongoing. A 2020 report from Reuters indicated that a criminal FBI investigation had been active for years. In March, the Guardian reported that the Department of Justice had shown renewed interest in the case.