Newly discovered shipping records demonstrate one of the first known instances of a private Israeli cyber intelligence company working directly with former KGB and current FSB officials who are authorized to maintain Russian state secrets.
Rayzone Group, a Tel Aviv-based cyber intelligence/spyware company, received a shipment from the Engineering and Commercial Multidiscipline Center, part of a Russian defense and intelligence contractor in Moscow. According to shipping records, this parcel shipped on July 23, 2018.
According to its website, Rayzone “delivers boutique intelligence-based solutions for national agencies.” Rayzone promotes its practice by noting that it “incorporates veterans of the intelligence community with vast experience in intelligence, cybersecurity, and cyber operations.” Rayzone currently employs approximately 180 employees in Tel Aviv with seven subsidiary companies.
In recent years, as Rayzone’s capabilities have become more public, human rights organizations have criticized its practices because of allegations suggesting that Rayzone conducts targeted surveillance throughout the world on journalists and dissidents. In essence, foreign phone operators currently allow companies to rent space in various mobile networks. Reporting suggests that Rayzone has taken advantage of this space by renting various access points around the world to monitor and surveil citizens. By doing this, Rayzone has tools that can hack into an individual’s phone, receiving the precise location of the individual as well as the data contained on the device.
Rayzone Group, like its intelligence counterpart NSO Group—which has mediated deals for Rayzone in the past—asserts that its only clients utilizing their geolocation tools are foreign governments. Founded by Matan Caspi, Eran Rehef, Ron Zilk, Yaron Elrom, and Yohai Bar Zakay (a former top official in the Israeli Intelligence Corp. Unit 8200), the company prides itself on being a premier cyberintelligence provider for international governments.
Currently, its clients include at least 35 countries, with some of its more prominent customers being Mexico, Singapore, the Philippines, Vietnam, and Greece. Rayzone has also worked with prominent Israeli businessmen including Moses and Mendi Gertner, and one of Rayzone’s more interesting business partners is the Russian military.
Rayzone’s partner in Moscow appears to be STT Group, according to the shipping records. STT Group stands for “Special Technique and Technology” and is a registered trademark that is associated with a joint project between at least two Moscow-based companies.
A 2006 NATO report, released by WikiLeaks, describes STT Group as being “[e]stablished in 1994 by ex-KGB officers…” The STT Group is a Russian military defense and intelligence contractor that provides equipment and information that assist various entities with their cyberintelligence capabilities. According to its website, the STT Group “has been developing and serially manufacturing special-purpose equipment, such as Non-Linear Junction Detectors (NLJD) for various missions, radio monitoring systems, equipment for vibro-acoustic control and protection, mine and explosive device detectors.”
The STT Group, while being selectively secretive online, maintains an active YouTube channel that advertises its products to the public. These videos feature former FSB agents who are now analysts with STT. The primary customer of STT is the Russian military, which uses a number of these devices in their combat situations. Significantly, STT Group advertises a number of its customers including several Russian agencies like the Federal Security Service, Ministry of Finance, Gazprom, and the General Prosecutor’s Office.
A separate aim of the company is to provide “information security services for enterprises and organizations, including detection of information leakage sources in premises, mounting and maintenance of protection systems, design and construction of protected premises, and testing of premises and objects in terms of meeting information security requirements.”
Some of STT’s products include confidential equipment to prevent eavesdropping including devices such as the “Casket-4” which is designed to protect conversations from mobile devices that may be used for eavesdropping by third parties. In an interview, STT’s General Director, Vladimir Tkach even boasted that “[c]ompared to ours, NATO equipment is like toys for kids.”
On the Russian page of the STT Group website, the company lists certificates and contracts with the Russian state, namely the FSB, and the Federal Service for Technical and Export Control. These partnerships add to concerns about Rayzone’s business practices.
Notably, on the English version of the STT Group website, the certificates and contracts are omitted. An analysis of the certificates makes clear that the Russian intelligence services conduct extensive business with STT Group. Some notable certificates, establishing this link, include:
- License No. 30260 dated July 10, 2017, issued by the Office of the FSB to carry out work related to the use of information constituting a state secret. This license is valid until September 27, 2021.
- License No. 16322B dated November 22, 2017, and issued by the FSB to carry out activities to identify electronic devices designed to secretly obtain information on the premises of FSB buildings. This license is valid indefinitely.
- License No. 16321H dated November 22, 2017, and issued by the FSB for the development, production of encryption tools protected using encryption tools of information and telecommunication systems. This license is valid indefinitely.
- License No. 0972 dated December 28, 2009, and issued by the Federal Service for Technical and Export Control (Russian Ministry of Defense) for technical protection of confidential information. This license is valid indefinitely.
The 2018 shipping records, acquired by Forensic News from the business intelligence website Import Genius, state that the materials were tracked from Moscow to Tel Aviv. Rayzone Group was the consignee of the shipment (receiver of goods) while STT was the shipper of the materials. The type of material shipped is listed as HS Code 8543709000, indicating that the 18.7 KG shipment was for “other machines and equipment.” HS Code 55, in general, is for “electrical machinery and equipment and parts thereof; sound recording and reproducing apparatus, for recording and playback, television image and sound, and parts and accessories.” The price of the shipment is listed at 30,795.00, although the currency for the payment remains unclear.
Questions posed to both Rayzone Group and STT Group by Forensic News about the details of the shipment went unanswered.
These same records identify the shipper of the goods as ИНЖЕНЕРНО-КОММЕРЧЕСКИЙ МНОГОПРОФИЛЬНЫЙ ЦЕНТР-1/ENGINEERING AND COMMERCIAL MULTIDISCIPLINE CENTER-1/ООО, also known as “ИКМЦ-1″ or “IKMTS-1,” which is part of STT Group.
IKMTS-1 has recently completed contracts with Sberbank, the Federal State Unitary Enterprise, and other Russian government institutions. One of IKMTS-1’s partners, the Federal State Unitary Enterprise, was sanctioned along with other Russian firms in 2018 for having “enabled the activities of malicious Russian cyber actors.” In 2018, this entity earned 549,187,000 rubles or approximately $7.5 million in revenue.
Apart from STT’s military equipment/capabilities, their products in the cybersecurity realm appear to be aimed at protecting users from eavesdropping or information leakage, instead of tapping into it, unlike the products used by Rayzone. In fact, industry experts have suggested to Forensic News that Rayzone may have purchased such equipment from STT to ensure that the information stolen from users via their spyware could be protected from outside forces.
The newly discovered shipping records indicate a willingness, on the part of Russia’s security services, to expand its global presence via Israeli cyber intelligence firms like Rayzone Group. Alternatively, the shipping records prove that at least one Israeli spyware company is working with a Russian military and intelligence contractor to effectuate their cyber intelligence objectives, which have been criticized by human rights organizations.