“Cybertranquillity” is the motto. Cy4gate responds to endless virtual threats by offering its customers defence services to ensure security and protection. The marketing campaign seems effective: the company’s financials are rather solid. Its launch on the AIM (the stock market for small and medium enterprises) listing, which dates back to 24 June 2020, was a success. Its shares rose by 28% on the first day of trading and 110% over the following six months. The initial public offer went better than expected, and Cy4gate won the first prize “for the best strategy in use of the capital market in the fundraising section on the AIM Market of Borsa Italiana for the year 2020”. Today, however, their performance is not as impressive and, according to TeleBorsa’s analysis, its shares, due to their volatility, “are the object of attention especially of ‘risk on’ investors”. The company’s balance sheet, however, is still strong: in 2020, Cy4gate recorded revenues for €12.5 million, an increase of approximately 69% over the previous year.

Founded as a joint venture between Elettronica Group and Expert System in 2014, Cy4gate is the first Italian company that combines cybersecurity, wiretapping services for international police, and broad-spectrum intelligence, defined by Cy4gate as Continuous Intelligence.

Elettronica is a company that sells onboard equipment in the military, from the navy to aviation, technologies for “electronic warfare” such as anti-traffic tools, systems for the detection of threats, and for communications surveillance. Expert System, on the other hand, is active in the field of artificial intelligence and develops a software, COGITO, able to analyze and understand the information contained in text.

In Italy, Cy4gate has no competitors: no one is able to offer such a wide range of services and products. Abroad, however, its major competitors – whose turnover is still not even comparable with that of the Italian company – are Palantir and NSO Group. Cy4gate itself recognizes them as both competitors and reference points, including them in presentations and talking about them in interviews. The first is an American company whose name is inextricably linked to the American military sector: Peter Thiel, one of the founders, was a major donor to Donald Trump. The second is the Israeli group that created Pegasus, the spyware that infected the phones of politicians, activists, and journalists from around the world. Its use was exposed in the Pegasus Project investigation, which led the United States to blacklist the NSO.

Cy4gate relies on two products to challenge NSO and Palantir, respectively: a software for interceptions, Epeius, and a platform capable of collecting and analysing information already online or collected directly from electronic and digital devices, D-SINT.

Global surveillance

In an interview to the specialized Youtube channel Vivere di dividendi, published in December 2020, the then CEO Eugenio Santagata – currently working for Telsy, a company that deals with security of telecommunications infrastructures belonging to the Telecom group – specified that for some offensive cyber intelligence activities (those requiring the authorizations of the judiciary and governments) – “we stand by the side of those who do ethical hacking, and, therefore, on the side of the good guys”. With this in mind, Santagata seems to combine two different Cy4gate products: on the one hand, the collection of online public information, on the other hand, the interception of spyware on behalf of investigative bodies. The latter is the sector where the most significant abuse was carried out, in the context of the ever-expanding surveillance market. Italian companies have often been in the eye of the storm, such as the former Hacking Team (now known as Memento Labs), Area SpA, and RCS, accused of malfunctions of their technologies, alleged export violations, or abuses.

Palantir: the competitor

D-SINT (short for Digital Signal Intelligence) is the Cy4Gate software intended to challenge Palantir in the field of intelligence platforms. It collects, processes, and links data with different format and origin: from social media images to dark web information. «The right information, at the right time, to the right people, in the right way», the company states in a presentation brochure. The analysis is facilitated by the use of COGITO software, developed by Expert System (one of the two founding companies of Cy4gate), and by facial and object recognition software developed by iCTLab, a University of Catania spin-off. The integration – according to a 2019 presentation – will allow, for example, to search information about individual subjects in texts, image databases, or on Twitter, and the same applies to objects.

The two companies were also developing a voice recognition option “related to possible wiretapping or audio files collected in databases or from portable devices”. In the same presentation, however, the two companies underline a criticality in the use of this type of algorithms for recognition: «Given the increasing focus on the issue of privacy, this area will be a critical factor for the use of the data collected and analysed».

Screenshot taken from the presentation held during the workshop “AI for Cybersecurity” on 18 March 2019 at Auditorium della Tecnica Congress Center. The presentation revolves around some D-SINT platform features, also allowing to use facial and object recognition algorithms developed by iCTLab

This is a niche market: the market of intelligence platforms such as D-SINT, able to analyse a multiplicity of data from any type of source, be it public, published on the web, or private databases. In recent years, the Palantir Technologies Group has stood out, although not always in positive terms. According to a Bloomberg article of 2018, its software is able to «find out everything about you».

Palantir was founded in 2003 by venture capitalist Peter Thiel, one of the co-founders of PayPal, who in 2016, according to Buzzfeed, tried to transform himself into the philanthropic financier of the American alt-right, the subversive right-wing galaxy – which mixes conspiracies, traits of anti-capitalism, and white supremacy – strongly supporting former POTUS Donald Trump. Since its foundation, Palantir has cooperated with the CIA and the Pentagon in Afghanistan and Iraq, receiving funding from In-Q-Tel, the non-profit investment company linked to the CIA itself, which promotes innovation in the technological sector. Palantir does not directly perform interceptions but allows to analyze the data already collected, providing analysis and showing links: this simplifies decision making.

In addition to military applications, the software produced by Palantir was used by the United States Immigration and Customs Enforcement (ICE), the US federal agency responsible for border control, to identify and deport illegal immigrants. Palantir has also provided predictive police software to Los Angeles City law enforcement agencies to monitor, identify, and track suspects: some analysis of the software operation already seems to indicate that racially motivated biases exert significant influence on decisions. However, other shadows seem to loom over Palantir. According to Intelligencer, a section of the New York Magazine, former army members and intelligence officers have stressed how Palantir’s success is more linked to its clean and simple interface allowing it to view data than to the actual use of advanced technology.

Pandemic-proofing

As the pandemic continues, both Cy4gate and Palantir have tried to enter the European healthcare market. In the first few months of the health crisis, Cy4gate announced the creation of the HITS, Human Interaction Tracking System, a system for tracking coronavirus infections. Hits had also been proposed to the government (which, however, ended up choosing Immuni), unlike other private companies that have adopted the Cy4gate software.

Palantir managed to establish contacts with national healthcare systems. The new contracts related to the pandemic are among the reasons for a +49% in the cash flow reported by the company in Q2 2021. The Greek Government has signed a secret agreement to share population health data with Palantir; following the subsequent scandal, the Greek Privacy Authority opened an inquiry and the Government has apparently terminated any cooperation and had the data deleted. A similar agreement also existed in the UK with the National Health Service (NHS), where two court cases, initiated by civil society organisations, openDemocracy and Foxglove, prompted the UK government to promise to terminate the agreement with Palantir. Similarly, agreement transparency and the use of collected data projected Palantir in the spotlight of political attention also in the US.

Screenshot taken from the slides of the presentation for AIM’s Virtual Conference dated 27 May 2021. In the photo, you can see the competitors selected by Cy4gate in their respective market sectors. In addition to Palantir and NSO, other recurring names of the Italian scene appear, as IPS, RCS, and SIO, all operating in the field of interceptions for Prosecutor’s Offices

NSO Group – the Israeli company protagonist of the Pegasus Project, which collaborates with intelligence agencies around the world – has tried to develop software for contact tracing during the pandemic. The software called Fleming has had a hard life since its launch, though. The company was accused of using the personal data of thirty thousand real people during the launch: these people were unaware that their movement data was used in the presentations of the products. This amounts to a privacy breach. Its poor performance in terms of tracking risks turning into economic loss, since the indicators have already prompted rating company Moody’s to downgrade its creditworthiness to B3 in May 2021.

Interception Software Competition

NSO is a point of reference especially for interceptions and police surveillance activities. Cy4gate offers three systems in the field: Epeius, Hydra and Gens.AI. Epeius is a spyware that can be installed on people’s smartphones and devices to monitor their activities and extract, for example, copies of their chats and photos, location data, and emails. Hydra, on the other hand, allows to monitor online browsing, identify the applications used and the websites visited, and ascertain whether VPN or Tor Browser (two technologies that allow to safely browse hiding one’s identity) have been used. The use of Epeius and Hydra is «reserved for Police Forces and Italian and foreign Intelligence Agencies», reads a Cy4gate document.

Gens.AI, on the other hand, allows to create and manage false profiles to be used on social networks, facilitating investigation activities: in this way, agents can interact with people without arousing suspicion.

The first public traces of Epeius emerged in connection with Italy, according to an article published on Motherboard in February 2021 that revealed the presence of a fake WhatsApp page in Italian allegedly allowing the installation of a module inoculating Epeius. The purpose of the page is not clear: it has not been ascertained whether it was used for Italian intelligence activities or interception during police investigations. What is certain, however, is that the company already has problems with Italian prosecutors: the Public Prosecutor’s Office of Naples has, in fact, suspended the use of spyware managed by SIO and attributable to Cy4gate due to «serious disruptions».

In fact, Cy4gate signed an agreement in March 2020 with company SIO S.p.A., one of the Italian companies renting interception equipment to Public Prosecutor’s Offices. The agreement, whose details are reported in the AIM listing document, grants SIO «the exclusive use of the Epeius computer sensor». Cy4gate will receive the «total amount paid by Prosecutor’s Offices using Epeius for the correct ‘infection’ of a device (remotely or on site)» and a percentage of the annual turnover of SIO generated by Epeius. This percentage will amount to 50% if the turnover is above 4 million euros, or 60% if lower.

According to Cy4gate estimates, the agreement with SIO allows access to about 70 new Prosecutor’s Offices and covers a 70% share of the market of police wiretapping, which is estimated by the company itself to be worth around €36.3M.

In a press release dated 10 February 2021, Cy4gate confirmed that the disruptions of the Public Prosecutor’s Office of Naples are due to malfunctions and that, in the specific case, the situation «has been promptly identified and subjected to rigorous analysis». According to sources interviewed by Motherboard, in some cases the software for interceptions caused a notification to appear on the screen of the suspect, arousing suspicions.

NSO, a point of reference despite all the trouble

On 3 November, the U.S. Department of Commerce included NSO in a blacklist that includes companies whose software was used to «deliberately target government officials, journalists, businessmen, activists, academics, and embassy employees», as declared in the same statement. Organisations included in the list can no longer buy technology from US companies, which, in turn, are obviously prohibited from selling to the companies on the list. The initiative was taken by the Department of Commerce following the revelations contained in the Pegasus Project.

Though increasingly debated over and controversial, NSO Group remains a reference point in the industry. Cy4gate is no exception: «Our main competitors in the government sector are Israeli and they are also a point of reference, because we have learned a lot from them over time», Eugenio Santagata – then CEO of Cy4gate – said in the December 2020 interview with Vivere di dividendi.

As the contracts entered into by Cy4gate show, the company is active in controversial markets, competing with companies involved in scandals due to contracts with law enforcement authorities of authoritarian regimes. A similar story as NSO’s, which is, in fact, involved in two important cases connected, specifically, to the United Arab Emirates, a country where Cy4gate is also very active. In early October 2021, a British court confirmed that the Emirates Prime Minister, Sheikh Mohammed bin Rashid al-Maktoum, had his former wife and lawyers’ smartphone spied on using Pegasus software. NSO had terminated the contract for the use of its software after becoming aware of the incident.

The other case, however, concerns the engineer, blogger, and activist Ahmed Mansoor, who over the years has been the target of attacks carried out with three different softwares: in 2011 by FinFisher, in 2012 by Hacking Team, and in 2016 by NSO, exploiting a vulnerability whose price is estimated at around one million dollars. In all three cases, the technologies are linked with the actions of the Emirates government. Mansoor was arrested in 2017 and handed a 10-year sentence following an unfair trial based on fictitious charges, according to Human Rights Watch.

Due to the shadows that surround the two competitors (NSO and Palantir) Cy4gate told IrpiMedia that they condemn «any form of misuse or illegitimate use of products that were created with a clear, specific and exclusive purpose: to support the authorities in charge of the prevention and repression of heinous crimes». In addition, «Cy4Gate operates exclusively within the framework of current national and international standards, and makes its technology available to law enforcement agencies. Its aim is contributing to the prevention and repression of crimes, in the exclusive interest of communities. Our products’ users are the main guardians of these very communities», said a company spokeswoman.

Despite recent faux pas with the Italian Prosecutor’s Offices, the rise of Cy4gate appears to be unstoppable. In June 2021, the company attended the ISS World Middle East and Africa conference, an event that is part of a series of annual conferences taking place around the world where surveillance companies, governments, and security and intelligence experts meet. The archived copy of the event agenda states that Cy4gate would hold two sessions: one on Gens.AI and the other on the cyber intelligence platform and «how to control and combine in real-time all the information retrieved from the target under surveillance, leveraging on multiple classes of active and passive sensors». The next appointment is with ISS World Europe, which will take place in Prague in December.