Little-Known Cypriot Company Offered 'Military-Grade' Spyware

A Cypriot-incorporated company with links to a United Arab Emirates (UAE) ruling family and the infamous Israeli private intelligence firm Black Cube marketed phone and computer hacking technology, according to a pitch deck exclusively obtained by Forensic News.

AH Global Technologies is a “one-stop shop for governmental and law enforcement related technology,” according to its website, but the site fails to mention that the company offered offensive cyber tools, including “military-grade” remote hacking software for mobile phones and computers.

Forensic News believes in transparency in the journalism process. Go behind the scenes to see how this story was created with the Stone video bibliography:

"Powerhouse" and "Arklys"

According to a source familiar with the matter, the pitch deck, which provides more detailed information on the company’s offerings than its public website, was shown to a potential government client in 2020.

Though it is littered with typos and stiff language, the document offers a rare glimpse into the secret dealings of the often-shrouded, high-dollar private espionage industry.

Included in AH Global Technologies’ private offerings to prospective clients are multiple products designed to covertly gather digital intelligence. A product called “Powerhouse” is advertised as a technology that can hack phones and computers:

Military-grade strategical [sic] cyber intelligence system dedicated to network, mobile and PC remote exploitation and dissemination operations.

The company claims that Powerhouse works on both mobile phones and computers and can extract data from multiple apps, including WhatsApp, Gmail, and Telegram.

Another tool the company pitches is called “Arklys” which can allegedly infect mobile phones via Bluetooth without user action. This kind of spyware is commonly described as a “zero-click” attack, as the target doesn’t have to click a link, open a malicious website, or do anything at all to become infected.

Forensic News consulted a number of cybersecurity experts and allowed them to review the pitch deck pre-publication. The consensus among the experts was that, based on the descriptions of the cyber products in the document, AH Global Technologies was likely reselling other technology already on the market.

The descriptions of "Powerhouse" and "Arklys" were unsophisticated and likely written by someone who did not understand the underlying technology, the experts said, suggesting that AH Global Technologies didn't create the products.

The suggestion that the company is rebranding the products of other Israeli companies is borne out in portions of the pitch deck.

The "mobile interception" system, a backpack-like device that can eavesdrop on the calls of tens of people at a time, is produced by the controversial Israeli firm PicSix, Forensic News has been able to confirm.

The language used by AH Global Technologies to describe the system they call "Gamma," is identical to the language used by PicSix to describe its product called the "P-6 Passive." The only change in the description of the system made by AH Global Technologies was to remove the mention of PicSix as the producer.

PicSix made headlines in 2021 after it was uncovered that the company used intermediaries to sell the powerful surveillance tool to the repressive military regime in Bangladesh. The middleman in that sale told Al Jazeera that his Singapore-incorporated company was "a front for PicSix’s business in Asia, as many countries would not openly do business with an Israeli company."

Daniel Maki, former Senior Intelligence Manager at the UK-based Institute for Strategic Dialogue said that the offering of human intelligence (HUMINT) and signals intelligence (SIGINT) by AH Global Technologies is unusual.

"Private intelligence firms that offer such a broad range of HUMINT and SIGINT services, while not unheard of, are uncommon," Maki said.

He added that most private intelligence outfits tend to hone in on one or the other (HUMINT or SIGINT), which is "typically a reflection of the background(s) of the founders and the specialization required to fill staffing requirements.

"A firm that does everything under the sun is either advertising with a fair bit of sales fluff - perhaps promising services they intend to subcontract to other shops they partner with - or they've got clients with rather deep pockets," Maki stated.

Along with cyber tools and HUMINT, AH Global Technologies offers more conventional law enforcement and military products, including drones, border security, and armored vehicles.

AH Global Technologies Owned by Former Black Cube Employee

A Forensic News technical analysis of the pitch deck revealed direct links to Black Cube, a connection further affirmed by two sources who indicated that a former Black Cube senior executive is the principal in AH Global Technologies.

Black Cube is a private Israeli intelligence company often dubbed “the private Mossad” that has made headlines for, among other things, spying on journalists at the behest of Harvey Weinstein. Notably, in 2016, Black Cube operatives in Romania were caught in a hacking scandal that eventually saw both operatives plead guilty.

The metadata shows that the author of the document used a BlackCube[.]com email address and listed his name as Shlomo Weingarten, the same last name as the person listed as AH Group’s vice president.

Metadata for the AH Global Technologies pitch deck

Details on Shlomo Weingarten’s LinkedIn account match his biography on the website of the AH Global Technologies parent company, AH Group. Sources familiar with the matter, who were granted anonymity to discuss the sensitive nature of the businesses, said that Weingarten operates and owns AH Group.

Language and verbiage used by AH Global Technologies both publicly and privately match, sometimes word for word, phrases used by Black Cube.

For example, AH Global Technologies privately states that it is made up of “veterans from various Israeli elite intelligence units.” Nearly the exact same phrase sits atop the current Black Cube website.

Similar language used between Black Cube and AH Global Technologies

Igor Ostrovskiy, a private investigator and former Black Cube subcontractor who turned into a secret source for journalist Ronan Farrow during the Weinstein investigation told Forensic News that he was worried that a former Black Cube senior executive might have expanded into cyber operations.

“I am really troubled that an individual who had a senior position at an organization like Black Cube is allowed to have such major reach on the private intelligence market,” Ostrovskiy said.

Describing AH Global Technologies as a “Black Cube-affiliated enterprise,” Ostrovskiy noted that private companies selling zero-click hacking tools are uncommon and can often gain a strong foothold in the market.

But unlike Black Cube, AH Global Technologies appears to be obfuscating its ties to Israel. The private touting of employees from elite Israeli intelligence units is publicly replaced by employees from “various” elite military units.

And although the AH Global Technologies website states that the company has headquarters in the UAE, the pitch deck makes clear that the company was “based in Israel and Cyprus.”

Forensic News reviewed Cypriot corporate records which showed that AH Global Technologies Limited was established in January 2020 when an existing shell company changed hands.

"...on January 23, 2020, at 10.00 a.m...The name of the Company was renamed to AH GLOBAL TECHNOLOGIES LIMITED "

The company’s sole shareholder is a Cypriot accountant acting as a nominee shareholder. This process is common in offshore jurisdictions as a tactic by beneficial owners to dodge public records.

In its investigation, Forensic News did not uncover any evidence of Black Cube involvement in AH Group beyond Weingarten, and Black Cube denied any connection to Weingarten's company.

Ties to the UAE

AH Global Technologies is one of three companies under the banner of AH Group, alongside AH Mining and AH Global Capital.

Forensic News understands that AH Group has a working office in Dubai, as referenced on its website.

The public AH Group address, 25th Floor, South Tower, Emirates Financial Towers, is the same location as one of the UAE's biggest property developers, MAG Group.

A Forensic News fixer visited the Emirates Financial Towers in Dubai but did not find any sign of AH Group. The only two entities on the 25th floor were MAG Financial Services and what appeared to be an iteration of the international law firm Lansky, Ganzger, Goeth, Frankl + partner (LGP).

One of the sources familiar with AH Group said that the company rents office space from MAG Group, but the real estate company did not reply to a request for comment.

Marwa Safaa Andaou, listed on the website as AH Group's office manager, states on her LinkedIn account that she is "Executive Assistant to Chairman" at a "confidential" company in Dubai, further affirming AH Group's active presence in the country.

The most influential person named on the AH Group website, however, is Sheikh Sultan bin Faisal bin Sultan Al Qassimi, a member of the royal Al Qassimi family who rules the Emirates of Sharjah and Ras Al Khaimah.

The nephew of the ruler of the Emirate of Sharjah, Sheikh Sultan is perhaps best known publicly for racing cars in "drifting" events in the UK and elsewhere. His uncle, Sultan bin Muhammad Al-Qassimi, has ruled Sharjah for over 50 years.

Sheikh Sultan, far left, with his father, middle

Contacted on social media, Sheikh Sultan confirmed that he was involved with AH Group: "I’m a board member in this company," he told Forensic News. Another source with direct knowledge confirmed that Sheikh Sultan sits on the AH Group board and is updated regularly on the business.

The partnership between a UAE ruling family member and a former high-ranking Black Cube employee in a venture that offered spyware to prospective clients continues a trend of cooperation between the two nations in the cyber arena.

NSO Group, the infamous operator of the Pegasus spyware that has been used by authoritarian regimes to spy on members of civil society, also forged a close business relationship with the UAE at the urging of the Israeli government. At least one other Israeli spyware company called Candiru sold its technology to the UAE in recent years.