Numerous investigations found Israeli entities complicit in hacking devices of individuals globally.

A new investigation unveiled the biggest Israeli security breach of devices of users in Qatar and the rest of the Arab world through targeted investment advertisements on social media platforms.

Published by Eekad, an open-source intelligence platform in the Middle East, the investigation revealed that Israeli companies breached the devices of Arab users through digital investment companies registered in the United Arab Emirates.

The investigative unit traced its findings back to ads of investment companies over the past months, “Evest” and “Mister Market Pro”, all of which appeared on YouTube, Twitter and Facebook.

“This group, which we have revealed, is only part of a much larger network of Israeli infiltration operations that Eekad continues to track to reveal,” the platform said.

The ads often showcased prominent regional media figures, including Mohammad Alsuwaidan and Mohanad Alwadiya. The investment entities have previously appeared in UAE-based media outlets, including Zawya, Crypto Expo Dubai 2023 among others.

“Evest pushes advertisements to Qatar’s residents through social media and search engines, targeting users by implanting advanced programmes that are difficult to detect in users’ devices and collecting information from the compromised device,” Eekad said.

​​Investigating Evest, the intelligence entity discovered “sophisticated hacking programmes” that Eekad said were difficult to detect on users’ devices. It collects users’ data and sends it to servers around the world, including in Israel and Russia.

Notably, Evest is owned by Atriafinancial Holdings LTD, registered in the United Kingdom, which is headed by two people including Mohammed Sheikh Suleiman, holder of an Israeli citizenship, and Cypriot Pavlos Avraam.

Evest is also linked to another company called “Evest Ltd”, registered in Cyprus, which is run by Israeli businessman Nir Menashe.

Eekad found that Evest was listed as “unsafe” by the Cyprus Securities and Exchange Commission as “they are used for illegal actions and have no legal record.” 

Upon further digging, Eekad found that Evest Ltd is linked to Leadcapital Holdings LTD, which runs Mister Market Pro. 

Mister Market Pro, a platform that provides free courses on investments, is another company that targets Qatar’s residents with ads. The platform uses ads with “malicious programmes” that fish for bank account data and personal information.

Connecting the dots

By investigating the companies and their links to the breach, Eekad found that Leadcapital Holdings LTD is the cover of a group of companies called Lead Capital Holding (TCH) Limited, which is legally authorised in the UAE.

The latter, which provides free investment courses in the UAE, is owned by Israeli citizen Roei Gavish. The company is also connected to a group that scams and hacks users through promoted trading platforms, similar to those used to breach users in Qatar and the rest of the region.

Gavish had also worked at PlayTech with another Israeli, Bat-El Azerad, who is now working at Israeli cyber solutions company NovoShield.

In March, Eekad revealed that NovoShield was behind a major hack on devices in Qatar through mass-targeted digital adverts, though the company appears to be a cover for Wintago Systems.

“The intelligence pushes advertisements for jobs with high salaries, targeting the simple ‘needy’ class of Arab citizens, and if someone applies for this job, they offer to recruit him in the Israeli Mossad,” Eekad said.

The investigative unit cited 2022 reports that pointed to the arrest of a network of Mossad agents by Lebanon’s Internal Security Forces in Lebanon. One of the agents was recruited through a Facebook ad for a job in Qatar.

“The investigations indicated that the agent was asked, after being recruited, to download a programme and scan any Wi-Fi network that he could access, and this is similar to the way those advertisements that we revealed,” Eekad explained.

Israeli data breaches

Numerous investigations found Israeli entities complicit in hacking devices of individuals globally.

The most prominent investigation to date is that of the 2016 Pegasus scandal. Numerous probes found that the Israeli NSO Group’s spyware targeted activists, journalists and political leaders.

Among the victims of the Pegasus scandal were Al Jazeera employees, some of which filed lawsuits against the spyware company in 2018.

The Israeli hacking of devices in Qatar raises further questions on Tel Aviv’s motives, especially given the Gulf state’s vocal rejection of its occupation of Palestine.

In late 2020, the UAE and Bahrain signed the Abraham Accords, in which they formally normalised relations with Israel. However, Qatar has refused to follow suit and maintained its unwavering stance towards normalisation with Israel.

Speaking to Doha News in March, Sarah Leah Whitson, Executive Director of Democracy for the Arab World Now (DAWN), described the breaches as very worrying.

“It’s extremely disturbing to learn of reports that an Israeli company has gone to such great lengths to hide its identity and use fake advertisements to infiltrate and obtain personal information from Qatari citizens,” Whitson told Doha News in response to the previous Eekad investigation.

She stressed the need to investigate Eekad’s findings to determine the possible role of the Israeli government in the breaches.

“It’s extremely important for the Qatari government to investigate this matter, determine whether the Israeli government knew or was involved in this attempted infiltration, and take urgent action to protect the privacy of Qataris,” Whitson added.