CYPRIOT conduit used as Malaysia has no diplomatic ties with Israel, the Zionist nation’s top financial daily Calcalist reported yesterday.

ISRAELI financial daily Calcalist in an exclusive under the heading “Israeli Cyber Startup Senpai Helped Malaysia’s Corrupt Leader Spy on Opposition” detailed court proceedings into the affairs of cyber starup Senpai and its dealings with questionable regimes.

Documents submitted to an Israeli court revealed Senpai’s methods of operation and its ties to questionable regimes, including its $1.5 million deal to supply Malaysia’s intelligence agency with surveillance tools to be used on civilians, Calcalist reported.


It reported that just over a month before the 2018 general elections, the Malaysian government signed a deal to acquire a system that allowed it to gather information and analyse data on civilian activity.

“The system was meant to be used by Malaysian intelligence agency the Special Branch (SB) to surveil political activists for the opposition, according to court documents obtained and reviewed by Calcalist. The company that developed and supplied the system to the Malaysian government was Senpai Technologies Ltd., a small Israeli cybersecurity startup.

The deal was signed in April 2018 with a price tag of $1.5 million and received the code name “Project Magnum.” Since Israel and Malaysia have no official diplomatic relations, the deal was signed through a Cypriot conduit company called Kohai Corp. Ltd., founded by two Senpai shareholders for the sole purpose of serving as a front for such deals. The Malaysian government’s plans for Senpai’s system were not kept secret from the company and its use for “political investigations״ is specifically mentioned in internal email correspondence. ” Excerpt from the Calcalist report.

Malaysia was not Senpai’s only controversial potential client and, according to documents reviewed by Calcalist, it had previously negotiated a deal to sell its services to the Sultanate of Oman on the southeastern coast of the Arabian Peninsula, which also has no diplomatic ties to Israel.

Najib, who by then was mired in the biggest financial scandal in history involving the rogue sovereign fund 1MDB, was under severe pressure to retain power as the opposition then united under the Pakatan Harapan banner and Warisan in Sabah, had made a significant leaps fueled by the people’s anger.


Calcalist reported: “For Malaysia’s phase two agreements, Senpai co-founder Eric Banoun counted in court, US$300,000-$400,000 (from the SB, between US$2 million and US$2.5 million from the country’s Prime Minister’s Office, between US$800,000 and US$2.2 million from the Malaysian Anti-Corruption Commission (MACC), and a similar sum from the police. Banoun also mentioned a potential deal in Oman for between $1.2 million and $2.5 million. It is unclear whether these deals were eventually signed.”

Senpai co-founder Eric Banoun


Senpai’s flag product was RogueEye, a system that collects information on people from openly available online sources, such as social networks, and cross-references and analyzes it to produce intelligence reports for secret services, police forces, militaries, and business entities.

Among RogueEye’s official data collection methods is a network of avatars (fake social network profiles) that follow the target and extract information through direct interaction with them.

A year after the election in Malaysia, according to correspondence obtained by Calcalist, Senpai was getting ready to sign a new contract with the SB that required adjusting the goals of the original contract in light of UMNO’s staggering defeat.

“The client got the documents and we are waiting for his response,” Senpai co-founder and head of sales Roy Shloman said referring to “Magnum” in an email sent to fellow co-founders Guy David, Omri Raiter, and Eric Banoun on June 10, 2019.

“As you know, after the elections many things changed and became a bit more complicated,” Shloman wrote.

“As for the client’s management process and based on some of the past conference calls with them, I think that we shall plan a visit to KL (Malaysia’s capital Kuala Lumpur, TG and HR)” he added.

“The main purpose of such a trip is to meet the client (face to face), conduct some Q&A sessions, and provide them with some tips and tricks on how to maximize the system,” Shloman continued.

“Bear in mind, that their objectives changed after elections from political investigations to more criminal-terror investigations,” he wrote.In his email, Shloman said he believes the changes in ML (Malaysia, TG and HR), should bring Senpai to change its business model.

“We can do it together with our current channels,” he wrote, “and to offer such services to the business sector and to the low budgeted governmental agencies.”


It is not often that government spy deals are exposed, and it is even more rare to find written evidence that the supplying company was completely aware of the type of use a government intended to make of its product.

In fact, if it were not for a financial dispute between Senpai’s co-founders, which found its way to a Tel Aviv court last year, the documents and correspondence exposing the company’s extensive activity would likely not have seen the light of day.According to the documents submitted to the court, Senpai also provided its services in Mexico, Aquador, Gabon, Angola, Kenya, Indonesia, and Singapore.

The price list it presented to potential clients ranged between $1.2 million and $1.6 million for the RogueEye system, $750,000-$1 million for the operation of avatars, and between $30,000 and $70,000 in monthly fees.

Overall, Senpai’s deals since its establishment in 2016 amounted to over $9 million.Officially, Senpai claimed its system only collects publicly available data, but correspondence between Shloman and one of the company’s salesmen, submitted to the court and reviewed by Calcalist, revealed that RogueEye also analyzes data from phones infected by spyware.

The salesman, one Gregory Krasnostein, specifically wrote to Shloman that “Senpai’s system collected the data from the infected phone and is analyzing it.”

But, even Senpai’s officially declared activity of mining data using fake accounts is not free from ethical and legal concerns. “Using avatars to gather information is a very common practice for cyber companies,” an executive from the Israeli cyber industry told Calcalist on condition of anonymity.

“This lets you collect information without having to hack anything and on some websites, for example, online forums, nobody uses their real name anyway,” he added.It being common practice, however, does not necessarily also make it legal.

“This is a complex issue in international law,” the executive said. “Consider, for example, creating a fake user to converse with a hacker and exchange information that I need to defend a client. Is it morally acceptable to negotiate with a criminal, even to exchange information with them? It would appear that the right course of action is to report them to the authorities.”Senpai, like other Israeli cyber companies, chose to sell its services and products to countries that have no diplomatic relations with Israel through conduit companies.

“This is a very common practice for Israeli companies that station most of their workforce outside of Israel,” the executive said. It is important to keep in mind however, he said, that offensive cyber companies must gain an export license from the Israeli Ministry of Defense. He mentioned one well known company that has the ministry’s approval yet sells to Gulf States through its subsidiaries. This means that Israel is either fully aware of its conduct, or that the company is covering its tracks and fooling it using various business entities, he said. “Gulf States on their part also need to cover their tracks when buying Israeli technology,” he added.Another executive at a large cyber company who spoke to Calcalist on condition of anonymity said that more often than not, the client countries are even more reluctant to be associated with an Israeli product. “The offensive cyber industry,” he said, “is, in a way, parallel to the conventional military industry. Spyware may not kill people, but it does give the state a lot of power against its citizens.”As previously mentioned, Senpai is just one of many Israeli cyber companies linked to non-democratic regimes, shady clients, controversial practices, or run-ins with the law. NSO, the developer of spyware Pegasus is perhaps the best known of the bunch. In October, encrypted messaging app WhatsApp and its parent company Facebook filed a lawsuit against NSO alleging the former and its Luxembourg-based affiliate Q Cyber Technologies Ltd. used WhatsApp’s servers to deliver malware to approximately 1,400 devices, to surveil certain users, around 100 of which were human rights activists and journalists.”