Hacker's price list exposed: €35,000 for server breach, €45,000 for WhatsApp
Hacker's price list exposed: €35,000 for server breach, €45,000 for WhatsApp
Recordings heard by Calcalist reveal that as part of a high-stakes legal battle, the right-hand man of Ofer Baazov, an Israeli־Canadian sued by his former partners, hired a hacker to gain unauthorized access to phones and computer servers. The scheme was revealed, as was the hacker's price list, after the latter switched sides.
How far would litigants go to influence a trial? Turns out exceptionally far. Audio recordings, videos, and testimonies received by Calcalist reveal a startling story about the alleged hiring of hackers and shadow operatives to breach the cell phones and computer servers of opposing parties during a trial.
The backdrop to this scandal is an ongoing lawsuit in the Tel Aviv District Court, which was first exposed in the Calcalist supplement of February 2022. The case revolves around accusations of a massive global smear campaign, which allegedly involved thousands of files obtained from hacked cell phones and computers. The campaign also included threats, harassment, the creation of fake websites, and the dissemination of hundreds of false smear videos on social media.
According to the lawsuit, Ofer (Josh) Baazov is behind this scheme. Baazov, who resides in Canada, holds Israeli citizenship and is involved in Israeli technology companies. His co-defendants are Revaz Magrelishvili, an Israeli living abroad, and Avraham Ben Elisha (Albert Elishkov), who recently resumed residency in Israel.
Baazov and his younger brother David previously controlled PokerStars, the world's largest online gambling website. They were known as the "Kings of Poker" until they were ousted from the company due to criminal issues. However, Baazov's involvement in gambling and gaming did not end there. In 2019, he and his associates invested in a Cypriot venture called BeFree alongside the three founders and managers of the Belarusian software company SoftSwiss: Ivan Montik, Dzmitry Yaikau, and Pavel Kashuba, as well as a Jewish-Russian partner, Roland Isaev.
A severe financial dispute eventually erupted between the parties. It soon escalated into what the lawsuit describes as a relentless "criminal smear campaign" against their opponents, employing any means necessary, including blatant legal violations. According to the lawsuit, the campaign involved disseminating approximately 1,000 anonymous videos on the Internet and using materials allegedly obtained through cyber-hacking of phones. The videos, some of which pretended to be newscasts or investigative programs, accused the three SoftSwiss founders of cheating, fraud, money laundering, and theft. The videos also claimed that their partner, Isaev, was involved in the assassination of a Bulgarian journalist. Over 300 websites carried these stories, and the videos and links were distributed directly to SoftSwiss employees, who received threatening messages to further amplify the damage. Some of the threats were signed "The Israeli Intelligence" or impersonated a well-known Israeli cybersecurity company.
In June 2023, after two key witnesses testified about Baazov's role in the defamation campaign, Judge Yaakov Shaked ruled that the NIS 10.6 million lawsuit should proceed in Israel, despite most parties not residing in the country. "This is not a vexatious claim or an idle claim," stated the judge, noting that the defendants had not suggested an alternative forum outside Israel for handling the case.
"They started launching attacks"
Baazov and his associates have filed statements of defense denying the claims. They attribute the accusations to attempts by the Belarusians to "intimidate" them and argue that they are the victims of a "border-crossing persecution and defamation campaign" following alleged fraud by the plaintiffs, whom Isaev employed as "puppets on a string."
Baazov and his associates have also filed a NIS 92.6 million counterclaim concerning a "serious and fraudulent collusion" and "sophisticated sting operation" related to their joint investment in BeFree, along with additional allegations of initiating defamatory publications on the Internet. A counterclaim is expected to be filed soon.
Attorneys Yaakov Enoch, Natalie Ziss, and Moshe Brenner from the Firon Law Office represent the Belarusian plaintiffs, while Attorneys Yotam Blaushild and Amit Gelbart from Herzog Fox Neeman represent Baazov and his two associates.
While the mutual lawsuits are being heard in the Tel Aviv District Court, the parties have not been idle. They have engaged in "espionage" and "counterintelligence" operations. Recently, an Israeli named Sagi Lahmi, Baazov's right-hand man, hired a Jewish-Russian hacker to access the phones and computer servers of the plaintiffs and others involved in the case to obtain material that could be used during the trial.
Lahmi's name had already surfaced in testimony as someone involved in paid dirty work for Baazov as part of the smear campaign. Gabi Alon, an Israeli cyber and security consultant hired by the Belarusians to trace the source of the defamatory videos and counter new hacking attempts, exposed Lahmi’s activities.
"In recent months, we discovered that Sagi hired people to track the plaintiffs and me, and they started launching attacks on phones and computers," Alon said in an interview with Calcalist this week. "The goal was to gather data, likely for use as a means of extortion and to influence the trial. That’s how we found the hacker and followed him to Cyprus, where he was meeting with Sagi."
At a meeting in a restaurant in Larnaca, Alon and his team were tracking the hacker until Alon decided to confront them. In the video, Sagi appears stressed and quickly leaves. "After the hacker realized we were on to him, he agreed to cooperate and provided us with recordings of his conversations with Sagi, which he had likely recorded as insurance for his payment, and revealed the entire plan," Alon said.
The Belarusians have obtained dozens of recorded conversations between the hacker and Lahmi (and in at least one instance, Baazov himself), discussing the planning and execution of illegal hacking into computers, emails, and applications (WhatsApp, Telegram, Signal) on the mobile phones of Baazov's opponents. The hacker acknowledged in these conversations that the activities were "criminal and dangerous."
In the recordings, Lahmi explained his collaboration with Baazov. "He's been my partner for 15 years. He is like a brother... a righteous man. A good person." He also discussed how this dirty mission related to the "trial in Israel" involving Baazov.
Turning the phone into a mirror
The recordings detail the hacking plan and how the hacker and his team executed it. Lahmi and the hacker discussed various attack methods that could turn a mobile phone into a "mirror"—a form of "replication" where the phone's content becomes "transparent" to the intruder while remaining nearby—and how to penetrate servers and extract data.
In the conversations, the hacker asked for tens of thousands of euros for each hack and established a "price list" for each target based on the type of hack and amount of data extracted. They negotiated the payment Lahmi would make. "I'll give you 70,000 euros for two [people]," Lahmi offered in one conversation. "I want a mirror on Kashuba; it would require three months of mirroring... and Alon only has his WhatsApp and Signal... I want all the data... when everything is good, I'll give you a good tip, seriously. You know me."
The hacker responded that the costs would be higher: 85,000 euros to hack Kashuba—"The server is 35,000, WhatsApp, Telegram, and Signal - 45,000, and hacking Alon will cost 38,000 euros."
The hacker explained to Lahmi that he would send a link to "infect" Alon's phone. "He will catch our virus, allowing us to access it as well."
Later, the hacker informed Lahmi about the breach of Alon's phone: "We see two WhatsApps on one phone. Tonight, we’ll take his Israeli number, and by morning, I’ll have everything." Lahmi asked, "And also the American number?"; the hacker replied, "Yes, look, today, within 4-5 hours, we will launch an attack on Alon... as soon as we get everything, we’ll have the second WhatsApp."
In another conversation, Lahmi asked the hacker to obtain email correspondence from the plaintiffs by hacking Kashuba. "There is a lot there," said the hacker. Lahmi: "Will I have all of that?" The hacker: "Yes, sure. You’ll see, you can open it and look." Lahmi: "Get everything on the server because I paid a lot of money."
They also discussed how the hacker intercepted information from Isaev’s cell phone while he was in Dubai. The hacker initially said, "Kashuba is extremely protected," but later updated, "We already got it too, we took everything, Sagi, everything is in our hands." He later told Lahmi, "We took the WhatsApp. It’s working. Kashuba is in our hands." Lahmi asked, "Just WhatsApp?" The hacker responded, "WhatsApp, and now we are working on Telegram and Signal."
Additionally, in a conversation that included Baazov, he told Lahmi he would pay the hacker 25,000 euros in Israel for the work on Isaev.
A few weeks ago, Lahmi and the hacker arranged to meet in Cyprus to conduct an espionage operation against targets there and transfer the obtained information. "First, I’ll show you Roland, then Cyprus, then Bulbul (their nickname for Alon—AK), and finally, Kashuba," said the hacker, emphasizing that "mirroring is a criminal activity." He added, "We shouldn’t stay here long. We did the work and we’re leaving." Lahmi asked, "Bring me the data on a computer... I need the history in my hand. I paid extra for the mirroring." He also mentioned he was willing to pay for someone to stay in Cyprus and gradually send him the information from the phone "mirroring." The Belarusians' attorneys may submit these recordings to the court as part of the ongoing proceedings.
Attorney Yotam Blaushild, representing Baazov, Magrelishvili, and Ben Elisha, commented: "The dispute between my clients and Roland Isaev and his junior partners, Montik, Kashuba, and Yaikau, is pending in court, with all that this entails. The details will become evident in court, and my client does not intend to handle the conflict through the media.
"Nevertheless, it should be emphasized that the real issue at the heart of the conflict is the wrongful dispossession of my clients from their holdings in a joint venture established in 2019. My clients have filed a NIS 93 million lawsuit for conspiracy, fraud, deception, and the Internet smear campaign against them. The attempt to portray Isaev and his accomplices as 'victims' is absurd, especially when even a witness on their behalf testified that they offered to pay my client US$18 million.
"Unfortunately, the opposing side continues to threaten and intimidate my clients using underhanded tactics and making exaggerated claims in the press, which will not deter my clients from pursuing their claim in court."
Sagi Lahmi declined to respond to Calcalist's attempts to reach him.