Felons, Fraudsters Flog Offensive Cybersecurity Startup
IRIS C2, a cybersecurity startup offering up to $7 million for zero-day exploits, is operated by Calvexa Group LLC, a shell company linked to convicted felons Jacob Wohl and Jack Burkman. Wohl and Burkman have extensive histories of legal troubles, including convictions for telecommunications fraud, securities fraud, and orchestrating disinformation campaigns against public figures. Despite lacking formal technical credentials, Wohl claims deep expertise and asserts the company is shifting focus
Analysis
TL;DR
- IRIS C2, a cybersecurity startup offering up to $7 million for zero-day exploits, is operated by Calvexa Group LLC, a shell company linked to convicted felons Jacob Wohl and Jack Burkman.
- Wohl and Burkman have extensive histories of legal troubles, including convictions for telecommunications fraud, securities fraud, and orchestrating disinformation campaigns against public figures.
- Despite lacking formal technical credentials, Wohl claims deep expertise and asserts the company is shifting focus toward selling phone-hacking services to the US government.
- The venture operates with brazen transparency regarding its recruitment and payouts, contrasting sharply with the typically discreet nature of legitimate government cybersecurity contracting.
Why It Matters
This case highlights significant risks in the unregulated gray market for offensive cybersecurity tools, where individuals with criminal backgrounds can attempt to legitimize themselves through high-profile acquisitions of sensitive vulnerabilities. It underscores the vulnerability of government procurement channels to bad actors seeking to exploit national security interests for personal gain or political leverage. For the industry, it serves as a cautionary tale regarding due diligence in vendor selection and the potential for disinformation tactics to infiltrate critical infrastructure sectors.
Technical Details
- Business Model: IRIS C2 aims to recruit "junior engineers with raw talent" regardless of formal education, offering payouts ranging from $10,000 to $7 million for zero-day exploits, primitives, and full capabilities across major platforms.
- Corporate Structure: The entity is registered as Calvexa Group LLC in Virginia, with web properties (irisc2.com, calvexagroup.com) forwarding to each other. It appears on g2exchange.com as a federal contractor but shows no active direct government contracts.
- Operational History: Originally positioned as a penetration testing firm, the company pivoted to selling phone-hacking services. Founder Jacob Wohl claims self-taught technical proficiency despite prior convictions for non-technical crimes.
- Recruitment Strategy: Uses aggressive social media presence on X/Twitter (@C2IRIS) and LinkedIn to attract applicants, emphasizing high IQ and raw talent over traditional industry experience or degrees.
Industry Insight
- Vendor Vetting Urgency: Organizations engaging in government contracting or handling sensitive data must implement rigorous background checks on vendors, particularly those claiming ties to defense or intelligence sectors without verifiable track records.
- Regulatory Gaps: The ease with which individuals with felony records can establish entities capable of soliciting high-value cyber exploits suggests a need for stricter regulatory oversight in the commercial vulnerability market.
- Reputation Management: The cybersecurity community should remain skeptical of entities that prioritize sensationalist recruitment tactics over transparent technical credentials, as these may be fronts for malicious activities or disinformation campaigns.
Disclaimer: The above content is generated by AI and is for reference only.