A small Australian company based in Sydney is playing a crucial role in helping spies and law enforcement to break into smartphones and also supplying them zero-day exploits, a report claims.

The website Motherboard, in a wonderfully detailed account, said Azimuth Security, a firm led by security legend Mark Dowd, was supplying its tools to democratic governments around the world. However, the purposes for which the tools were finally used were not always kosher.

Dowd is a former member of IBM's ISS X-Force and was the principal security architect for McAfee. He has found vulnerabilities in software across the spectrum: Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft's SSL implementation, and is the co-author of The Art of Software Security Assessment.

Reporters Joseph Cox and Lorenzo Franceschi-Bicchierai wrote that Azimuth, through a partner firm Linchpin Labs, sold exploits to the the members of the Five Eyes intelligence group – the US, the UK, Canada, Australia and New Zealand. Linchpin was founded by former intelligence officials from the five countries named.

Cox and Franceschi-Bicchierai quoted a source as saying: "Azimuth provides Australia essentially all their offensive cyber capability." The reference was to the Australian Signals Directorate, which they described as Australia's version of the NSA.

The ASD, the UK's Government Communications Headquarters and Canada's communications Security Establishment did not offer comment when a reaction was sought by the website.

Azimuth was said to have had dealings with the FBI, with one source saying that the company had provided an exploit that could be used to break through Tor, the browser that is used for navigating the dark Web.

Six sources said that Azimuth developed zero-day exploits, some of which have been used in cases involving terrorism and also potentially kidnapping or child pornography. On a more mundane level, the company also created such exploits to enable remotely breaking into Android devices and iPhones.

The report said that Azimuth employed some of the best iPhone hackers. Some NSA exploit writers were also hired by the company, according to Motherboard's sources.

It said Azimuth did not make its presence felt at any surveillance conferences as it had connections to the intelligence community through Linchpin.

Citing publicly available business records, the report said that ex-spies Daniel Brooks, Matthew Holland, and Morgan Prior led various branches of Linchpin.

Online contracts showed that Linchpin had provided training to the Australian Federal Police and the Department of Defence.

iTWire has contacted Azimuth for comment.