HAARETZ
Headhunters and American Money Are Luring Israeli Hackers to New Cyber Firm
The recruitment ad was posted about two months ago in Hebrew on the LinkedIn page of the main headhunter for Israeli hackers. The job: A senior vulnerability researcher - an industry term for a hacker who can find loopholes in the defense mechanisms of different technological systems. The location: Spain. The employer: A new “Israeli-American startup” that is currently operating “under the radar,” as the ad put it.
The pay, Haaretz has confirmed, is double that being paid by Israeli firms active in the already lucrative offensive cyber market. Applicants who get the job also get a fully-funded relocation for them and their family from Israel to Barcelona.
'Israel’s settlers don’t just have supporters in the government. They are the government'
0:00
-- : --
The ad doesn’t mention any name, but Haaretz can confirm the firm behind it is Defense Prime, a new cyber company founded by Israelis expats living in the U.S. It’s registered in the U.S. and its nascent operations are being conducted under U.S. law and regulations - all the while trying to entice Israelis to abandon their work at firms like NSO and opt to work in, or at least with, America.
Haaretz has learned that in recent months at least four senior hackers have left their jobs in Israel, Israeli-owned companies, or even the Israeli defense establishment to join the new firm. Two of those senior researchers actually left two local cyber arms firms, which also lost an operation security expert who also recently joined Defense Prime. One of the other senior hackers came from an Israeli-owned firm in Singapore, and another was actually poached from within an Israeli defense body. According to one of a number of sources who spoke to Haaretz for this report, the researcher was considered a massive talent and his departure to the new firm is seen as a potential blow to the Israeli state’s cyber capabilities.
It’s not just talent: Per sources, the firm also had talks about the possibility of purchasing assets from Quadream, an offensive Israeli cyber firm that shut shop recently. It was the latest in a string of similar companies shuttering operations after the crunch in the controversial field, now at the heart of a crisis between Israel and the U.S., and their respective defense establishments. Unlike hiring hackers, the sale of any technology from a firm like Qaudream, which specialized in hacking iPhones, requires authorization from Israel’s Defense Ministry.
Spyware crisis
He’s also not alone: In the past two years, since the crisis between Israel and the U.S. erupted over a string of revelations regarding misuse of NSO’s Pegasus spyware, dozens of Israeli hackers and others employed in offensive cyber have left to work abroad. Some have left to work for other Israelis already operating outside of the country and its oversight mechanisms. Others are joining foreign firms based either in Europe or in the U.S. - firms that sources say also enjoy the support of their local, non-Israeli intelligence bodies. They note the rise in Italian and Spanish firms specifically, but they’re mostly firms backed by the American defense establishment and intelligence community.
Defense Prime is but the newest and loudest of what sources say is a new crop of non-Israeli cyber firms currently on the ascent and taking a bite out of their Israeli competitors’ talent and market share. According to sources and an investigation by Haaretz, the firm joins a growing list of new or existing ones that have significantly expanded their operations over the past two years, in tandem with the attempts to rein in the Israeli cyber industry and stop the proliferation of commercial spyware.
In Europe, sources note existing firms like Memento Labs or Data Flow in Italy, Interrupt Labs in the U.K., and Varistone in Spain as having grown over the past 18 months - also with the help of Israeli talent. There are also new firms, especially in the U.S., which have emerged in tandem with U.S. pressure on Israel in the wake of the NSO affair.
Eqlipse Technologies, for example, was set up last year to offer what it termed “full-spectrum cyber and signals intelligence (‘SIGINT’)” capabilities for “key national security customers within the Department of Defense and Intelligence Community,” according to a press release by Arlington Capital, which is backing the company. “Full spectrum cyber” is an industry euphemism for both defensive and offensive capabilities. Eqlipse, despite its young age, already has over 600 workers and $200 million in annual revenue.
Another firm, Siege, also American, was set up in 2019 but has upped its operations in the past two years. It focuses exclusively on “providing mission critical offensive and defensive cyber capabilities to the U.S. Government,” according to its website.
According to sources, these firms and their public announcements - rare in the secretive world of cyber intelligence - are part of a wider trend: American firms and funders believe that alongside the public criticism of offensive cyber, the U.S. defense establishment and White House are interested in fostering their own industry - and are willing to pay for it.
Netanyahu's darling
Israel’s offensive cyber market - once the darling of Prime Minister Benjamin Netanyahu and the Israeli defense establishment - is in the midst of the worst crisis since its establishment, sources say.
After years of “cyber diplomacy” - a policy spearheaded by Netanyahu in which Israel uses the sale of cyber arms to warm diplomatic relations with countries historically hostile to it - Israel made an about-face. Long gone, sources say, are the days when the Defense Ministry would permit the sale of military-grade spyware to countries like Rwanda or Saudi Arabia.
The reason: The Project Pegasus investigation, in which Haaretz was also a partner, revealed misuse of the spyware by NSO’s state clients across the world; and the revelation that Uganda used the spyware to hack the phones of U.S. State Department officials in Africa. The latter caused a diplomatic crisis between Washington and Jerusalem, with the White House urging Israel to curb its cyber firms. The decision to add NSO and Candiru, another Israeli cyber firm, to a U.S. Commerce Department blacklist indicated to Israel that the Americans meant business.
In response, Israel reversed its policy. It leaked to the media a truncated list of nations to which cyber firms could now sell their wares, which now includes almost only Western states.
The result, sources say, was that all the smaller firms that grew in the shadow of NSO and were selling spyware to non-Western countries lost their ability to do business almost overnight. Over the past 18 months, most firms were unable to obtain a license to complete even one new deal; in some cases, existing deals were also killed.
In response, more and more firms began either shutting down or pulling out of the offensive market, focusing instead on less intrusive forms of “passive” surveillance, which is not as strictly regulated. One example was Cognyte shutting down Ace Labs, its phone-hacking subsidiary. Though market leaders NSO and Paragon - which focuses almost exclusively on Western markets and has managed to keep its reputation untarnished - are continuing operations, they are also struggling. Others, like Nemesis, Wintego, Kela, Magen, and Quadream have folded altogether, according to sources; or at least said they have shut down and shifted their operations abroad or rebranded them.
- Israel invested in spyware that brought down Greek spymaster
- State Prosecutor to look into illegal spyware deployed by Israel Police in convictions
- FARA disclosures reveal how blacklisted NSO is lobbying Biden admin and Congress
Senior industry sources have spent the last year warning that the new Israeli policy of appeasing the Americans would backfire. They argue that loss of talent and damage to the industry will also harm Israel’s defense establishment and may even cause Israel to lose its edge in military cyber space. Without the ability to retain top-tier talent within Israel, these hackers will no longer be available to serve in units like 8200 - where those working abroad cannot always return for reserve duty due to secrecy concerns.
“When people like that work abroad they are not just outside of the Israeli ecosystem, they are also now within a new one and these countries are benefiting from that,” one industry source says. “It doesn’t just make Israel weaker, it also makes the Europeans and the Americans - and who knows else - stronger.”
According to industry sources, American pressure on Israel is not just the result of human rights concerns, but also part of what they see as a broader policy to weaken Israel’s cyber industry and strengthen America’s at its expense. As an example, they point to the attempt by L3Harris, a giant American technological defense contractor, to buy NSO after it had been blacklisted. The deal didn’t go through due to objections by Israeli officials, but it did enjoy the support of the American defense establishment and was meant to see NSO removed from the blacklist, it was suggested at the time.
Reports have also revealed that American defense bodies had themselves purchased a version of Pegasus, going so far as to gift it to Djibouti as part of American support for the country. The White House’s executive order banning American bodies from using spyware like Pegasus, experts noted at the time, was worded in a way to allow America to keep producing, selling and even using such technologies themselves.
Cyber-military-industrial complex
L3Harris is actually one of a handful of American defense contractors that have their own offensive cyber units, and sources say that this is the real backdrop to the rise of firms like Defense Prime.
Defense Prime’s origins can be traced back to an American venture capital fund and the two Israeli entrepreneurs - one of them an alum of Israel’s defense apparatus. The fund itself is not connected to the new firm, but the latter was born out of an earlier attempt by the VC to enter the cyber market, backed with a roster of senior intelligence and defense officials. Those ranged from former U.S. National Security Agency chief Keith Alexander, a retired four-star general, to officials from Israel’s military intelligence Unit 8200 and the Mossad, as well as from German intelligence. As noted, the fund is not involved in the new firm, and it’s unclear how many of those officials, if any, left the VC and got involved in the project.
Meanwhile, firms like L3Harris and Raytheon, an examination by Haaretz found, are all actively recruiting for positions with clearly offensive capabilities. From “exploit researcher” to those with expertise in iOs or Android research or forensics, workers are being sought by the American defense contractors, both of which also have contracts with U.S. bodies for different forms of cyber. So does General Dynamics - one of the five biggest defense contractors in America.
CACI, another American contractor focused on homeland security and drones, also boasts “offensive cyber capabilities against adversarial platforms.” The firm is currently seeking someone with expertise in “computer forensics/mobile device forensics… reverse engineering intrusion analysis and methodologies, intelligence analysis, and vulnerability assessments.” Leidos and another firm called ManTech are also increasingly active in this space, according to sources and job postings. Together, these firms allow America to enjoy its own booming military cyber industry.
The Italian firm Data Flow provides a good example of the trend. It deals directly with exploits (not spyware) and recently decided to open up shop in the U.S. in a sign of the American market’s new centrality. The firm, which, per its website, is currently recruiting an iPhone and Android exploit researcher, also has a senior Israeli that left a similar role in an Israeli company last year.
This is not the first time big money has tried to lure away Israeli talent. However, sources say that when the UAE-backed firm Dark Matter tried to lure Israeli and American hackers with massive paychecks (rumored to be up to $1 million a year), the U.S. and Israeli defense establishments could sound the alarm. When American and European firms do the same, sources lament, Israel is helpless. This is because for years, Israel has avoided enforcing its defense export laws against people and technical capabilities - focusing instead only on regulating the sale of defensive or military technologies.
“We’re not North Korea, you can’t tell people where to live and with whom to work,” says a senior industry official who has lost staff in recent months. “If someone prefers to live and work in Washington or Spain - that’s their right.”
Sources from the different firms say that with the crunch - and with the political climate in Israel pushing many Israelis to contemplate leaving the country - they are struggling to retain talent. Alongside the threat from America, they also note that Israeli firms that have long operated outside of Israel are also reaping the benefits - and not just in terms of talent.
As an example, they cite the firm Intellexa, which is owned and run by two former senior Israeli intelligence commanders and was involved in a string of controversies in the past year. It has won a number of lucrative contracts that Israeli firms were forced to turn down over regulatory and human rights concerns. They also note two new cyber firms in Singapore linked to Rami Ben Efraim, former senior Israeli air force commander who served as a military attaché to the South East Asian country and is now in the private sector.
“Israel and Israeli firms could always compete with those trying to operate behind the Israeli Defense Ministry's back and outside of its regulatory purview,” said a source. “But that was when the local industry was alive and kicking - and that’s just no longer true.”
Defense Prime and Israel’s Defense Ministry did not respond to this report.
Geen opmerkingen:
Een reactie posten
Opmerking: Alleen leden van deze blog kunnen een reactie posten.