Desert Storm: Former Israeli defense officials' Persian Gulf entanglement

Court filings in a business dispute expose attempts to sell unauthorized cyber tools to a country Israel has no official ties with

Tomer Gonen and Hagar Ravet 15:4517.09.20
The peace agreements signed on Tuesday between Israel and the UAE and Bahrain promise Israelis an exotic new destination for business and tourism. However, hours after the announcement came out last month regarding the “Abraham Accords,” as the agreement with the UAE was dubbed, accounts began emerging of Israeli tech and cyber companies who had already signed contracts with the Muslim state years ago, under strict confidentiality. As long as those contracts were signed with representatives of states that are considered moderate and tolerant towards Israel, such as the UAE, we could all sleep easily. However, that was not always the case.


Former senior officials from the Israeli defense sector attest that the Israeli government and the defense establishment either didn’t know about, or chose to ignore, the fact that for many years, Israeli companies had been doing business with other Persian Gulf states with whom Israel does not have diplomatic ties, and likely won’t have any in the future due to their alliances with enemy states like Iran, or an ideological affinity to it as it relates to the Israel-Palestinian conflict.


Pini Meidan Shani (left) Yoav Mordechai, and Dror Mor. Photo: Yair Sagi, Amit Shaal Pini Meidan Shani (left) Yoav Mordechai, and Dror Mor. Photo: Yair Sagi, Amit Shaal

A legal dispute that erupted between three companies in July, some of its details being revealed here for the first time, exposes the involvement of Israelis— all former senior officials in Israel’s defense establishment— in providing physical and cyber protection for a major civilian infrastructure project with a Gulf state with whom Israel does not have diplomatic relations. The details of the affair were initially placed under an extensive gag order by the Tel Aviv District Court at the request of the involved companies. Following a petition by Calcalist, filed by Attorney Yaron Hanin from the Lieblich-Moser law firm, judge Hanna Plinner recently reduced the scope of the gag order so that only the name of the county and the project itself remain undisclosable.


The documents that were approved for publication expose serious allegations regarding an attempt to export proprietary offensive cyber capabilities without receiving the required permit from the Ministry of Defense. Though the claims were later denied by the parties, they reflect the dangerous side of the “business paradise” in the Persian Gulf, which may be used as a honey trap for the extraction of highly sensitive security capabilities from Israel.


The contractor, the middleman, and the front


The ordeal began two years ago, when three companies founded by retired senior officials from the Israel Defense Forces, the Mossad, and the Israel Security Agency (the Shin Bet) signed contracts worth millions of Euros to function as the “Red Team” —reviewing and testing the defensive measures — in the large civilian infrastructure project being carried out by the Gulf state.


The first company is Sdema Group Ltd., which was founded by former senior Shin Bet officials Dror Mor, Shlomo Harnoy, and Dan Vesely, all of whom have ties with various Israeli prime ministers. Sdema offers consultancy services in the field of physical security (testing the protections of facilities under threat of terror attacks such as car bombings, shooting attacks, terrorist infiltrations, and more) as well as in the field of cyber protection—identifying network and server vulnerabilities to prevent cyberattacks that could steal data or shut down the target’s network. Sdema was brought on as a service provider for the Gulf state.


Since the said country does not have diplomatic ties with Israel, another company, The Novard Group, was brought in as an intermediate connecting the contractor, Sdema to the client state. Novard was founded about two years ago by Maj. Gen. (Ret.) Yoav “Poli” Mordechai, who in the past served as the IDF spokesman and Coordinator of Government Activities in the Territories (COGAT) and former senior Mossad official Shaun Bouter. The two decided to leverage the contacts and experiences they accumulated during their time in service to offer consultancy and business development services and to “bridge the gap between global businesses and the Middle East,” as their website claims.



Absent diplomatic relations, collaborations between Israeli companies, and the unnamed Gulf state are forbidden and a third company was needed to operate as Novard’s “front,” a foreign-owned company that could sign for the work that Sdema carried out in practice. The company recruited to the role was Legacy Technologies, a German company owned in part by Israeli citizens Gil Birger and Pini Meidan Shani. Birger served in the past as Economic & Trade Officer for the Israeli Embassy in Washington, DC, while Meidan Shani is a former Mossad official who served as Foreign Policy Advisor to then Prime Minister Ehud Barak.


In an interview to Calcalist last month, following the announcement of the nearing peace agreement with UAE, Meidan said he had been active in the Persian Gulf since 2012. Nowadays, he represents “various cybersecurity companies” in the region as well as “major Israeli defense industries, alongside other partners.” When asked in this interview about the need to receive permission from the Ministry of Defense’s Defense Export Controls Agency to export cyber capabilities to the UAE, Meidan said “Israeli companies long ago reached agreements that enabled this cooperation. In light of the joint interests, common threats, and shared economic motivations, very intensive activity began to take place."


Legacy Technologies is itself a cyber company that operates a system called NEO, which is described in its corporate website as being able to offer “continuous analysis of found assets for security-related IT problems ranging from human errors and misconfigurations to known vulnerabilities which have real security impact.” However, according to Sdema, Legacy’s role in the project was just a cover. “Legacy operated under orders from Novard, in part to hide its Israeli identity,” the lawsuit claimed. Sdema’s lawsuit, seeking an undisclosed sum, was filed over its replacement in the project, which it claims was because it refused to provide the Gulf state with technological know-how it wasn’t allowed to. The lawsuit concluded with a cash settlement of an undisclosed amount.


Who wants to sell state secrets?


Two different contracts were signed in regards to the Gulf state’s civilian infrastructure project. The first, in 2018, during the security preparation stage, between Legacy and the government, and the second in August 2019, between Legacy and Sdema. According to the lawsuit, “Sdema accepted the offer after receiving the required permits from the Defense Export Controls Agency.”


Sdema, it was claimed, began preparations for the execution of physical and cybersecurity tests on the project, only then its alarm bells went off and it claims it was ejected from the project, which in turn led it to file the lawsuit, to which it attached Mor’s deposition. “We began to suspect that contrary to the services that were stipulated in the contract, the Gulf state was not asking only for defensive cyber solutions, but also for offensive capabilities and know-how,” Mor wrote.


The Tel Aviv Distrct Court. The Tel Aviv Distrct Court.

Offensive cyber is a whole different ball game compared to defensive cyber and includes a wide range of operations and capabilities, ranging from viruses that can cause indescribable damage to spyware and tracking software used to gather intelligence. Various international accords define such offensive tools as weapons, requiring that they meet the same export regulations.


In December 2019 the sides met and Sdema proposed to provide the Gulf state with “Alternative solutions that meet the legal requirements and due caution.” But that didn’t help. “Surprisingly,” Mor wrote, “in March 2020, for reasons that Sdema could not understand, the Gulf state suddenly ‘reversed its course’ along with Novard and Legacy. The companies demanded that Sdema immediately hand over to the Gulf state a document containing the sensitive offensive cyber capabilities and know-how. When Sdema refused, Legacy notified Sdema that the contract was canceled.”


According to Mor, Novard and Legacy were in an uproar over Sdema’s refusal and “claimed that it was causing a fuss over nothing.” Both Novard and Legacy vehemently deny the claims (see reactions at the end of this article). A short time after filing the lawsuit the three companies notified the court that they had turned to arbitration and reached an agreement that included monetary compensation for Sdema.


Following the ordeal, Sdema backed away from its claims, and its representative, Dan Vesely, said at a court hearing on Calcalist’s request to lift the gag order that “the claims regarding offensive cyber are no longer relevant and has been removed after I have been presented with the documents and the facts.”


Was there an attempt to export offensive cyber capabilities from Israel under a civilian contract? Based on the documents approved for publication, the answer is inconclusive. On the one hand, there is a court deposition, a legally binding document, in which Sdema’s CEO swore to tell the truth. In it, Mor claims there was an attempt to extract offensive cyber know-how from his company. On the other hand, Sdema backed down from its claims, but only after the petition to remove the gag order was filed and after a cash settlement between Sdema and Novard was completed, and it was a different representative of the company— Vesley, not Mor who had originally signed the deposition— who attended the hearing and stated that only in retrospect, after being presented with explanations and documents, was the claim no longer relevant.


When asked for comment, Novard responded with the following statement: “Novard solely operates in the fields of technology, civil infrastructure, and investments. The company has never and currently does not operate in the field of offensive cyber. The quotes were taken from claims raised by Sdema in a purely commercial dispute, claims that it backed off from shortly afterward, including in a clear statement to the court. There are currently no legal proceedings between the sides.”


Legacy wrote that: “Legacy is a foreign company that acts in accordance with the law and its managers deny outright all claims made in the article.”


Shlomo Harnoy said he sold his shares in the company in 2019 (prior to the time the deal with the gulf state was signed).