The rotten oranges of Israeli cybersecurity
Most Israeli cybersecurity companies develop decent and kosher defensive products, but alongside them, a different cyber industry, one that prefers to remain in the shadows, has been allowed to blossom uninterruptedly. The Defense Export Control Authority at the Ministry of Defence continually protects these companies in court and refuses to reveal its decision-making process
Israel offers a unique training course for tech entrepreneurs and developers, which starts at the elite military units. And no units are more elite than the different cyber units, whose graduates (a vast majority of which are still men) are snapped up by the leading companies or found their own companies. This has turned Israeli cyber into a world leader, so much so that over 40% of investments in the sector globally in 2020 went to Israeli companies and entrepreneurs.
It should be said that most Israeli cybersecurity companies develop decent and kosher products. Starting from industry veteran Check Point through to SentinelOne, which recently went public, unicorns of the likes of Wiz, Cybereason and Orca, and hundreds of small startups that specialize in specific sectors. But alongside these companies, there is another cyber industry blossoming in Israel for years, one that is more comfortable remaining in the shadows. At Calcalist we have been following NSO's activity for nine years, from exposing its questionable sales in Mexico through to its practices of using equally questionable intermediaries throughout the years.
Over time, other companies, small and less famous, have popped up on our radar. Israel's Senpai, for example, assisted Malaysia's allegedly corrupt Prime Minister to track opposition activists, and just last week we reported on Tel-Aviv based Candiru, whose spyware was used to spy on more than 100 human rights activists, regime opponents, journalists, and scholars, some of them in our own backyard, according to a joint study by Microsoft and the University of Toronto’s Citizen Lab.
These cases are the ugly side of Israeli cyber, but they are not negligible. Over the past weekend, Ronen Bergman revealed in the New York Times that the Israeli government encouraged these companies to sell services to Saudi Arabia, a country that is far from being a functioning democracy and whose ruler's involvement in the murder of journalist Jamal Khashoggi has been verified by intelligence agencies across the world.
Concurrently, the Defense Export Control Authority at the Ministry of Defence, which is responsible for overseeing cyber, continues to protect these companies in the courts every time they face a lawsuit and refuses to reveal why and according to which considerations it makes its decisions regarding who will receive an export license and who won't.
In many cases, the Israeli security services are among the loyal clients of these companies, as was revealed in Calcalist three years ago when the name of the specific company wasn't even approved for publication.
The Israeli offensive cyber industry generates hundreds of millions of dollars a year and employs many hundreds of employees. Over the years it was the open secret of local tech, but following arduous journalistic work by dozens of journalists across the world and in Israel, this secret has been exposed. Beyond the morel question, we also may be close to the point in which the damage caused to Israel's image outweighs the benefits produced by this industry. Hopefully, these journalistic revelations will not only make it more difficult for the companies themselves, but will also result in the rethinking of the secret and automatic support they are offered by Israeli governments.