Move over NSO: Israeli police is paying private hackers to spy on citizens

The police’s cyber division employs external hackers to collect intelligence on targets. The hackers don’t have security clearance, were not trained as police officers, and are exposed to extremely private and secret information

Tomer Ganon 08:3919.01.22

The security cameras in a business in the center of Israel filmed a serious criminal offense by a senior public figure. Police investigators managed to get their hands on the supposedly incriminating recordings. Charges were pressed. So far this sounds like a standard and successful police investigation. However, this investigation wasn’t actually conducted by police officers. The person who remotely seized control of the security cameras was an Israeli hacker named Elishay Tubul. Tubul is a regular citizen. He’s not a policeman and has no training in the field. That didn’t prevent police from asking him to break into those cameras. And this wasn’t a one-off either. Calcalist reveals that the Israel Police’s SIGINT unit has used over recent years at least three external hackers as paid contractors in order to assist it in gathering intelligence and cracking criminal cases (the SIGINT unit is the one which operates NSO’s Pegasus spyware as revealed in Calcalist on Tuesday).


These hackers, essentially regular citizens, were exposed to top-secret information even though they have no security clearance, weren’t required to sign non-disclosure agreements, and didn’t undergo regular lie detector tests in order to prevent a possible misuse of the information they were exposed to. Frankly, it is unclear how the SIGINT unit could even ensure that these hackers weren’t trading on the side the secret information and the private details they collected for police, or if they weren’t even double agents.


Police chief Kobi Shabtai. Photo: Elad Gershgoren and Shutterstock Police chief Kobi Shabtai. Photo: Elad Gershgoren and Shutterstock


Calcalist has learned that the hackers operated many times in an illegal manner. For example, they broke into private WiFi networks, downloaded recordings from security cameras belonging to private companies, hacked into insurance files, as well as phones which police couldn’t crack with NSO’s Pegasus. These actions took place without any judicial supervision and their outcomes were concealed as confidential. Hackers were paid after providing receipts for their “advisory” services.


Tubul is a 31-year-old immigrant from France who served in the IDF as a lone soldier. Considered to be a computer genius, Tubul was recruited to be a police contractor at the age of 24, one year after being discharged from the military. At the time, he was living in Israel alone, had no apartment or significant possessions and was renting an apartment in Tekoa in the Judaean hills. Police targeted Tubul, who was in financial distress at the time, and he has been their contractor ever since. Police did so even though Tubul was at the time tangled in a legal matter relating to alleged illegal activity relating to his digital expertise. Japanese conglomerate Sony sued Tubul for NIS 100,000 (approximately $32,000) in 2015 for setting up a website named PS3PRIZE in which he offered hacks into Sony’s Playstation console for NIS 70 ($22). Tubul was ultimately ordered by Jerusalem District Court judge Yigal Marzel to pay Sony NIS 15,000 ($4,800) in compensation.


Tubul was recruited to the police by Commander Yosef Kahlon, who headed the technology department in the SIGINT unit. Police used his services frequently, with Tubul, who was paid according to an hourly rate, earning as much as NIS 50,000 ($16,000) in some months. Nevertheless, police didn’t make any special effort to find out how Tubul acquired the sensitive intelligence information and he was even given access to the SIGINT unit’s offices in Jerusalem, being exposed to top-secret information even though he is just a citizen who hasn’t been trained as a policeman.


A source with information regarding Tubul’s activity said that he helped police crack complex cases, including tracking criminal organizations and catching them in the act of a crime. He also helped solve a case in which police were trying to apprehend a man who opened fake profiles on social networks and convinced young women to send him nude videos of themselves. All of this was done without a search or bugging warrant from the courts.


Israel Police said in response to the report: “The claims included in your request are untrue. Israel Police acts according to the authority granted to it by law and when necessary according to court orders and within the rules and regulations set by the responsible bodies. The police’s activity in this sector is under constant supervision and inspection of the Attorney General of Israel and additional external legal entities. Naturally, the police don't intend to comment on the tools they use. Nevertheless, we will continue to act in a determined manner with all the means at our disposal, in the physical and online spaces, to fight crime in general, and organized crime in particular, to protect the safety and property of the public.”