A secretive world moves from cloak and dagger to the smartphone: Israel’s high-tech and military capabilities have nurtured a cybersecurity industry

June 5, 2013 4:19 pm

A secretive world moves from cloak and dagger to the smartphone

By John Reed

Tech threat: security start-ups have been designing tools to tackle a new era of cybercrime

In the history of the tools of warfare, from the stone age slingshot to the drones and guided weapons of today, the 21st century has produced one of the most effective: the “silent” smartphone.

Terrorists, drug barons or insurgents can pick up a networked mobile phone almost anywhere. If they avoid voice calls – which can be intercepted – and use them just for computing and instant messaging services, they can transact nefarious business with little fear of detection.A three-year-old Israeli start-up, NSO, is selling what it calls “intelligence collection tools” that allow clients tocombat perceived security threats posed by such users of smartphones. Its signature product is software that allows officials to obtain access to encrypted data transmitted via a user’s smartphone, tablet or other mobile device.

“Your smartphone today is the new walkie-talkie,” says Omri Lavie, NSO’s co-founder. “Most of your typical solutions for interception are inadequate, so a new tool had to be built.”

NSO is one of a growing cohort of cybersecuritycompanies in Israel, thought to number in the dozens, that trade in intelligence and security tools designed for a new era of cybercrime, designed to combat things ranging from hacking and phishing attacks on banks and companies to all-out cyberwarfare waged by state or non-state actors.

“There’s a boom here in the IT spectrum in Israel of creating new cybersolutions, whether it’s services, tools or products,” says Tal Pavel, an expert in internet and cyber threats in the Middle East, and chief executive of Middleeasternet, a consultancy that monitors and researches the internet and cyberthreats in the Middle East and the Islamic world.

Nice Systems, one of the best- known, was started by seven former colleagues from the Israel Defence Forces who parlayed their military communications expertise into a business that helps companies sort, analyse and protect data and their operations.

Nyotron, a smaller five-year-old start-up based in Herzliya, is the developer of Paranoid, a cybersecurity product that can kill computer viruses before they do any damage.

NSO, whose clients include foreign intelligence and law enforcement agencies, sits squarely towards the military and government, rather than the private sector, end of the cyber-continuum.

Intertwined and under attack

In few other countries are the defence establishment and IT, security and government sectors so closely intertwined as they are in Israel. Many a tech start-up has its origins in friendships formed or expertise gleaned during military service.

Naftali Bennett, Israel’s economy minister, served in Israel’s elite Sayeret Matkal corps before going into the business world, where he co-founded and later sold Cyota, a company that developed software that protects banks and other organisations against phishing attacks.

The Israel Defence Forces, in addition to its secretive cyberwarfare unit, has a separate communications directorate called C4I, which handles all things cyber-related for the military. At their most basic, these are the prosaic IT functions related to running a large organisation. More complex tasks extend to joining up, interpreting and reacting to different sources of information about, for example, a Qassam homemade rocket launched at Israel from the Gaza Strip.

But while the country prides itself on its technological prowess, this has also made it prime bait for hackers. In April, members of the Anonymous collective vowed to launch “the largest internet battle in the history of mankind”. Many linked the attack to Israel’s policies towards the Palestinian territories, including in Gaza.

Several government andprivate-sector sites were targeted, but the hackers by all accounts did not succeed in their quest to “wipe Israel off the internet”.

Israel’s prowess in all things cyber is well documented, if obscure in places: the country is widely held to have masterminded the Stuxnet computer worm that sowedchaos in Iran’s nuclear programme in 2010 , even if the Israeli government never admitted as much. Experts within Israel describe the country as one of five “cybersuperpowers” whose technological capabilities include the ability to crack open communications transmitted over mobile phones. (The other four such powers are said to be the US, the UK, Russia and China.)

NSO might be described as a cyberwarfare company – except that Mr Lavie says not to use the word in connection with it. Yair Pecht, NSO’s chief executive, agrees: “It’s not the right word,” he says.

They are speaking in the offices of a Tel Aviv public relations agency, rather than their head office in nearby Herzliya, and they both decline to be photographed. Nor will they be drawn on how their product works technologically, a matter Mr Lavie says is a “little sensitive”.

Even sharing a few illustrative stories about clients, with their nationalities omitted to help obscure their identity, is considered risky. “I don’t want to be beheaded,” Mr Lavie jokes.

Instead, he says that marketing to foreign governments is a “very fine art”. Companies in the emerging cyberwarfare field cannot just go to trade fairs or rely on publicity and hope customers will come. Like conventional defence companies, they rely largely on private agencies that transact business for products on commission.

If the company is secretive itself, its clients also keep it out of the loop on much of their own business. “In some countries we’re not even allowed to know where the building is, where [the product] will be installed,” says Mr Lavie. “Not only are we not allowed in the building, we don’t even know where the building is – it could be in another city.”

NSO emphasises that its business with foreign governments and government agencies is subject to approval from Israel’s defence ministry, which screens and monitors them before giving the green light. NSO will not say who its clients are, but its executives have visited about 35 countries over the past 18 months, they say.

At the same time, Mr Lavie acknowledges that NSO’s signature product is an offensive, as opposed to a passive, cybertool. “It’s like laying a trap in the forest versus setting a sniper gun for a bear,” he says. “If you’re laying a trap, you’re hoping for your bear to wander out but if you’re sitting in a bush waiting for a specific bear, once you see it you can actually act on it.”

Like Israel’s other companies that produce more conventional IT products, NSO got its start from the meshing of military and high-technology capabilities that have led some to term the country the “start-up nation”.

The company got its start in late 2010, funded with $1.6m from private angel investors. Mr Lavie and his partner, Shalev Houlio, were serial entrepreneurs who had previously started Communitake, a company that allows telecoms groups’ help desks to gain remote access to customers’ mobile devices.

“We were approached several times by intelligence agencies and asked, ‘Can you do it without [the user’s] permission?’” Mr Lavie recalls. “So we lied and we said, ‘Sure’. We didn’t understand at the time that this was considered one of the holy grails of the industry.”

The company recruited Mr Pecht, who served in the IDF’s elite Mamram computer unit before working for IBM, EDS and Alcatel-Lucent in Israel. Its partners raised more money from Aeromatics, a defence group that manufactures drones, then had the luck to buy out the investor just as it was making its first sale to an unnamed foreign government.

As an unlisted company, NSO does not report its earnings, but Mr Lavie describes it as “massively profitable”. As for the unlikelihood of such companies listing, he notes: “One of my advantages [in not being listed] is that the things that are secret remain secret.”

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: