Reformed hacker and serial entrepreneur David Allouch - who has already sold Infolink and Netect - has now founded AppliCure Technologies, which develops security solutions for Web environments. This new startup is reminiscent of the giddy garage days of startups - six people with computers crowded into a small trailer, working diligently and waiting for their big breakthrough.
Allouch, 32, a native of France who came to Israel at 18 to pursue the Zionist dream, wears a skullcap and practices "free-style" religious Judaism (his definition). The other team members at AppliCure also share his world view. CEO Moshe Basol came to Israel from Syria as a child, after the Mossad helped his family escape, and the other employees are also immigrants who came here for Zionist reasons.
AppliCure, whose software is designed to protect organizations against hackers, is being financed by Allouch from his profits from the sale of his previous companies. Netect, which Allouch sold to an American company, BindView, for $35 million, is currently trading on the Nasdaq exchange at a market value of $136 million.
AppliCure's security solutions protect the Internet requests received by an organization's internal programs after the requests have passed the firewall screening stage. This is a relatively new field currently considered the hottest area in the information security world - the safeguarding of Web applications. Several other Israeli startups are also working in this field.
Allouch, AppliCure's chief technology officer, knows more than a thing or two about information security. For many years he was better known by his hacker alias, Jimbo, and was an expert at breaking into computer networks. He could have continued to earn a living from companies that hired him to find the weak points in their security systems - but the entrepreneurial fire still burned in him and he decided instead to found AppliCure.
Junior computer whiz
By the age of seven, Allouch was already recognized as a computer whiz and was one of the first 500 children to enroll in a special project initiated in the 1980s by French president Francois Mitterrand to promote the computer industry in France. It was at the computer project's learning center that Allouch first learned about breaking into computers. After the first group of students completed the course, however, the program was discontinued.
"They (the program's organizers) lost control over us," relates Allouch. "We were kids who discovered the joy of computers and hacking into them, and we did foolish things. In those days no computer or communications system was protected; we hacked into the computers at government ministries and banks, had fun disrupting the traffic light systems in cities, deleted the anti-copying protection on computer games and distributed them for free. We did it out of curiosity and idealism, not because we wanted to steal."
When Allouch was 16, the French police had already begun to arrest members of his group. They offered the youngsters three options: stay away from computers, work for the government or leave France.
Allouch went to the Jewish Agency and said he was a Zionist who wanted to immigrate to Israel. The French government approved his departure, but demanded a one-year cooling-off period - meaning that during his first year in Israel he must not work with computers. Allouch therefore spent his first year here at the dormitory yeshiva high school in Kfar Maimon, near Be'er Sheva. After that year was over, however, Allouch quickly gained acclaim in Israel solving problems for hackers and their victims.
"Every time the Israeli police arrested someone for hacking," recalls Allouch, "they would come to me also. Everyone has my telephone number. On the one hand, the hackers who got into trouble with the police called me for advice, while on the other, companies were calling me to advise them too.
"I had no interest in doing anything illegal. When I discovered a breach in the Technion's computers, I called the Technion and told them. I don't want to break the law."
Allouch began his professional career with Sun Microsystems Israel. In 1994 he founded Infolink, one of Israel's first Internet service providers (ISPs). Allouch's revolutionary idea was to provide an Internet connection via modems connected to Bezeq, and thus significantly reduce the cost of Internet connections. After one year the company was sold to private investors.
"I sold it for a few hundred thousand dollars," says Allouch. "Not much, but enough to invest in establishing another startup."
Thus in 1996 Allouch set up Netect, which introduced the idea for the process known today as intrusion and detection protection, which thwarts the entry of viruses approaching organizational networks.
"My biggest mistake was that I didn't register a patent," says Allouch. "If I had done that, I would be a billionaire today, as this is the most common and popular information security method used by everyone. I learned one thing the hard way - first, register a patent."
BindView was impressed with Allouch's program for scanning for viruses and weak spots on the net, and when it purchased Netect for $35 million in 1999, the company's 25 employees moved to the U.S. Allouch stayed here and joined the team that founded Blade Fusion, as vice president of technology, but left over differences about the company's direction.
Allouch then worked from home for a while, earning a living from breaking into the computers of big companies around the world that wanted him to help them find their weaknesses. After spending eight months as a consultant in New York, Allouch returned to Israel and joined the information security division at PriceWaterhouse Cooper Israel. There he met Basol and after less than a year, when he realized there was a problem with Web application information security, he resigned and founded AppliCure together with Basol.
"There is a problem with the way organizations maintain their relations with suppliers and clients via their Internet sites, namely, with the requests that arrive at the organization's site via the Internet," explains Basol. "There could be a Trojan horse, in which the request reaches the organization and passes the firewall because it seems to be innocuous, but when it enters the organization's computer, it starts to cause damage or reach unauthorized information."
This time Allouch hastened to register a patent on the innovative technology he had developed.
"When a request enters an organization, it receives a special identifying tag and unique authorizations," explains Allouch. "Just as a personal escort accompanies a person who has passed through a security checkpoint, when the request reaches the organization's servers, the various software programs and the databases, it is identified by the tag attached to it and receives answers in keeping with its authorizations. A customer naturally receives different authorizations than a supplier."
Several Israeli startups are trying to find the winning formula in this area - Sanctum, WebCohort, Kavado and Cyber-Ark each have slightly different technology. The Yankee Group global research company predicts that Web application security will be one of the hot fields in information security in the next five years, with anticipated annual growth of 65 percent. Yankee estimates the market will be worth $1.7 billion by 2007.
AppliCure is expected to release its end product by the end of next month. In the meantime Sun Microsystems Geneva has already expressed an interest in trying it out. Several trials at large companies are already under way, and AppliCure plans to eventually approach venture capital funds for backing.