A letter published Friday on the science and tech website Motherboard, an offshoot of Vice magazine, provides a glimpse into the discreet connection between the Israeli government and American cyber companies.
The letter, which according to Motherboard was sent in 2015 on behalf of the Israeli Defense Ministry to five companies in the United States, seeks to purchase information and hacking tools to for the use of Israeli government organization. Such tools, dubbed “zero-days,” operate in a manner that enables them to find and utilize holes in the defense systems operated by softwares. Zero-day flaws are unknown to security experts, and the systems they hack are not safe until the infilitration is finally detected.
“The Government of Israel Ministry of Defense (GOI-MOD) is interested in advanced Vulnerabilities R&D and zero-day exploits for use by its law enforcement and security agencies for a wide variety of target platforms and technologies,” reads the document, which was reportedly sent out by Israel’s acquisition team in the U.S.
Many of the most advanced cyber perpetrators, such as Stuxnet, are based on tools that make use of such loopholes. Even after a breach is discovered and the developing company updates its software, months and sometimes years go by until the vast majority of software is updated. One prominent example for the serious damages inflicted by such breaches is the the ongoing affair of the global surveillance disclosures in which ex-National Security Agency contractor Edward Snowden leaked sensitive agency files. The NSA case illustrates exactly how much chaos can be wreaked by a professional body that has invested thousands of hours in research of breaches and the development of malwares to exploit them.
The letter in question reveals that the Israeli Defense Ministry asked the companies for bids and assessments regarding the expected time of supply. The companies were asked to answer several questions, such as which platforms the companies specialize in. The examples included all the popular operating systems today – from Windows and Linux to Android and iOS. The companies were also asked if they conduct their research or purchase breaches from a sub-contractor. They were also asked if they publish warnings regarding their findings, and what is their report policy was.
The legal market for breach trade and cyber-attack tools is conducted between companies like the Israeli NSO or the Italian Hacking Team and various law enforcements agencies in different countries. Despite being a monitored export field, such technologies were repeatedly discovered in the use of oppressive regimes.
Motherboard reports that it contacted the Israeli consulate in New York for a response, and it referred them to the Defense Ministry spokesperson, who referred them back to the consulate spokesperson. They reported that “none of the spokespeople replied to our questions about the letter.”