Hacking, Encryption and Threat of Attack: What the Dead Israeli Intel Officer Did Before He Was Drafted

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
The grave of the Israeli intelligence officer who died in his cell last month after being indicated for national security offenses in September
The grave of the Israeli intelligence officer who died in his cell last month after being indicated for national security offenses in September Credit: Rami Shllush

The mystery behind the jailing and death of the Israeli army intelligence officer has yet to be revealed. The Israel Defense Forces has yet to tell the public what offenses he committed and what led to his death in a prison cell. 

The media have reported that friends and colleagues regarded him as a “computer genius” who completed his bachelor’s degree in computer science while still in high school. But what areas of technology did he specialize in before he was drafted? What tasks was he actually performing? What interested him?

The military court has banned the media from publishing the officer’s name, age or picture, but those questions can be partly answered by looking at his public activity on the GitHub programmer platform and other online forums. 

Although it can’t be revealed, the officer consistently used the same user name on the internet. His past work is still online and it may also have caught the attention of the military intelligence officials that enlisted him. It shows that one of the jobs he worked on was breaking into Israel’s smart transportation card - the Rav-Kav, a contactless-card-based electronic payments system used for public transportation. The system is based on the NFC protocol. Another project that he worked on was to enable an iPhone to read such cards. 

“He was a phenomenon, a software genius. What he did just between the ages of 14 and 19, most people wouldn’t have been able to do for many years,” said a software engineer who examined his online work.

“Eleven years ago, he worked on a project based on open-source code in the programming language C. It’s aim was to hack into the iPhone 4. I don’t know if it really worked, but it looks serious,” said the engineer, who asked not to be named.

“Six years ago, he wrote in Java script a system that works with text, encrypts it by all sorts of methods and then performs statistical analyzes on it, probably for the purpose of encryption testing or for trying to break a code. 

Military prosecutors during a hearing about the dead intelligence officer's case.Credit: Moti Milrod

“At that time, he also wrote a system that tried to hack into the Rav-Kav and similar smart cards. He did other projects based on open source in [the programming languages] Python and Java, working with databases, reading NFC devices, etc.,” he said.

The officer was arrested last September and indicted the same month on serious national security violations, the substance of which has been barred from publication. What has been made public is that the allegations involved serious damage to Israel’s national security. The army says that its investigation revealed that the officer was aware how serious the harm was and sought to cover it up.

At first glance, it appears that all the work done by the intelligence officer, who died in his cell last month, occurred between 2010 and 2016. But it should be noted that a large part of his online activity –  including his personal accounts on social media networks –  have been taken down, apparently by the authorities. His Twitter feed, for example, is completely empty, even though he is known to have used it in the past.

It is important to add that some of the projects found on the online forum under his user name are not actually projects he led, but rather the works of others he was hosting on the platform, a common practice for programmers. 

It should also be noted that the kind of projects he was doing publicly is the hype of ethical hacking often done by programmers without malicious. Ethical or “white hat” hacking are cyberattacks done not to cause damage, but to test an organization's cyberdefenses.

However, in one instance it seems the man broke the rules of ethical hacking: In a discussion appearing on a technical forum, one of the participants talked about a scam in which sites offer to provide a service for a fee –  apparently, a simulation of the Siri voice-recognition software –  but don’t deliver. 

The participant then goes on to cite others making the same complaints, and one of those quoted is by the future officer. The post includes a Tweet from him that seems to be include a threat: “If you don’t refund me I’ll DDOS your systems into oblivion and then I’ll hack your website to make it say its a scam”." 

The young man was threatening the scammers with what is known as a DDoS (distributed denial of service) attack. However, there is no evidence that he made good on his threat. As noted on his LinkedIn profile, the future officer was working for a large startup before he was drafted into the army.

Comments