By Joshua Newman
Israel is leading the world in cyber security and warfare, reports Foreign Policy. As a result, they are also a leader in producing cyber mercenary groups. When these highly-trained Israeli cyber soldiers leave the army, they enter the private sector and begin selling their skills to the highest bidder.
These mercenaries come from the Israeli military’s elite cyber security and warfare units. Vice reports that Israel recruits the brightest teens into units like Unit 8200, believed to be the originator of the famed STUXNET attack, and train them to become elite cyber soldiers. According to Dr. Zvi Marom, the Chief Executive Officer and Founder of BATM Advanced Communications, the reason for this superiority is simple: necessity.
When asked about Israel’s technical superiority, Dr. Marom told Forbes “the good education system, and the competitive nature of the Israeli society,” is partly responsible.
Dr. Maron also points out that in Israeli society, the highest educated members are the most valuable, and that there is an inherent technological nature to the Israel Defense Forces.
Nevertheless, the most telling reason according to Dr. Marom, is that Israel is always being threatened. “Israel is constantly under attack. The secret to our existence is having technological superiority to our enemies.” According to Vice, this state of constant threat is a contributing factor as to why Israel is a conscript country – meaning all citizens must partake in mandatory military service.
As Roni Zehav puts it, the Israeli military is akin to being “the largest HR organization in the world,” one in which almost every citizen in Israel is involved. This means young and talented people interested in IT fields join the military and end up specialized in cyber security, cyber defense, and cyber offense.
Then, when their service is up, they leave and they find a job. A job that is also often highly profitable, Vice reports. The skills these veterans gain in the military are sought after by businesses and are profitable in the free-market.
These profits are only increasing as demand grows. According to Market Watch, the cyber security market is expected to be worth 170 billion U.S. dollars by 2022. Israel is poised to be leader in this market, already having an edge in cyber security companies compared to other countries.
For example, one company where a veteran may find a job is the mysterious NSO group. This group is believed to have sold their software to the United Arab Emirates, who then used it to spy on their most famous dissident, according to Foreign Policy. This dissident, Ahmed Mansoor, is now serving 10 years for publishing false information. This is not the only case. According to the University of Toronto’s Citizen Lab, up to 175 people have been targeted by NSO spyware since 2016.
The NSO spyware is actually somewhat incredible, says Citizen Lab. Foreign Policy reports that this spyware targets a vulnerability in iPhones, often viewed as the most secure cellphone on the market. Citizen Lab said in a report that the attack is unique and that they “are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign.”
Despite all of this, mercenaries may not be as big of an issue as political pundits would have you believe, continues Foreign Policy. No doomsday scenarios have come forward yet. No one has hacked a nuclear weapon and launched it, and no one has hacked Wall Street and caused it to crash.
According to Liran Tancman, head of Aperio Systems and a former intelligence officer, as quoted by Foreign Policy, one of the main reasons for this is that “state-sponsored hackers will always have more resources.” The question that needs addressing, Tancman says, is how far ahead the state actors are, compared to non-state actors. The greater the disparity, the less threat they pose.
The key word is ‘yet.’ According to Reuters, the U.S. Government Accountability Office (GAO) recently put out a report saying that the Pentagon found “mission-critical cyber vulnerabilities in systems” that are under development.
Though some officials think the test results may be “unrealistic,” the GAO report found that “using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected.”
However, the report also points out that poor password management and unencrypted communications caused many of these problems, which the report describes as “basic issues.” This report, also picked up by National Public Radio (NPR), describes vulnerabilities that were known about, but never fixed.
All of the doubts raised by this report add incredulity to the theory about states always being ahead of independent hacking groups. This leads to further questions about the companies in Israel that are taking advantage of these “basic issues” for a profit.