SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
7 Mar 2018

Here’s the letter Israel sent to solicit zero-days from American hackers

Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.

Experts have obtained a copy of the letter, which more than half a dozen sources described as unsolicited and unusual in how blunt and direct it was. Experts confirmed that at least five American firms received the letter, and multiple sources told us it was sent to many more.

The letter provides a rare peek into how governments approach researchers who find, develop, and sell zero-day exploits, which are sensitive and often expensive hacking tools that are used to break into smartphones, computers, and internet browsers. “The Government of Israel Ministry of Defense (GOI­-MOD) is interested in advanced. Vulnerabilities R&D and zero-­day exploits for use by its law enforcement and security agencies for a wide variety of target platforms and technologies,” reads the letter, which was sent by an employee of the Israeli mission to the US in New York City in February 2015.

While the language in the letter is standard government-speak for requesting information from potential contractors, the fact that it was sent to multiple firms that apparently had no prior contact with the Israeli government made it unusual. “There wasn’t a single thing about this that was normal,” said one person who received the letter, who spoke of condition of anonymity because they work in a sensitive industry. “I don’t know what the mission was given how bizarre it was.”

Another source, who also spoke on condition of anonymity, said this was “very irregular” given that he had never spoken with the sender or anyone from the Israeli government before. However, another source who received the letter didn’t think the approach was strange, and instead saw the letter as an easy, albeit blunt way to get an idea of the cost of capabilities from a variety of vendors. Essentially, it could have been market research.

“This is standard contractual [Request for Information]," another security researcher told, after reviewing the letter and referring to the language used in it. This researcher, who used to work as a US government contractor, did not originally receive the letter. "I've seen plenty of RFIs just like this from US government agencies."

Israel is one of the leading countries when it comes to the lawful intercept and hacking businesses. But as an Israeli source pointed out, ultimately, the country is still small with a limited number of researchers, so it “only makes sense” for the government to reach out to providers overseas.

A spokesperson for the Israeli consulate in New York told to contact a spokesperson for the Ministry of Defense in Israel. That spokesperson referred back to the spokesperson in New York City. None of the spokespeople replied to our questions about the letter. The former consulate employee who sent the email with the letter attached also did not respond to multiple requests for comment.

The email with the attached letter was sent by a person who at the time used to work for the Israeli Ministry of Defense Mission to the US, according to his LinkedIn account. According to WHOIS data, the email domain he used—goimod.com—has been registered to the government of Israel since 2001, and it is still registered as being owned by the government. The domain was used by the Ministry of Defense until late 2015, when they migrated it to mission-ny.mod.gov.il.

It’s no secret that governments around the world use hacking tools to go after criminals, terrorists, and child predators. Sometimes, governments themselves, through highly specialized teams inside their intelligence agencies, develop those hacking tools. Other times they purchase them from companies that are part of one of the least known and understood parts of the cybersecurity industry: zero-day exploit developers.

As encryption makes it harder to track criminals via more traditional surveillance techniques, such as wiretaps carried out by telecom or internet providers, governments have had to turn to hacking to access data in the course of criminal investigations and intelligence operations. In turn, this has created a niche, albeit growing, corner of the cybersecurity industry. One that Israel was clearly eager to tap into.

Tags:
USA hackers Israel
Source:
Motherboard
284
Other NEWS
25 Apr 2018 safeum news imgage Amazon has a top-secret plan to build home robots
24 Apr 2018 safeum news imgage Advanced hackers infect X-Ray machines in healthcare espionage
23 Apr 2018 safeum news imgage 'Trustjacking' could expose iPhones to attack
20 Apr 2018 safeum news imgage Google boots fake Ad blockers from Chrome web store
20 Apr 2018 safeum news imgage Data firm leaks 48 million user profiles it scraped from Facebook, LinkedIn, others
19 Apr 2018 safeum news imgage Critical unpatched RCE flaw disclosed in LG network storage devices
18 Apr 2018 safeum news imgage Apple is planning to launch a news subscription service
18 Apr 2018 safeum news imgage A big Spanish bank’s customers can now use it to transfer money
17 Apr 2018 safeum news imgage How Android phones hide missed security updates from you
16 Apr 2018 safeum news imgage Google is testing self-destructing emails in new Gmail
16 Apr 2018 safeum news imgage In a leaked memo, Apple warns employees to stop leaking information
13 Apr 2018 safeum news imgage WannaCry ransomware sinkhole data now available to organizations
13 Apr 2018 safeum news imgage Apple must pay $502.6 million to VirnetX, federal jury rules
12 Apr 2018 safeum news imgage Vevo’s YouTube account hack hits popular music videos, causes biggest video ever to disappear
11 Apr 2018 safeum news imgage Homeland security to compile database of journalists, bloggers
All news
SafeUM
Confidential Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015