The Prince And The Spy
By Whitney Webb | The Last American Vagabond | May 12, 2023
A TLAV investigation has found that Erik Prince, the man behind the Blackwater mercenary group, recently teamed up with an Israeli spy, creating a front company with her to help Israeli defense technology providers exploit loopholes and sell their products to the American military.
For years, Erik Prince – the founder of mercenary firm Blackwater (now Academi) – has been a major source of controversy. Ever since he left Blackwater over a decade ago, Prince has appeared in the news for pushing to privatize several wars, his ties to former President Donald Trump’s presidential campaigns, his violation of international arms embargoes and his unusually close ties with Project Veritas, among other notable events and connections.
However, some of Prince’s antics in recent years have not yet made it into the news – namely his decision to team up with an Israeli spy to build a very secretive company that has – until now – evaded scrutiny. That company, Comframe Solutions, appears to operate as an intelligence front and explicitly targets parts of the American military involved in highly sensitive combat operations. As this investigation will show, Prince’s partner in Comframe – Lital Leshem – has been tied to a series of apparent, and admitted, Israeli intelligence front companies, several of which have a focus on technology. Yet Prince and his close associate Chris Burgess – Comframe’s supposed president – have done everything they can to hide their association with the incredibly secretive company. Why might that be and what exactly is Comframe up to?
From “Army Brat” to Cyber Spy
Lital Leshem was raised as an “army brat” in Reut, Israel and Pennsylvania, USA. She later enlisted in the Israel Defense Forces (IDF) as she was “truly devoted to safeguarding the State of Israel.” She quickly rose in the ranks, becoming Operations Officer in the IDF of the besieged Gaza Strip and later becoming a Major, a position she continues to hold to this date through her “reserve duty activities.” According to her LinkedIn, she served in Israeli military intelligence from 2005 to 2011 and, more specifically, served in its signals intelligence unit – Unit 8200. She later attended IDC Herzliya, an Israeli university deeply tied to its military and intelligence apparatus. There, she met Amir Elichai and the two would co-create the company Reporty, which later became Carbyne911 – today known only as Carbyne.
Carbyne was originally founded as Reporty in 2014 by Leshem, Elichai and Alex Dizengof. Leshem and Elichai are Unit 8200 veterans, while Dizengof previously worked for Israel’s Prime Minister’s Office. Before it was revealed that Jeffrey Epstein had poured at least 1 million dollars into the company at the behest of his close associate Ehud Barak, Cabryne’s board of directors – which Barak chaired – included the former commander of Unit 8200, Pinchas Buchris, as well as Epstein associate turned venture capitalist Nicole Junkermann. In the wake of the Epstein scandal, Buchris, Barak and Junkerman, among others, were removed from the board and were largely replaced with veterans and former heads of American intelligence and law enforcement agencies. Leshem had left the company in 2017, but has continued to own shares in the company.
Carbyne is a Next-Generation 9-11 (NG911) platform and the explicit goal of NG911 is for all 911 systems nationwide to become interconnected. It is currently active throughout the United States, its main target market. Its software has been criticized due to “serious privacy concerns” about the amount of information it harvests from smartphones that call a 911 call center running Carbyne’s software. For instance, Carbyne’s smartphone app extracts the following information from the phones on which it is installed:
“Device location, video live-streamed from the smartphone to the call center, text messages in a two-way chat window, any data from a user’s phone if they have the Carbyne app and ESInet, and any information that comes over a data link, which Carbyne opens in case the caller’s voice link drops out.”
The potential for Carbyne as a tool for mass surveillance has been extensively reported by Narativ, MintPress News and other outlets. In addition, Carbyne stores all data on past calls and events in order to “enabl[e] decision makers to accurately analyze the past and present behavior of their callers, react accordingly, and in time predict future patterns.” As a result, Carbyne – along with other Israeli intelligence-connected companies seeking to dominate the American “public safety” market – has the potential to facilitate controversial “predictive policing”, i.e. pre-crime, policies.
In addition to Carbyne, Leshem also worked for Black Cube, which has since been removed from her LinkedIn. There, she had been the firms Director of Marketing. Black Cube was specifically outed as an Israeli intelligence front organization in a 2019 article published by Calcalist Tech. That same article also contains the stunning revelation that many Israeli companies, including Black Cube, have been founded as fronts for intelligence operations since 2012. It states that “since 2012, cyber-related and intelligence projects that were previously carried out in-house in the Israeli military and Israel’s main intelligence arms are transferred to companies that in some cases were built for this exact purpose.” The article also adds that:
“In some cases, managers of development projects in the Israeli military and intelligence arms were encouraged to form their own companies which then took over the [military and/or intelligence] project.”
With Leshem having worked for one company already known to be a product of this deliberate policy, it is worth scrutinizing Carbyne as being one such front, especially considering the common tie of Ehud Barak to both companies. In addition, Leshem has also worked for another company tied to Barak that has been described as worse than the NSO Group, which produced the notorious Pegasus software. Called Toka, its top executives – like Carbyne – are largely veterans of Israeli’s Unit 8200, where Leshem also served, or former commanders of Israeli military cyber operations.
Toka, which Ehud Barak founded in 2018, is very, very likely to be one of the front organizations produced as a result of the aforementioned 2012 Israeli intelligence policy. The company is directly partnered with Israel’s Ministry of Defense and other Israeli intelligence and security agencies since its founding and the company only sells its products to countries that are considered allies of Israel. It purports to be able to hack, not just smartphones, but any device with internet connectivity, such as doorbell cameras and other “smart” devices. As will be noted later in this article, Leshem herself has noted that Toka has a relationship with the CIA.
After being involved with a series of Israeli intelligence fronts and her enduring ties to Israeli military intelligence through her “reserve duty activities”, Leshem was courted by a surprising figure – Erik Prince, war profiteer and founder of the controversial mercenary outfit Blackwater.
Partnering with Prince
Leshem says that she met Prince after she “randomly stumbled across his path and joined his team.” There, per her website, she “managed his business portfolio and his global investments.” Her LinkedIn lists her as serving as the executive director of global business development of Frontier Resource Group (FRG) from 2018 to 2021. Frontier Resource Group was founded by Prince and is “an Africa-dedicated investment firm partnered with major Chinese enterprises, including at least one state-owned resource giant that is keen to pour money into the resource-rich continent,” according to the South China Post. It not only operates in Africa, but also other countries due to its contracts to support China’s One Belt One Road initiative, which were signed in 2019.
FRG is a subsidiary of Frontier Services Group (FSG), which Prince also founded. In 2013, he sold a majority share of FSG to the China International Trust Investment Corporation (CITIC), a state-owned Chinese investment company that is among the largest of the country’s state-run conglomerates. CITIC, during the mid-1990s, was chaired by Wang Jun, who doubled as China’s chief arms dealer and was a key figure in the “Chinagate” scandal of the Clinton White House. As detailed in One Nation Under Blackmail, that scandal involved the illicit transfer of American military technology to China and the illicit transfer of Chinese weapons, whose sale in the US was banned during this time, into the United States. Mark Middleton, a White House aide, and Jeffrey Epstein are some of the names apparently involved with those activities. “Chinagate” appears to have been a joint venture between factions of the CIA and Israeli intelligence and has never been properly investigated by federal authorities. It seems that Prince, who was (and may still be) a CIA asset, and Leshem have engaged in similar activities via FRG/FSG. For example, TRTWorld reported that Leshem is “speculated” to have transferred Carbyne’s technology to China via her role at FRG and her connection to Prince. China launched an app that was nearly analogous to Carbyne, but more explicitly focused on surveillance, at the same time that Carbyne launched its first 911 call system in the United States.
In addition, TRTWorld notes, the company DarkMatter, a UAE surveillance and intelligence group that employs former US intelligence operatives, attracted the attention of Chinese officials at a smart cities conference in 2015. DarkMatter, which was launched to modernize Emirati intelligence and military operations, signed a Global Strategic Memorandum of Understanding with Huawei, the Chinese tech giant. The middle man in this sale was none other than Erik Prince. Leshem and another Prince associate, Dorian Barak, also have business ties to the UAE via their prominent roles at the UAE-Israel Business Council.
As TRTWorld concluded:
“With similar technology being used, and the same mercenary middle-man between Carbyne and China who brought together UAE’s DarkMatter surveillance technology with China, indications point to a likely transfer of surveillance technology from Epstein’s Israeli company [Carbyne] to China.”
Comframe – Secretive Company or Intelligence Front?
Prince’s and Leshem’s joint activities after Leshem left FRG suggest that this pattern of behavior has not only continued, but deepened. According to Leshem’s website, a year and a half after she started working for Prince, she and Prince “joined forces to found Comframe, a company that takes the best of Israeli defense technology providers, and helps them penetrate the American market by bridging prevalent gaps.” Leshem also says Comframe was assisted by her “premier integrator and business development platform for deploying advanced military, special operations, public safety and HLS solutions in the United States, and a wide network of partnership, both government and civilian.”
In discussing Comframe elsewhere, Leshem writes that the company she co-founded with Prince “is led and staffed by Special Operations and defense procurement veterans with billions of dollars of successful sales to USG and foreign government to their names.” She says that Comframe has a “track-record of success implementing complex procurement and integrations programs from intelligence gathering & analysis, to contracting, program sales and personnel deployment, is exceptional.”
What Leshem says of the company clashes with Comframe’s threadbare public presence. For instance, its website, which is notably short on content, lists the following companies as partners – TomCar, BlueBird Aero Systems, General Robotics, SafeStrike, Ops-Core (now part of Gentex Corp) and Axon. On its partners page, Comframe says that this is “a small sampling of our current partners we have chosen to work with.” Most of these companies were created by Israeli military/military intelligence veterans.
Aside from the partners page, there is little other information available on the Comframe site. It describes its mission as “to source cutting-edge, innovative technologies that safely and securely solve articulated U.S. government problems” and touts its “get it done” commitment and how its employees “wake up every morning wanting to find solutions that keep the U.S. government safe and more lethal.” It lists the company’s president as Chris Burgess. Burgess, a former NAVY Seal who trained with Erik Prince, does not list Comframe on his LinkedIn or in any other site discussing his work history. He is currently the CEO of military contractor Regulus Global. Burgess previously ran a mercenary firm he founded, Greystone Ltd., that was previously affiliated with Prince’s Blackwater and was originally intended to be Blackwater’s “sister company.”
Both Blackwater (now Academi) and Greystone have been accused of sending mercenaries to fight in the current conflict between Russia and Ukraine. Both companies deny this. The accusations came after Prince had planned to create a “private army” in Ukraine, something he has attempted to do (and sometimes succeeded) in various conflict zones, such as Afghanistan. Prince has also attempted to offer “lethal services” to Russia’s Wagner group.
Aside from Burgess’ apparent unwillingness to associate himself publicly with Comframe, there is also the fact that the only employee publicly associated with Comframe at all is Lital Leshem. Indeed, even Erik Prince has declined to publicly affiliate himself with the company. Another oddity is the fact that Comframe’s website has an “Industry News” page that contains several blog posts with titles discussing oil markets and geopolitics. However, the content of the posts themselves are all filler generated by WordPress. Was Comframe also intended to work in commodities markets? The odd and sparse nature of the website seems to clash with Leshem’s characterization of the company.
So, what is Comframe exactly and what is it intended to do? Why are the only people associated with the company two professional mercenaries, one of whom is a known CIA asset, and an Israeli spy? A 2020 article published in the Jerusalem Post seems to highlight Comframe’s mysterious inner workings and likely purpose.
That article notes that Comframe acted as a middleman in forging an agreement to create an assembly line in El Paso, TX in order for the Israeli company Tomcar to “offer its latest models to the US Armed Forces.” The agreement was made between Tomcar and Prince Manufacturing, a major contract manufacturing company that works with Ford, General Motors and Tesla, among others. Prince Manufacturing was notably founded and run for many years by Edgar Prince, Erik Prince’s father. Notably Tomcar, its founder – Yoram Zarchi – and his son (works for Tomcar) – Ram Zarchi – appear in the Panama Papers as does the former holding company that owned Tomcar from 2004 to 2011.
The article notes that Comframe “is focused on recognizing needs in the US defense industry and matching them to possible solutions, usually involving innovative Israeli companies.” However, the article notes, “to meet the demands of American security needs, one must have an American entity.” Leshem is then quoted as saying, “Ram [Zarchi of Tomcar] had been living in Phoenix for 15 years, but he can’t do that [sell to the American military because he is not a US citizen]. We can.”
In other words, per Leshem, Comframe utilizes Prince and presumably Burgess to sell Israeli defense technology and products to the American military that would otherwise not happen due to national security concerns around buying foreign-made products for sensitive defense and military operations. Leshem goes on to state Comframe sells “to the US Special Forces and other branches of the service [i.e. US military],” noting that Comframe is specifically targeting Special Ops. She also suggests that, aside from the US military, another intended market for the company is NATO – she told the Jerusalem Post that the US “controls 70% of NATO’s defense industry.”
The article ends by stating that, for Comframe, when sales are related to national security, one still has to have “boots on the ground,” suggesting why Comframe has such a minimal web and online presence. This is similar to another company Leshem has been working for while at Comframe, Ehud Barak’s Toka. Notably, at the end of this very article, Leshem uses Toka as an example regarding Comframe’s “boots on the ground” sales approach. She states:
“Hi-tech companies like Toka with clients like the CIA, can’t discuss what they do using Zoom.”
A New Pattern for Prince
Comframe is a very suspect company – it is highly, highly secretive, targets sensitive American military agencies with foreign technology, and its known employees are apparent spooks and intelligence-linked mercenaries. Not only that, but the history of Israeli espionage in the United States – from Jonathan Pollard and PROMIS to Comverse and beyond – shows a concerted effort to target the American military and security agencies, often with bugged or “backdoored” technology.
In addition to the above, Prince has also recently engaged in efforts to market a very suspect smartphone to MAGA Republicans as being “unhackable” and “unsurveillable.” That phone was “designed in Israel” and the company that produces it is called Unplugged. According to reports, Unplugged’s “day-to-day technology operations are run by Eran Karpen, a former employee of CommuniTake, the Israeli start-up that gave rise to the now infamous hacker-for-hire firm NSO Group.” Karpen, like Leshem, is also a veteran of Unit 8200.
Notably, DarkMatter, the UAE private intelligence company that was mentioned earlier due to its association with Prince, once marketed an “ultrasecure” phone called Katim, only to be later outed for hacking dissidents and journalists. In addition, Prince debuted Unplugged’s phone on Steve Bannon’s “War Room” program. Both Prince and Bannon have controversial relationships with exiled Chinese billionaire Guo Wengui, also known as Miles Guo.
That Prince would help market this phone specifically to MAGA Republicans is disturbing given that his associate Leshem and other Israeli intelligence veterans and operatives have played a major role in developing the infrastructure for the US’ “War on Domestic Terror,” which is mainly targeted at the political right and has already utilized mass surveillance through smartphones and other technologies to justify arrests, including “pre-crime” arrests. Given the content of this investigation, Prince’s ties to foreign governments and intelligence agencies should be heavily scrutinized, especially Comframe – whose secretive activities may be drastically undermining American national security.
Israel’s Entryism and the Campaign to Create a Binational Security State
Graphic by Antonio Cabrera
Lowkey is joined by Whitney Webb to examine the IDF’s military intelligence Unit 8200, which gave birth to the NSO group responsible for Pegasus Spyware, and how Israel’s national security state is merging with that of the United States to target free speech and dissent:
MintPress News | July 22, 2021
The new MintPress podcast, “The Watchdog,” hosted by British-Iraqi hip hop artist Lowkey closely examines organizations that are in the public interest to know about including intelligence, lobby, and special interest groups influencing policies that infringe on free speech and target dissent. The Watchdog goes against the grain by casting a light on stories largely ignored by the mainstream, corporate media.
For the launch of “The Watchdog,” we examine the idea that Israel, through well-camouflaged proxies, has been making efforts to merge with the U.S.national security state. The podcast delves deep into two organizations we deemed essential to this process of entryism. For this task, we enlisted the help of the prolific writer, researcher into intelligence, surveillance, civil liberties, and big tech on the macro and the micro-level, Whitney Webb.
The first part of the podcast focuses on the IDF Unit 8200, a military intelligence unit in the Israeli Army known for monitoring Palestinian communication and using that information to blackmail them. The unit has also carried out cyber attacks on other states. Unit 8200 gave birth to the NSO Group, the supposedly private company responsible for the Pegasus Spyware which has recently been used around the world to target dissidents, journalists, activists, and more. The lesson which must come from this global scandal is that companies with any Unit 8200 involvement must be seriously examined.
The NSO group is far from the only way in which Unit 8200 actors have been able to insinuate themselves into the business of other governments. Following a 2012 policy set by the Benjamin Netanyahu government, Israel set about siphoning the functions of its military intelligence into private companies. Former Unit 8200 members set up staff and numerous important cybersecurity companies across the world, tasked with guarding swathes of very sensitive data.
Whitney Webb explores her research by looking at Unit 8200 founded and-or staffed organizations like Cybereason, National Start-up Central, and Cyber Threat Intelligence League which between them have access to masses of information in both the U.S. and UK. Lowkey draws a connection between Cybereason, their partner Leidos and the 2012 British census. He also delves into the recently widely referenced cybersecurity company Proofpoint, identifying for the first time the connection between this company and Unit 8200.
This information being visible to both former and current employees of the Israeli government leads to a power imbalance which is allowing Israel to not only prevent any possibility of Boycott Divestment and Sanctions being practiced in the most vital sectors but also helps to create a binational security state entrenched with its interests.
The second organization discussed as a key part of Israel’s entryism into the U.S. security state is the Anti-Defamation League. Webb reveals some of the context around the founding of the organization over a century ago and details of its trajectory to today. Lowkey pointed out that an internal FBI memo in 1969 had questioned whether the ADL violated U.S. law by failing to register a foreign agent and asserted that it would be “incredible” to assume it was not being furnished by the Israeli government in its infiltration activities targeting Arab-American student groups.
Webb defined the ADL as “an intelligence agency posing as a civil rights organization.” She also added to Lowkey’s point that it had not only spied on Arab-American student groups but also groups like Greenpeace and those that were working to end apartheid in South Africa, they were sending information they got from these infiltrations to Mossad and the Apartheid regime.
Today, the ADL is not only designated as a “trusted-flagger” by Youtube but it also has been seen to use social media posts to report people to the FBI. The ADL’s collaboration with the FBI started small in the civil rights era and has now developed to the point that the ADL is now the largest nongovernmental trainer of law enforcement in the U.S. It has been made clear that in Biden’s new Domestic Homeland Security policy arrangement, individuals are being flagged by the ADL, who are then directing the FBI to investigate them.
The reasons for investigation as potential domestic terrorists can be as simple as an individual’s social media history. Lowkey points to the ADL campaigns against Ilhan Omar, Marc Lamont Hill, and Linda Sarsour and Webb describes the organization “as an arm of the Israel Lobby.”
These two organizations must be studied critically if we are to understand the way Israel projects its power into other places, particularly in the United States of America.
Lowkey is a British-Iraqi hip hop artist, academic, political campaigner, and a MintPress video and podcast host.
UK Labour’s recent hire shows ‘complete submission to Zionist lobby’, rights group says
MEMO | January 25, 2021
The UK Labour Party’s decision to appoint a former Israel spy to work in his social media team demonstrates its leaders “complete submission to the Zionist lobby”, a UK-based human rights group has said.
The Arab Organisation for Human Rights in the UK (AOHR UK) criticised the appointment of Assaf Kaplan, who worked as an analyst and officer in Unit 8200 of the Israeli Military Intelligence between 2009-2013, where he monitored, collected, and analysed information on all Palestinians, regardless of their status.
“Unit 8200 constantly breaches international laws and conventions, as it dates back to the period before the establishment of Israel when it was known as Shin Mem 2, which worked on collecting information for Zionist gangs that committed massacres against the Palestinians,” AOHR UK said.
“In September 2014, 43 officers published a letter revealing the filthy role of this unit and how the information it gathered led to the killing of thousands of innocent Palestinians, especially during the wars on the Gaza Strip.”
AOHR UK confirmed that Kaplan’s CV, as well as the past and present of this unit, are known to officials in the British Labour Party, thus raising many questions about the reasons behind his employment given the risks he poses to the security of the party
AOHR UK explained that as a result of his work, Kaplan should be in “prison, not the British Labour Party.”
The rights group went on to call on the leaders of the Labour Party and its supporters to reject this appointment.
Meet the IDF-Linked Cybersecurity Group “Protecting” US Hospitals ‘Pro Bono’
By Whitney Webb –
UNLIMITED HANGOUT– August 27, 2020
Since the Coronavirus crisis began in earnest earlier this year, the strain on hospitals in the US and around the world has been the subject of a considerable number of media reports. However, hardly any media attention has been given to the dramatic and unsettling changes that have been made to hospital and healthcare information technology (IT) systems and infrastructure under the guise of helping the US healthcare system “cope” with the surge in data as well as an unsettling uptick in cyberattacks.
Over the past several months, 80% of healthcare institutions in the US have reported being targeted by some sort of cyberattack, ranging from minor to severe, with an uptick in phishing attempts and spam specifically. Most of these attempts have been aimed at illegally acquiring troves of patient data, including the recent hacks of hospitals in Chicago and Utah. About 20% of the hacks and cyberattacks reported by hospitals and medical facilities since March directly affected the facilities’ capacity to function optimally, with a much smaller percentage of those including ransomware attacks.
One of the reasons for the increase in the success of these attacks has been the fact that more healthcare IT workers are working remotely as well as the fact that many IT staffers have been laid off or let go completely. In several recent instances, the removal of entire hospital system IT staffs have been tied to a larger effort by the Department of Health and Human Services (HHS) to consolidate control over patient data, including Coronavirus-related data, with the assistance of secretive government contractors with longstanding ties to HHS.
The surge of cyberattacks combined with major budget cuts has made hospitals even more vulnerable as many are compelled to do more with less. As a result, there has been a renewed push for the improvement of cybersecurity at hospitals, clinics and other healthcare institutions throughout the country over the course of the Coronavirus (Covid-19) crisis.
Amid this backdrop, an odd group of “cyber threat intelligence” analysts with ties to the US government, Israeli intelligence and tech giant Microsoft have “volunteered” to protect US healthcare institutions for free and have even directly partnered with US federal agencies to do so. They have also recently expanded to offer their services to governments and social media platforms to target, analyze and “neutralize” alleged “disinformation campaigns” related to the Coronavirus crisis.
While these analysts have claimed to have altruistic motives, its members who have identified themselves publicly have notably dedicated much of their private sector careers to blaming nation states, namely Iran but also China, for hacking and, most recently, for cyberattacks related to the Coronavirus crisis, as well as the 2020 presidential campaign. These individuals and their employers rarely, if ever, make their reasons for assigning blame to state actors available to public scrutiny and also have close ties to the very governments, namely the US and Israel, that have been attempting to gin up hostilities with those countries in recent years, particularly Iran, suggesting a potential conflict of interest.
The Cyber Justice League?
Calling themselves the cyber version of “Justice League,” the Covid-19 Cyber Threat Intelligence (CTI) League was created earlier this year in March and has described itself as “the first Global Volunteer Emergency Response Community, defending and neutralizing cybersecurity threats and vulnerabilities to the life-saving sectors related to the current Covid-19 pandemic.” They now claim to have over 1,400 members hailing from 76 different countries.
According to their website, they seek “to protect medical organizations, public healthcare facilities, and emergency organizations from threats from the cyber domain” and offer their services “pro-bono” to major hospitals, healthcare and pharmaceutical companies as well as U.S. law enforcement and federal agencies. Upon their creation, they sent an “open letter to the healthcare community,” offering to volunteer “their time and efforts to mitigate [cyber] threats and protect our healthcare system.”
However, since its creation, the CTI League has offered its services to sectors entirely unrelated to healthcare systems, companies and institutions. For instance, they now offer their services to critical infrastructure systems throughout the US, including dams, nuclear reactors, chemical plants and others, according to their inaugural report and their contact form. This is particularly concerning given that there is no oversight regarding who can become a member of the League, as one must merely be approved for entrance or “vetted” by the league’s four founding members, whose conflicts of interests and ties to the US and Israeli national security states are detailed later on in this report.
In addition, the league’s team of “expert” volunteers also tackle alleged disinformation campaigns related to Covid-19. Some examples of the “disinformation” campaigns the CTI league has been investigating on behalf of its private sector and federal partners include those that “associate Covid-19 spread with the distribution of 5G equipment,” “encourage citizens to break quarantine”, and one that “incited” a “1st and 2nd amendment rally” in Texas.
Regarding their disinformation “workstream,” the CTI league states the following:
“The CTI League neutralizes any threat in the cyber domain regarding the current pandemic, including disinformation. The mission of this effort is to find, analyze, and coordinate responses to the current pandemic disinformation incidents as they happen, and where our specialist skills and connections are most useful.”
The CTI League has offered its services “pro bono” to a variety of groups in the private and public sector, which has allowed the League’s members access to the critical systems of each. For instance, they work closely with the Health Information Sharing and Analysis Center (H-ISAC), whose members include Johnson & Johnson, Pfizer, Merck, Amgen, Blue Cross Blue Shield and Athenahealth, among others. H-ISAC’s president, Denise Anderson, works closely with the National Cybersecurity and Communications Integration Center, part of the Department of Homeland Security (DHS). According to H-ISAC’s Chief Security Officer (CSO), Errol Weiss, the organization has been partnered with the CTI League since “very early on” in the Coronavirus crisis.
The CTI League also works with unspecified law enforcement partners in the US and works particularly closely with the US Cybersecurity and Infrastructure Security Agency (CISA), an independent federal agency overseen by DHS. The current CISA director, Christopher Krebs – who was previously the Director of Cybersecurity for Microsoft, told CSO Online in April that “CISA is working around the clock with our public and private sector partners to combat this threat. This includes longstanding partnerships, as well as new ones that have formed as a direct result of Covid-19, including the Covid-19 Cyber Threat Intelligence (CTI) League.”
Since they began “working with US authorities,” the CTI League has increasingly taken to assigning blame to nation states, specifically Russia, China and Iran, for various cyber-intrusions just as the US federal authorities began to do the same. In late April, for instance, the Justice Department began claiming Chinese hackers planned to target “US hospitals and labs to steal research related to coronavirus” and anonymous US officials blamed China for a hack of the Department of Health and Human Services (HHS) and COVID-19 research. Yet, no evidence tying China to the hacks was provided and only anonymous government officials were willing to imply blame in statements given to the press, suggesting that there was not enough evidence to justify going public with the accusation or to even open an official investigation against specific foreign entities.
Notably, that same week in April, CTI League’s founder Ohad Zaidenberg claimed that China, Iran and Russia “are trying to steal everything,” telling CBS News that they “can steal information regarding the coronavirus information that they don’t have, (if) they believe someone is creating a vaccine and they want to steal information about it. Or they can use the pandemic as leverage so they (can) to steal any other type of information.”
Yet, upon looking more closely at the CTI league’s membership and co-founders, particularly Mr. Zaidenberg, much of the league’s leadership has a rather dubious track record regarding past claims linking state actors to cyberattacks. In addition, they also possess rather glaring conflicts of interests that undermine the CTI League’s professed desire to protect critical health and other infrastructure “free of charge” as well as ties to foreign governments with a history of espionage targeting the United States.
ClearSky and the manufactured Iranian threat
The public face of the CTI League and its original founder is a young Israeli named Ohad Zaidenberg, who was previously an “award-winning” commander in Israeli military intelligence’s Unit 8200, a key component of Israel’s military intelligence apparatus that is often compared to the U.S.’ National Security Agency (NSA). While serving in Unit 8200, Zaidenberg specialized in acts of cyberwarfare targeting the Iranian state, serving first as a Persian analyst in the Unit before becoming commander. His current biography states that he continues to remain “focused on Iran as a strategic intelligence target” and describes him as “an authority in the operations of key Iranian APTs [Advanced Persistent Threats].”
In addition to his leading role at the CTI League, Zaidenberg is also the lead cyber intelligence researcher at ClearSky Cybersecurity, an Israeli company directly partnered with the Unit 8200-linked Checkpoint and Verint Inc., formerly known as Comverse Infosys – a company with a long history of fraud and espionage targeting the US federal government. ClearSky also collaborates “daily” with Elta Systems, an Israeli state-owned subsidiary of Israel Aerospace Industries (IAI), and was founded by Boaz Dolev, the former head of the Israeli government’s “e-Government” platform.
Aside from his work at CTI League and ClearSky, Zaidenberg is also a researcher for Tel Aviv University’s Institute for National Security Studies (INSS). Zaidenberg is specifically affiliated with the INSS’ Lipkin-Shahak Program, which is named after the former head of Israeli military intelligence and which focuses on “national security and democracy in an era of Post-Truth and Fake News.” According to the INSS website, the program works directly with the Israeli government and the IDF and is currently headed by Brigadier General (Ret.) Itai Brun, the former head of the Israel Defense Intelligence (IDI) Analysis Division.
Prior to the creation of CTI League, ClearSky – and Zaidenberg, specifically – were often cited by US mainstream media outlets as the sole source for dubious claims that “Iranian hackers” were responsible for a series of high-profile hacks and “disinformation” campaigns. In every mainstream media report that has covered ClearSky’s and Zaidenberg’s claims regarding “Iranian hackers” to date, their connections to the Israeli government and Israeli intelligence services have been left unmentioned. Also unmentioned was the fact that the only state actor that ClearSky has ever blamed for hacks or other online attacks has been Iran, suggesting that the government-linked cybersecurity firm has a rather myopic focus on the Islamic Republic.
Ohad Zaidenberg
For instance, in February 2018, Forbes reported on ClearSky’s claim, citing only Zaidenberg by name, that an individual linked to Iran’s government had been responsible for an “Iranian propaganda machine” producing “fake news” and attempting to imitate BBC Persian. Zaidenberg claimed that the individual behind the three “fake news” websites, which largely published criticisms of the BBC as opposed to false news stories, is “believed to have worked for [Iran’s] National Ministry of Communications.” Based merely on the Iranian national’s “believed” (i.e. unconfirmed) work history, Zaidenberg then asserts with “medium-high certainty that the operation was funded by the Iranian government.” Zaidenberg’s history as a commander in Unit 8200 targeting Iran and his continued, self-admitted work in pursuing Iran as a “strategic intelligence target” while working at the Israeli government-affiliated ClearSky are left unmentioned by Forbes.
More recently, right before the founding of the CTI League, Zaidenberg and ClearSky were the sole source of claims that “Iranian hackers” were “exploiting VPN servers to plan backdoors” in companies around the world as well as targeting the networks of certain governments, mainly in the U.S. and Israel. ClearSky’s assertion that the hackers in question were tied to Iran’s government was solely based on their finding of “medium-high probability” that the hackers’ activities overlapped with the past “activity of an [unspecified] Iranian offensive group.” They declined to specify what the nature of the overlap was or its extent.
A clear conflict of interest
Notably, ClearSky’s February report on “Iranian hackers” targeting governments and major international companies in the US and elsewhere came right on the heels of speculation that Iran would target the US with a cyberattack following the US’ January assassination of Iranian general Qassem Soleimani, an act that was greatly influenced and allegedly prompted by Israeli intelligence. In the aftermath of the Soleimani assassination, mainstream media outlets in the US had heavily promoted the claim that Iran’s government would soon respond with a “cyberattack” as retaliation and that “financial institutions and major American corporations may be in the crosshairs.”
President Trump and Secretary of State Mike Pompeo had both threatened, at the time, to dramatically respond to any Iran-launched attack, including one launched in the cyber domain, presumably with military force. While Iran’s much-hyped “cyber retaliation” failed to materialize, ClearSky, with its dubious claims that “Iranian hackers” were targeting major corporations and governments, created the impression that Iran’s government was involved in cyberattacks against U.S. interests at this sensitive time.
ClearSky and Zaidenberg’s claims regarding Iran only intensified after the CTI League was founded, with ClearSky and Zaidenberg being the only source for the claim made earlier this year in May that Iran had been responsible for the hacking of US biopharmaceutical company Gilead (a company which boasts close links to the Pentagon). The hack itself, which was widely reported by US media, is said to have consisted of a Gilead executive receiving a single “fake email login page designed to steal passwords” and it is unknown if the attack was even successful, per Reuters, which first broke the story in May. ClearSky subsequently claimed to have single-handedly “foiled” the Gilead hack. Notably, Gilead is part of H-ISAC, which had been partnered with Zaidenberg’s CTI League weeks prior to the alleged hack.
The alleged Iranian-led hack received considerable media attention as the cyberattack was said to have targeted Gilead’s antiviral medication remdesivir, which had received a Covid-19-related emergency use authorization from the U.S. Food and Drug Administration (FDA) just a week before the hack allegedly took place. Only Zaidenberg is cited by name in the report on Iran’s alleged links to the Gilead hack, with Reuters citing two other, yet anonymous, cybersecurity researchers who told the outlet that they concurred with Zaidenberg’s assertion “that the web domains and hosting servers used in the hacking attempts were linked to Iran.”
Then, earlier this month, the FBI sent out a security alert claiming that Iranian government-aligned hackers were targeting F5 networking devices in the US public and private sector, with some media outlets citing anonymous sources tying the hackers in question to those previously identified by ClearSky. The FBI alert was issued right after an alert from CISA (which works directly with the CTI League and Zaidenberg) regarding vulnerabilities in F5 devices that did not mention the involvement of any state actors. Just a few days before the FBI alert, the director of the US intelligence community’s National Counterintelligence and Security Center, William Evanina, had alleged that Iran was “likely” to use online tactics to “discredit U.S. institutions” and “to stir up U.S. voters’ discontent.”
Aside from citing only ClearSky and Zaidenberg for claims linking Iran’s government to cyberattacks, it is also worth noting that the media reports that accused Iranian government-linked groups of committing those attacks declined to even mention the extreme extent to which Iran itself has been the subject of cyberattacks over the course of 2020. For instance, in February, a cyberattack took down an estimated 25% of Iran’s internet, with some alleging US involvement in a similar attack that had targeted Iran just months prior. More recently, a series of several mysterious fires and other acts of industrial sabotage across Iran over the past few months have been linked to Israeli intelligence operations. In some cases, Israeli officials have acknowledged the Zionist state’s role in these events.
In addition, there is the fact that top Israeli intelligence officials have attempted for years to goad the US into making the “first move” against Iran, both covertly and overtly. Indeed, for much of the last twenty years, Mossad has had access to “virtually unlimited funds and powers” for a “five-front strategy,” involving “political pressure, covert measures, proliferation, sanctions and regime change” in order to target Iran. Some Mossad officials have openly stated that part of this “five-front” strategy involves directly influencing the US’ Iran policy, including lobbying the U.S. to conduct a military strike on Iran. For instance, former Mossad director Meir Dagan, who pushed the US State Department to pursue “covert measures” and “urged more attention on regime change” in Iran while head of Mossad, is on record in 2012 stating that, in his view, the US needs to strike Iran first so Israel doesn’t have to.
Currently, Israeli officials have been relatively candid about their role in several of the recent cyberattacks that have befallen Iran as well as the fact that powerful elements of the Israeli state are trying to get the US to join a conflict against Iran before the 2020 presidential election while Trump remains in power. The effort has reportedly led to concern among EU officials that Israel’s government may be seeking to provoke an event whereby the US would engage Iran militarily.
This context highlights why solely citing a firm like ClearSky and an individual like Ohad Zaidenberg in linking a cyber attack to the Iranian government is dangerous, given that ClearSky and Zaidenberg’s ties to the Israeli national security state presents a conflict of interest. This is especially true given that Zaidenberg’s old unit in Unit 8200 is directly involved in conducting cyber attacks on Iran, like those that have been recently taking place as part of the strategy to provoke a military engagement between the US and Iran prior to the November elections.
While Iran’s government could have been involved in recent cyberattacks, especially considering the extent to which Iran has been recently targeted by cyberwarfare, using a firm tied to the very government and military intelligence apparatus actively seeking to embroil the US in a war with Iran as the sole source linking Iran to a cyberattack is not only ill advised, but dangerous and reckless.
Furthermore, given Zaidenberg’s key role in the CTI League, allowing faceless “volunteers” vetted by Zaidenberg and the league’s three other founding members (whose affiliations are discussed below) onto critical private and public networks under the guise of “aiding” their security amid the Covid-19 crisis is similarly reckless.
CTI, Microsoft & 2020
While Zaidenberg has made himself the public face and spokesperson of the CTI League, it is worth examining the other three individuals that are listed as founding members on the League’s website, if only because only these four individuals “vet” those who join the CTI League.
One of these other founding members is Marc Rogers, who began his career as a hacker and later “hacktivist” before deciding that “ethical hacking” was “more likely to have a positive outcome.” For Rogers, “ethical hacking” meant pursuing a cybersecurity career with multi-national corporations like Vodafone and Cloudfare as well as asset management firms like Asian Investment & Asset Management (AIAM).
Rogers is currently the Vice President of Cybersecurity Strategy at Okta, an enterprise identity solution platform, co-founded by former Salesforce executives and largely funded by venture capital firm Andreessen Horowitz. Andreessen Horowitz is advised by former Secretary of the Treasury and Jeffery Epstein friend Larry Summers and is also a major investor in Toka, a company closely tied to Israel’s military intelligence apparatus and led by former Israeli Prime Minister (and a close friend of Epstein’s), Ehud Barak.
Aside from Rogers and Zaidenberg, the other founding members of the CTI League are Nate Warfield and Chris Mills. Warfield is a former self-described “Grey Hat” hacker (defined as “a hacker or cybersecurity professional who violates laws or common ethical standards but without malicious intent”) who now works as a senior program manager for the Microsoft Security Response Center (MSRC). Mills also currently works for the MSRC as a senior program manager and he previously created the US Navy Computer Forensics Lab while serving in the Navy’s Cyber Defense Operations Command.
The MSRC “proactively builds a collective defense working with industry and government security organizations to fend off cyberattacks” and works within the Cyber Defense Operations Center and Microsoft’s other cybersecurity teams, including that previously overseen by Chris Krebs when he was in charge of “Microsoft’s US policy work on cybersecurity and technology issues.” Krebs, as previously mentioned, is now the head of the federal agency CISA, which oversees the protection of critical electronic infrastructure in the US, including the voting system. In addition to the above, MSRC is heavily focused on pursuing the cybersecurity needs of Microsoft customers, which includes the US government, specifically the US Department of Defense.
It is worth noting that the MSRC is also directly affiliated with Microsoft’s ElectionGuard, a voting machine software program that was developed by companies closely tied to the Pentagon’s infamous research branch DARPA and Israeli military intelligence Unit 8200 and creates several risks to voting security despite claiming to make it “safer.” The push for the adoption of ElectionGuard software in the US has been largely spearheaded by the Chris Krebs-led CISA.
Perhaps more telling, however, is that Microsoft and the MSRC have been at the center, alongside ClearSky, of claims linking Iran’s government to recent hacking events and assertions that Iranian government-linked hackers will soon target the US power grid and other critical infrastructure with cyberattacks. For instance, last year, Microsoft penned a blog post about a “threat group” it named Phosphorus, sometimes also called APT35 or “Charming Kitten”, and Microsoft claimed that they “believe [the group] originates from Iran and is linked to the Iranian government.” Microsoft did not provide more details as to why they hold that “belief,” despite the implications of the claim.
Microsoft went on to assert that the “Iranian” Phosphorus group attempted to target a US presidential campaign, which subsequent media reports revealed was President Trump’s re-election campaign. Microsoft concluded that the attempt was “not technically sophisticated” and was ultimately unsuccessful, but the company felt compelled, not only to disclose the event, but to attempt to link it to Iran’s government. Notably, the Trump campaign was later identified as the only major presidential campaign using Microsoft’s “AccountGuard” software, part of its suspect “Defending Democracy” program that also spawned NewsGuard and ElectionGuard. AccountGuard claims to protect campaign-linked emails and data from hackers.
Though it provided no evidence for the hack or its reasons for “believing” that the attack originated from Iran, media reports treated Microsoft’s declaration as proof that Iran had begun actively meddling in the US’ 2020 presidential election. Headlines such as “Iranian Hackers Target Trump Campaign as 2020 Threats Mount,” “Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says”, “Microsoft: Iran government-linked hacker targeted 2020 presidential campaign” and “Microsoft Says Iranians Tried To Hack U.S. Presidential Campaign,” were commonplace following Microsoft’s statements. None of those reports scrutinized Microsoft’s claims or noted the clear conflict of interest Microsoft had in making such claims due to its efforts to see its own ElectionGuard Software adopted nationwide or the fact that the company has close ties to Israel’s Unit 8200 and 8200-linked Israeli tech start-ups.
Coincidentally, Phosphorus, as Microsoft calls them, is also the group at the center of the “Iranian hacker” allegations promoted by ClearSky and Zaidenberg, which refers to this same group by the name “Charming Kitten.” The overlap is not very surprising given Microsoft’s long-standing ties to Israel’s Unit 8200 as well as the fact that Microsoft as a company and its two co-founders, Paul Allen and Bill Gates, personally ensured the success of an Israeli intelligence-linked tech company then-led by Isabel Maxwell, Ghislaine Maxwell’s sister who boasts close ties to Israel’s national security state. It is certainly interesting that the four founding members of CTI League share ties to the same military intelligence agencies and associated corporations as well as an interest in the same group of alleged “Iranian hackers.”
While CTI League only publicly identifies the names of its four founding members, further investigation reveals that another member of the league is its program lead for combating Covid-19-related “disinformation” — Sara-Jayne Terp. Terp is a former computer scientist for the UK military and the United Nations and, in addition to her role at the CTI League, she currently co-leads the “misinfosec” (i.e. a combination of misinformation analysis and information security) working group for an organization known as the Credibility Coalition.
The Credibility Coalition describes itself as an effort to “address online misinformation by defining factors that communicate information reliability to readers” and is backed by Google’s News Lab, Facebook’s Journalism Project as well as Craig Newmark Philanthropies and the Knight Foundation. The latter two organizations also back the Orwellian anti-“fake news” initiatives called the Trust Project and the Microsoft-affiliated Newsguard, respectively.
Questionable access granted
Through claims of altruism and partnerships with powerful corporations and government agencies, the CTI League has been able to position itself within the critical infrastructure of hospitals and the U.S. healthcare system as well as attempting to expand into other key networks, such as those tied to dams and even nuclear reactors. It is truly stunning that a group whose unnamed members are “vetted” only by Zaidenberg, Warfield, Mills and Rogers, has been cleared to access critical private and public networks all because of the pandemonium caused by the Coronavirus crisis and the league’s offering of their services “pro bono.”
Notably, a considerable part of the strain that led hospitals and healthcare institutions to request the league’s services, such as budget cuts or the firings of IT staffers, were actually the result of government policy, either due to state or federal budget cuts for healthcare systems or HHS’ efforts to consolidate control over patient data flows into the hands of a few. In other words, these government policies directly led to a situation where hospitals and healthcare institutions would, out of desperation, be more likely to accept the “pro bono” offer of the CTI League than they otherwise would have been under more “normal” conditions.
Another critical fact worth pointing out is that the U.S. and Israeli intelligence communities have been seeding the narrative for over a year regarding the upcoming hacks of critical U.S. infrastructure on or around the US 2020 election, scheduled for November 3rd, by groups affiliated with the governments of Iran, Russia and/or China. As described above, many of the same groups and individuals behind the CTI League have played key roles in seeding aspects of that narrative.
Despite its massive conflict of interest, this opaque group is now nestled within much of the US’ critical infrastructure enjoying little, if any, oversight – ostensibly justified by the league’s “altruism.” As a consequence, the group’s opaqueness could easily lend itself to be used as the springboard for a “false flag” cyberattack to fit the very narrative pushed by Zaidenberg and his affiliates. From a national security perspective, allowing CTI League to operate in this capacity would normally be unthinkable. Yet, instead, this suspect organization is openly partnered with the US government and US law enforcement.
With US intelligence already having conducted such “false flag” cyberattacks through its UMBRAGE program, which allows them to place the “fingerprints” of Chinese, Russian and Iranian-affiliated hackers on cyberattacks that the U.S. actually conducts, any forthcoming cyberattack should be thoroughly investigated before blame is assigned to any state actor. Any such investigation would do well to first look at whether the CTI League was given access to the targets.
Cybereason Announces New Plans to “Accelerate” Access to US Govt Networks Ahead of 2020 Election
By Whitney Webb | The Last American Vagabond | July 27, 2020
A cybersecurity firm tied to Israeli intelligence’s Unit 8200 that simulated a series of terrorist attacks occurring on the U.S. 2020 election has announced a new hire with deep ties to the U.S. intelligence and defense communities with the goal of gaining greater access to U.S. government networks.
A cybersecurity company tied to Israeli intelligence and a series of unnerving simulations regarding cyber-terrorist attacks on the upcoming U.S. elections has recently announced a new hire who plans to aid the company in further penetrating the U.S. public sector. Last Wednesday, the company Cybereason announced that it had hired Andrew Borene as its Managing Director for its recently launched U.S. public sector business. Borene, who boasts longstanding ties to the U.S. intelligence community and the Pentagon, “will accelerate Cybereason’s partner and customer presence in the U.S. public sector,” according to a Cybereason press release.
“My goal is to build a strong business for Cybereason within the U.S. public sector and I am planning to recruit a group of direct support executives, veterans and alumni of the elite [U.S.] military units and agencies that have defended our nation in the information age. I’ll also work to establish a network of the best channel and delivery partners for federal, state and local governments,” Borene said per the press release.
Eric Appel, Cybereason’s General Manager for North American Sales, stated that “We’re excited about Andrew joining Cybereason and the opportunity in the U.S. public sector for Cybereason to make a profound impact on helping the nation’s federal civilian, military, state and local government agencies…”
Borene will likely be successful in his ability to recruit a sales team of prominent alumni from the U.S. intelligence and defense communities to market Cybereason’s products throughout the U.S. government. Prior to joining Cybereason, Borene was a senior advisor to the Intelligence Advanced Research Projects Activity (IARPA), the intelligence community’s “DARPA” equivalent that is housed within the Office of the Director of National Intelligence (ODNI). He served in that capacity on behalf of intelligence contractor Booz Allen Hamilton. Prior to that, Borene served as Associate Deputy General Counsel to the Pentagon and was previously a military intelligence officer for the U.S. Marine Corps.
Borene’s private sector experience is also significant, as he was a senior executive at IBM. Notably, the current Chief Information Officer for the CIA, Juliane Gallina, had served alongside Borene as a top IBM executive prior to taking her current position at the agency. In addition, Borene also boasts ties to Wall Street as a veteran of Wells Fargo’s investment banking division.
In addition, Borene has deep ties to Washington’s foreign policy establishment as a “life member” of the Council on Foreign Relations (CFR) and to the national security-think tank nexus through his senior fellowship at the National Security Institute (NSI). NSI’s board includes former NSA directors, Keith Alexander and Michael Hayden (also a former CIA director); former Deputy Defense Secretary and “architect” of the Iraq War, Paul Wolfowitz; former director of the Defense Intelligence Agency, David Shedd; and a variety of other former top intelligence and defense officials as well as Silicon Valley executives and venture capitalists.
Notably, Borene is the latest addition to Cybereason with ties to the U.S. intelligence and defense communities as the company’s advisors include Robert Bigman, former Chief Information Security Officer for the CIA as well as Peter Sherlock, the former Chief Operating Officer of MITRE corporation, a major intelligence and defense contractor connected to the Ptech-9/11 controversy.
Cybereason: a front for Israeli Military Intelligence
Cybereason’s announcement of its hire of Andrew Borene coincided with its launch of its new “U.S. public sector business,” meaning that Cybereason now seeks to have its cybersecurity software running on even more of the U.S. government’s most classified networks. Cybereason, for years, has already been running on several sensitive U.S. government networks through its partnerships with IT contractors for intelligence and defense, such as Lockheed Martin (also a Cybereason investor), WWT and Leidos. However, Borene’s hire and this new publicly announced pivot towards the U.S. public sector clearly demonstrates the company’s interest in further deepening its presence on U.S. government networks.
Cybereason’s pivot is concerning for several reasons. First, its co-founders are alumni of Israel’s Unit 8200, an elite unit of the Israeli Intelligence corps that is part of the IDF’s Directorate of Military Intelligence and is involved mainly in signal intelligence, surveillance, cyberwarfare and code decryption. It is also well-known for its surveillance of Palestinian civilians and for using intercepted communications as blackmail in order to procure informants among Palestinians living under occupation in the West Bank.
In addition, all three Cybereason co-founders, after leaving Unit 8200, went on to work for two private Israel-based tech/telecom companies with a notorious history of aggressive espionage against the U.S. government: Amdocs and Comverse Infosys (the latter is now known as Verint Systems Inc.). This raises the possibility that Cybereason software could potentially be used as a backdoor by unauthorized actors, given that the company’s co-founders all previously worked for firms that have a history of placing backdoors into U.S. telecommunications and electronic infrastructure as well as aggressively spying on U.S. federal agencies.
Also notable is the fact that the company’s current CEO and co-founder Lior Div was much more than the average Unit 8200 officer during his time in the unit, as he “served as a commander [in Unit 8200] and carried out some of the world’s largest cyber offensive campaigns against nations and cybercrime groups. For his achievements, he received the Medal of Honor, the highest honor bestowed upon Unit 8200 members,” according to his biography. Troublingly, in an interview that Div gave to TechCrunch last year, Div stated that his work at Cybereason is “the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit.”
This is particularly noteworthy given that Israel’s government has openly admitted that an on-going intelligence operation, first initiated in 2012 – the year Cybereason was founded, involves Israeli military intelligence and intelligence operations that had previously done “in house” (i.e. as part of Unit 8200, Mossad, etc.) being spun off into private companies, specifically start-ups in the “cyber” realm.
This operation is part of Israeli Prime Minister Benjamin Netanyahu’s “deliberate policy” to have former members of Israel’s “military and intelligence units … merge into companies with local partners and foreign partners” in order to make it all but impossible for major corporations and foreign governments to boycott Israel and to also to ensure that Israel becomes the world’s dominant “cyber power.”
One notable report on this policy, published by Israeli outlet Calcalist Tech, interviewed dozens of Israeli military, intelligence and government officials and noted that “since 2012, cyber-related and intelligence projects that were previously carried out in-house in the Israeli military and Israel’s main intelligence arms are transferred to companies that in some cases were built for this exact purpose.” The article also states that beginning in 2012, Israel’s intelligence and military intelligence agencies began to outsource “activities that were previously managed in-house, with a focus on software and cyber technologies.”
“Simulating” the Cancellation of the 2020 Election
In light of Cybereason’s background and the “acceleration” of their presence on U.S. government networks, the timing of their redoubled efforts to court the U.S. public sector add additional layers of concern given that it precedes the U.S. 2020 election by a matter of months. Since last year, Cybereason has conducted multiple simulations focused on the 2020 election, which were attended by federal officials from the FBI, DHS and the U.S. Secret Service and all of which ended in disaster. In those simulations, the 2020 election was ultimately canceled and martial law was then declared due to the chaos created by a group of hackers led by Cybereason employees.
Notably, Cybereason stood to gain nothing financially from the simulations given that their software could not have prevented the attacks waged against the U.S.’ electoral infrastructure in the exercise and the company framed their hosting of the simulations as merely “altruistic” because of their professed desire to help “protect” U.S. election infrastructure. The attacks conducted in the simulations by Cybereason employees included creating power grid blackouts, the use of deep fakes to sow confusion, creating havoc with municipal sewage systems and crashing self-driving cars into voters waiting in line to cast their ballots, killing 32 and injuring over a hundred people.
In the months since I first wrote about Cybereason and their 2020 “doomsday” simulations back in January, U.S. government officials and mass media alike have been warning that these same types of attacks that Cybereason simulated are likely to come to pass on this upcoming election day, scheduled for November 3rd of this year. More recently, in less than a week, headlines like “Election Security Experts Expect ‘Chaos’ Unless Action Taken,” “New York’s Pandemic Voting ‘Chaos’ Set to Go Nationwide in November,” and “Foreign adversaries ‘seeking to compromise’ presidential campaigns, intel warns,” among others, have been published in major U.S. media outlets.
While these narratives have asserted that China, Russia and/or Iran will be to blame for such attacks, it is worth noting that a tight-knit web of Israeli state-owned and private companies tied to Israeli military intelligence now run the software controlling key parts of the power grid in New York, California and elsewhere in the U.S.; are the main global producers of deep fakes; and the main providers of “security” software for self-driving and semi-self-driving cars, the quantity of which on U.S. streets has grown dramatically as a result of the coronavirus crisis.
With Cybereason’s newly announced push to run its software on critical U.S. government networks at both the federal and state levels, the company’s history of simulating terror attacks on critical U.S. infrastructure and their openly admitted and on-going ties to Israeli military intelligence deserve more scrutiny than ever as the U.S. election draws closer.
NYC Taxpayers Spending Millions on Cyber Center with Controversial Ties to Israeli Intelligence
Graphic by Claudio Cabrera
By Whitney Webb | MintPress News | February 14, 2020
Early last week, the city of New York launched — with little media scrutiny — one of two new massive cybersecurity centers that will be run by private Israeli firms with close ties to Israel’s government, the so-called “Mega Group” tied to the Jeffrey Epstein scandal and prominent pro-Israel lobby organizations operating in the United States. The centers were first announced in 2018 as was the identity of the firms who would run them: Israel-based Jerusalem Venture Partners and SOSA.
As MintPress has reported on several occasions, all three of these entities have a history of aggressively spying on the U.S. federal government and/or blackmailing top American politicians, raising concerns regarding why these companies were chosen to run the new centers in the heart of Manhattan. The news also comes as Israeli cybersecurity companies tied to Israeli military intelligence Unit 8200 were revealed to have access to the U.S. government’s most classified systems and simulating the cancellation of the upcoming 2020 presidential election.
The new cybersecurity centers are part of a new New York City public-private partnership called “CyberNYC” that is valued at over $100 million and officially aims to “spur the creation of 10,000 cybersecurity jobs and make New York City a global leader in cyber innovation.” CyberNYC is an initiative of New York City’s Economic Development Corporation.
However, the companies that will be responsible for creating those cybersecurity jobs will benefit foreign companies, namely Israeli and most of the jobs to be created will go to foreigners as well, as media reports on the partnership have quietly noted. Those reports also stated that, while the stated purpose of the centers is to create new jobs, the Israeli firms chosen to run them — Jerusalem Venture Partners (JVP) and SOSA — view it as an opportunity to provide Israeli cybersecurity companies with a foothold into the American market and to see Israeli cybersecurity products adopted by both small and medium-sized American businesses, not just large corporations and government agencies.
For example, the founder of JVP and former Knesset member, Erel Margalit, told the Jerusalem Post that “the center we are setting up [in New York] will assist Israeli hi-tech companies in collaborating with customers and companies in the US and around the world.” More recently, ahead of the opening of the cybersecurity center that Margalit’s firm will manage, he told the Times of Israel that “New York is about something else, it’s about the drama of taking investors from Israel and Spain or Paris and other places and taking them to the next business level.” In other words, the companies set to benefit from these new centers will be foreign and mainly Israeli, as JVP invests the vast majority of its funds in Israeli start-ups.
Given that Wilson Lin, the head of CyberNYC, explained the reason behind the initiative is the fact that “there are not enough well-trained people in cyber security to fill the jobs that are required for a safer, more thriving commercial sector,” the statements of JVP’s founder strongly suggests that those “well-trained people” will not be Americans in New York, but will be brought in from abroad, namely Israel’s cybersecurity sector.
Of the companies chosen by CyberNYC to run its new cybersecurity centers, both have clear and demonstrable ties to Israel’s government and military intelligence as well as controversial groups of pro-Israel donors with considerable political clout in the United States.
For instance, Jerusalem Venture Partners was founded by Erel Margalit in 1993, with funding from the Yozma Program, an Israeli government program to “incentivize venture capital investment” in Israel. Since then, it has been a driving force in the development of Israel’s hi-tech sector and regularly collaborates with the Israeli Ministry of Economy and Industry and the EISP (Entrepreneurship and Innovation Support Program) alumni organization of Unit 8200. Today, it is the second largest venture capital fund in Israel.
JVP was also the sole venture capital fund chosen to partner with Israel’s government and military to establish the public-private “cyber hub” in Beersheba. This “hub” not only houses the IDF’s technology campus, but also the Israel National Cyber Directorate, which reports directly to Israel’s Prime Minister, as well as a high-tech corporate park that mostly houses tech companies with ties to Israel’s military intelligence apparatus. The area has been cited in several media reports as a visible indicator of the public-private merger between Israeli technology companies, many of them started by Unit 8200 alumni, and the Israeli government and its intelligence services.
A composite image of the future JVP-funded New York City cyber center. Photo | JVP Press Release
In addition to JVP’s close ties to Israel’s government and its key role in the merging of Israel’s private cybersecurity sector with Israeli military intelligence, JVP also has close ties to the Bronfman family through its Chief Operating Officer and general partner, Fiona Darmon. Prior to working with JVP, Darmon worked for Claridge Israel, the investment arm of the Bronfman family that was founded by Charles Bronfman in 1987.
Charles Bronfman was a one-time business partner of Mossad agent Robert Maxwell, father of Jeffrey Epstein’s alleged madam Ghislaine Maxwell, and co-founded the “Mega Group”, a group of pro-Israel oligarchs with clear and direct ties to organized crime, alongside Leslie Wexner, the main financier of Jeffrey Epstein’s operation that involved the sex trafficking of minors on behalf of Israeli military intelligence.
SOSA was founded much more recently than JVP, yet also has close ties to Israel’s government and military. Created in 2014, SOSA has grown rapidly by connecting mostly Israeli start-ups with investors and through its partnerships with the IDF. This partnership first became clear in 2018, when SOSA created the Homeland Security (HLST) Innovation Hub, which the Times of Israel described as “a first of its kind program that aims to create a defense and security innovation community that will match homeland security and defense industry firms with startups, to help industry giants maintain their leading edge.”
Last year, SOSA became one of two companies to manage the Israeli Ministry of Defense’s program INNOFENSE, an innovation program for civilian tech start-ups in the country’s defense industry. SOSA’s collaboration with the IDF also involves the creation of “joint business activities between international companies, [government] security organizations, investors and startups,” making SOSA a key player in the blurring of the line between Israeli military intelligence and its private tech sector.
SOSA is also directly partnered with two of Israel’s top weapons manufacturers, Rafael Advanced Defense Systems, as well as defense electronics companies ELTA Systems and Elron Electronics, the former parent company of another Israeli weapons manufacturer Elbit Systems. It is also partnered with the Unit 8200 alumni-founded tech company CheckPoint Systems and Leumi Tech, the hi-tech subsidiary of one of Israel’s largest banks, Leumi. Leumi Tech exists only in the U.S. and specifically aims to “provide a comprehensive suite of products and services to Israeli high-tech companies operating in the US.” The bank was recently forced to pay $400 million to the U.S. government for assisting U.S. citizens, most of them dual U.S.-Israeli citizens, in preparing false tax returns and hiding their assets in offshore accounts.
SOSA’s General Manager Guy Franklin is of particular interest, due to his close ties to the Israeli American Council (IAC), a pro-Israel lobby group created by convicted felon and ultra-Zionist millionaire Adam Milstein and largely funded by Sheldon and Miriam Adelson. The Adelsons are also the largest donors to both President Trump and the Republican Party in the United States.
In this photo posted on SOSA’s Facebook page, SOSA execs Uzi Scheffer and Guy Franklin pose in New York’s Time Square
Of the $100 million in funding for the CyberNYC initiative, $30 million comes from New York taxpayers and the remaining funds coming from the program’s partners, which includes Goldman Sachs and the Israeli military intelligence Unit 8200 incubator Team8, a start-up accelerator which has been discussed at length in several past MintPress News reports, including the recent MintPress investigation into the Israeli company Cybereason — a partner of Team8.
Team8, particularly its presence in New York, has long been associated with the push by pro-Israel political donor and American hedge fund manager Paul Singer and Israel’s government to make Israel the global cybersecurity leader as a means of preventing countries from boycotting Israel over human rights violations and war crimes. Team8’s role in CyberNYC will see them not only finance part of the initiative but also training cybersecurity workers who will be hired as part of the partnership.
Singer, who is based in Manhattan, created Start Up Nation Central in 2012 to specifically outsource American tech jobs to Israel in collaboration with top AIPAC officials and Israel’s government. Meanwhile, in parallel, Israel’s government and intelligence apparatus began a policy that same year that involved outsourcing intelligence and military intelligence operations to private companies created for that very purpose, particularly in the field of cybersecurity.
Thus, much as Israel’s cybersecurity industry has long been fused to Israel’s military and intelligence apparati, the Paul Singer-funded and Israel-backed policy has openly sought to bring American companies and government agencies into the fold in order to prevent boycotts of Israel. Though the so-called “anti-BDS laws” that have been passed in several U.S. states are one facet of this push, the use of Israeli tech, namely cybersecurity, sector to pursue this same end has received decidedly less coverage.
New York City has long been a major focus on this policy, with the growth of Israel hi-tech start-ups present in New York and run by former members of Unit 8200 exploding since this policy officially began in 2012. Indeed, Haaretz noted that, between 2013 and 2017 alone, the number of Israeli tech start-ups in New York City grew by fivefold and the number of Unit 8200 alumni working in NYC tech start-ups has also spiked in that same time frame.
The number of Unit 8200 alumni working in NYC’s tech sector has grown so much that they host an annual gala closed to the press where the goal, per Haaretz, is “to try to connect startups and early stage entrepreneurs from 8200 EISP (the Israeli accelerator for Unit 8200 alumni) with clients and venture capital funds in the United States.” One of the main players at that gala is Guy Franklin, the CEO of SOSA, which was chosen to run the other NYC cybersecurity sector.
The decision to create expensive, new cybersecurity centers run by JVP and SOSA, two Israeli firms with clear ties to controversial pro-Israel lobby organization and donors as well as Israel’s government and intelligence apparatus, reveals that not only is this Singer and Israel-backed policy continuing to develop and expand at a rapid pace, but now the money of New York City taxpayers is now being used to propel it to new heights even though that very policy benefits Israel’s economy at the U.S.’ expense.
Whitney Webb is a MintPress News journalist based in Chile. She has contributed to several independent media outlets including Global Research, EcoWatch, the Ron Paul Institute and 21st Century Wire, among others. She has made several radio and television appearances and is the 2019 winner of the Serena Shim Award for Uncompromised Integrity in Journalism.
How Government and Media Are Prepping America for a Failed 2020 Election
Feature photo | Graphic by Claudio Cabrera for MintPress News
By Whitney Webb | MintPress News | January 28, 2020
As World War II drew to a close in Europe, British philosopher Bertrand Russell wrote that “neither a man nor a crowd nor a nation can be trusted to act humanely or to think sanely under the influence of a great fear.”
Though numerous examples in the post-World War II era have proven Russell’s point, perhaps one of the best examples was the U.S. public’s willingness to swallow lie after lie about Saddam Hussein’s Iraq due to the climate of fear that followed the September 11 attacks. Those lies, propagated by dubious intelligence, government officials and a compliant media, resulted in catastrophes – large and small, both abroad and at home.
Today, an analogous narrative is being crafted by many of the same players – both in media and government – yet it has avoided scrutiny, even from independent media.
Over the past several months and with a renewed zeal in just the last few weeks, anonymous intelligence officials, dubious “experts” and establishment media outlets have crafted a narrative about the coming “chaos” of the 2020 election, months before it takes place. Per that narrative, certain state actors will use specific technologies to target the “American mind” in order to undermine the coming presidential election. The narrative holds that those efforts will be so successful that the U.S. will never recover as a democracy.
Though these anonymous government sources and their stenographers have already named the countries who will be responsible and the technologies they will use, they also admit that no evidence yet exists to back up these claims, meaning they are — at best — pure speculation.
Headlines such as “Hackers Are Coming for the 2020 Election — And We’re Not Ready,” “Basically Every US National Security Leader Is Warning About Foreign Interference In The 2020 Election,” and “U.S. intel agencies: Russia and China plotting to interfere in 2020 election” have become increasingly common, despite no available evidence, as have warnings that the American public is defenseless against the old scourge of “fake news” and the new scourge of “deep fakes.” Some media reports have gone so far to say that actual foreign meddling isn’t even necessary as merely the fear of foreign meddling could be enough to upend the American political system beyond repair.
Historically, the goal of such fear-inducing narratives has been the trading of civil liberties for increased security, or rather, the appearance of increased security. Yet, when the need for security is felt due to a fear that is based on government-driven speculation and not on evidence, the goal of that narrative is not about protecting the public from a real, tangible threat but instead about the consolidation of power by the very groups responsible for crafting it — in this case, the intelligence community and other key players in the national security state.
However, what is particularly odd about this narrative surrounding imminent “chaos” and meddling in the upcoming 2020 election is the fact that, not only have the instruments of said meddling been named and described in detail, but their use in the election was recently simulated by a company with deep ties to both U.S. and Israeli intelligence. That simulation, organized and run by the Israeli-American company Cybereason, ended with scores of Americans dead, the cancellation of the 2020 election, the imposition of martial law and a spike in fear among the American populace.
Many of the technologies used to create that chaotic and horrific scenario in the Cybereason simulation are the very same technologies that U.S. federal officials and corporate media outlets have promoted as the core of the very toolkit that they claim will be used to undermine the coming election, such as deep fakes and hacks of critical infrastructure, consumer devices and even vehicles.
While the narrative in place has already laid the blame at the feet of U.S. rival states China, Russia and Iran, these very technologies are instead dominated by companies that are tied to the very same intelligence agencies as Cybereason, specifically Israeli military intelligence.
With intelligence agencies in the U.S. and Israel not only crafting the narrative about 2020 foreign meddling, but also dominating these technologies and simulating their use to upend the coming election, it becomes crucial to consider the motivations behind this narrative and if these intelligence agencies have ulterior motives in promoting and simulating such outcomes that would effectively end American democracy and hand almost total power to the national security state.
Media, intelligence foreshadow tech-powered doom for 2020
Even though the 2020 U.S. election is still months away, a plethora of media reports over the past six months (and even before then) have been raising concern after concern about how the U.S. election is still so vulnerable to foreign meddling that such meddling is essentially an inevitability.
Part of the reason for the recent pick-up in fear mongering appears to have been the release of a joint statement issued by key members of the Trump administration last November. That statement, authored by Attorney General Bill Barr, Defense Secretary Mark Esper, acting DHS Secretary Kevin McAleenan, acting Director of National Intelligence Joseph Maguire, FBI Director Christopher Wray, NSA Director Gen. Paul Nakasone, and Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs, claimed that foreign interference in 2020 was imminent despite admitting that there is no evidence of interference having taken place:
Our adversaries want to undermine our democratic institutions, influence public sentiment and affect government policies. Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions. Adversaries may try to accomplish their goals through a variety of means, including social media campaigns, directing disinformation operations or conducting disruptive or destructive cyber-attacks on state and local infrastructure.
While at this time we have no evidence of a compromise or disruption to election infrastructure that would enable adversaries to prevent voting, change vote counts or disrupt the ability to tally votes, we continue to vigilantly monitor any threats to U.S. elections (emphasis added).”
Despite the key caveat of there being no evidence at the time the statement was issued, media reports used the statement to claim that foreign interference in 2020 was imminent, such as in these reports from BuzzFeed, ABC News, and Newsweek.
In addition to the reports that have cast the involvement of state actors — namely Russia, Iran and China — as assured despite no evidence, other reports have made the claim that this allegedly imminent interference will inevitably be successful, largely due to claims that the tactics used will rely heavily on technology that the U.S. can’t hope to successfully counter. CSO Online, an online news outlets that provides news, analysis and research on security and risk management, recently warned that “fixing America’s voting and election infrastructure problems is a long-term proposition, one that won’t be fixed in time for the election in November” while the New York Times warned of imminent chaos and that “stealthier” malevolent foreign actors had already created the foundation for “an ugly campaign season marred by hacking and disinformation.” Wired claimed last year that U.S. election security “is still hurting at every level.”
In another example, Rolling Stone published an article earlier this month with the headline “Hackers Are Coming for the 2020 Election — And We’re Not Ready,” which claims that “the reality is that: “We’ve made progress since the last election — but we’re much less secure than we should be.” The article goes on to say that claim that the goal isn’t necessarily to hack voting machines or change results, but “to merely create the impression of an attack as a way to undermine our faith in the electoral process.”
It continues:
The target is the minds of the American people,” says Joshua Geltzer, a former counterterrorism director on the National Security Council. “In some ways, we’re less vulnerable than we were in 2016. In other ways, it’s more.” Nearly every expert agrees on this: The worst-case scenario, the one we need to prepare for, is a situation that causes Americans to question the bedrock of our democracy — free and fair elections.”
Well before this type of rhetoric made its way into the U.S. media, Israeli intelligence-linked tech firm Cybereason claimed, in a release on its website that “messing with a voter’s mind” would have a bigger impact than changing vote totals, even before the 2016 election. That release, published by Cybereason prior to the last presidential election, was authored by the company’s CEO, Lior Div, who used to lead offensive hacking operations against nation-states for Israeli military intelligence.
Notably, of all of these media reports, there is a clear consensus that one of the main tactics that will soon be used to meddle in the coming U.S. election will be the use of so-called “deep fakes.” Deriving its name from a combination of “deep learning” and “fake,” deep fakes involve video and audio that has been manipulated using artificial intelligence (AI) to create media that appears to be authentic, but is not. Concern about its use in the upcoming election has spurred not only a wealth of media reports on the matter but has prompted both the U.S. military and Congress to take action to limit its potential misuse.
One thing that stands out about the media narrative regarding election meddling and deep fakes is that several news organizations have published articles that state that deep fakes will be used to undermine the 2020 election, as opposed to stating that they could be used or that they are a phenomenon worthy of attention (though some reports have taken this more measured approach).
The reason for this level of confidence may owe to statements made by prominent U.S. intelligence officials last year, including those made by Dan Coats, the former Director of National Intelligence (DNI), who claimed in the 2019 Worldwide Threat Assessment for the U.S. Intelligence Community that deep fakes and other hi-tech forms of fake media would be used to disrupt the 2020 election. Coats specifically stated:
Adversaries and strategic competitors probably will attempt to use deep fakes or similar machine-learning technologies to create convincing—but false—image, audio, and video files to augment influence campaigns directed against the United States and our allies and partners.”
Since Coats made the warning, numerous media reports have promoted the concern with little scrutiny, representing just one of the numerous times in U.S. history where narratives first authored by U.S. intelligence are subsequently promoted heavily by U.S. media, even when the claim made by intelligence officials is speculative, as it is in this case. Indeed, the narratives being promoted with respect to the 2020 election involve many of the same intelligence agencies (American and Israeli) and media outlets who promoted claims that were later proven false about “weapons of mass destruction” in Iraq prior to the 2003 invasion, among other pertinent examples.
Notably, deep fakes figured prominently and was the tool most used by malevolent hackers in Cybereason’s 2020 election simulation, which saw both video and audio-only deep fakes used to spread misinformation on national and local TV channels in order to impersonate police officers and election officials and to create fake bomb threats by posing as the terror group Daesh (ISIS). Cybereason also happens to be a partner of the organization funding the most well-known creator and producer of deep fakes in the world, an organization that — much like Cybereason itself — is openly tied to Israeli intelligence.
Aside from deep fakes, other technologies weaponized in Cybereason’s election simulation have also been the subject of several media reports, such as the hacking of Internet of Things (IoT) devices and appliances and even the hacking of vehicles that have some form of internet connectivity. In the Cybereason simulation, IoT hacks were used to cut power to polling stations and disseminate disinformation while vehicles were hacked to conduct terror attacks against civilians waiting in line to vote, killing several and injuring hundreds.
Most media reports have claimed that these technologies will be part of the coming “explosion” in cyber warfare in 2020 and do not specifically link them to imminent election meddling. Others, however, have made the link to the election explicit.
Naming the culprits in advance
In addition to the apparent consensus on how foreign meddling will occur during the 2020 election, there is also agreement regarding which countries will be responsible. Again, this is largely based on statements made by U.S. national security officials. For instance, the joint statement issued last November by the DOJ, DOD, DHS, DNI, FBI, NSA, and CISA regarding 2020 election security, states that “Russia, China, Iran, and other foreign malicious actors all will seek to interfere in the voting process or influence voter perceptions” before adding “at this time we have no evidence.”
Similarly, the 2019 Worldwide Threat Assessment for the U.S. Intelligence Community, written by then-Director of National Intelligence Dan Coats, names these same three countries in relation to imminent 2020 election interference and states that their interference in the 2020 election is “almost certain.” The assessment adds the following about each nation:
- Russia: “Russia’s social media efforts will continue to focus on aggravating social and racial tensions, undermining trust in authorities, and criticizing perceived anti-Russia politicians.”
- China: “China will continue to use legal, political, and economic levers—such as the lure of Chinese markets—to shape the information environment. It is also capable of using cyber attacks against systems in the United States to censor or suppress viewpoints it deems politically sensitive.”
- Iran: “Iran, which has used social media campaigns to target audiences in both the United States and allied nations with messages aligned with Iranian interests, will continue to use online influence operations to try to advance its interests.”
Coats’ assessment was enough to spawn numerous stories on the imminent threat that these three nations pose to the 2020 election, with headlines such as “U.S. intel agencies: Russia and China plotting to interfere in 2020 election.”
The vast majority of warnings regarding future election interference have come from U.S. intelligence officials with a dubious record of trustworthiness and a history of using the media to spread propaganda and disinformation, most famously through Operation Mockingbird. Most — if not all — of the recent and numerous articles on imminent interference rely heavily on claims made by the two aforementioned government documents, documents crafted by U.S. intelligence agencies for public consumption, as well as claims made by anonymous U.S. officials.
A screenshot from the 2019 National Threat Assessment lists Russia, China and Iran as primary threats to the United States
A recent New York Times article, for example, titled “Chaos Is the Point’: Russian Hackers and Trolls Grow Stealthier in 2020,” is based almost entirely on “interviews with dozens of officials and experts,” though the only government official named in the article is Shelby Pierson, the intelligence community’s election threats executive. The most quoted experts named in the article are Ben Nimmo, formerly of the hawkish, NATO-funded Atlantic Council and now with Graphika, and Laura Rosenberger, director of the neoconservative-created Alliance for Securing Democracy. The article nonetheless cites “American officials” and “current and former officials” several times to make claims about imminent election interference that paint a bleak picture of the current election season.
A recent article from The Hill relies on the acting head of DHS, Chad Wolf, as its only source, citing Wolf’s claim that “we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions” amid other warnings that Wolf gave about Chinese and Iranian cyber threats to U.S. elections. Other articles, including one titled “Russia, China plan to adjust their tactics to hack, influence 2020 elections” cite only Shelby Pierson of the U.S. intelligence community as its source for that headline’s claim. Another titled “Russia isn’t the only threat to 2020 elections, says U.S. intel” cites only anonymous U.S. intelligence officials, as the headline suggests.
Though Russia and China have consistently been named as the most likely election meddlers, reports have also been drumming up the likelihood that Iran will emerge as 2020’s foreign meddler of choice, especially in the months prior to and weeks after the killing of Iranian General Qassem Soleimani by the Trump administration. A recent “informal poll” conducted by the Washington Post asked hawkish think tank fellows, employees at companies like Raytheon and current and former federal officials if Iran would likely retaliate against the U.S. via cyberattack. The Post ran the results of the poll under the headline “Get ready for serious cyberattacks from Iran, experts say.”
Despite the media’s numerous warnings of imminent and “serious” cyber-retaliation from Iran, the only cyberattack attributed to the country after Soleimani’s death was the vandalism of the Federal Depository Library Program website, a rather benign act that was nevertheless blasted across headlines such as “US government website hacked with pro-Iranian messages, image of bloodied Trump.” The U.S. government is quoted in that article as saying that “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors.”
Also notably absent from media reports is the fact that WikiLeaks revealed in 2017 that the CIA had stockpiled a library of “stolen” cyberattack techniques produced in other nations, including Russia and Iran. Those revelations, part of the Vault 7 release, revealed that the CIA’s UMBRAGE group was capable of “misdirect[ing] attribution [for cyberattacks actually done by the CIA] by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.” In other words, the CIA was more than capable of conducting “false flag” cyber attacks and blaming them on foreign actors.
Notably, one of the viruses being blamed on Iran for cyberattacks targeting the U.S. ahead of the 2020 election — called Shamoon — was “stolen” by the CIA’s UMBRAGE and cited in the WikiLeaks release.
Conflict of interest-ridden Microsoft “defends democracy”
Last year saw the tech behemoth Microsoft join the effort to blame foreign state actors, specifically Iran, for cyberattacks against the U.S. This helped to bolster assertions that had largely originated with a handful of U.S. intelligence officials and hawkish, neoconservative-aligned think tanks as media reports on Microsoft’s related claims treated the company as an independent private sector observer.
Yet, as MintPress investigations have revealed, Microsoft has clear conflicts of interest with respect to election interference. Its “Defending Democracy” program has spawned tools like “NewsGuard” and “ElectionGuard” that it claims will help protect U.S. democracy, but — upon closer examination — instead have the opposite effect.
Last January, MintPress exposed NewsGuard’s neoconservative backers and how special interest groups were backing the program in an effort to censor independent journalism under the guise of the fight against “fake news.” Subsequent investigations revealed the risk that Microsoft’s ElectionGuard poses to U.S. voting machines, which it claims to make more secure and how the platform was developed by companies closely tied to the Pentagon’s infamous research branch DARPA and Israeli military intelligence Unit 8200.
ElecionGuard software has since been adopted by numerous voting machine manufacturers and is slated to be used in some Democratic Primary votes. Notably, the push for the adoption of ElectionGuard software has been spearheaded by the recently created Cybersecurity and Infrastructure Security Agency (CISA), which is the federal agency tasked with overseeing election security and is headed by Christopher Krebs, a former high level Microsoft executive.
In recent months, Microsoft has also been at the center of claims that Iran attempted to hack U.S. presidential campaigns ahead of 2020 as well as claims that Iran plans to target the U.S. power grid and other critical infrastructure with cyberattacks.
Last October, Microsoft penned a blog post discussing a “threat group” it named Phosphorus that they “believe originates from Iran and is linked to the Iranian government.” The post went on to claim that Phosphorus attempted to target a U.S. presidential campaign, which later media reports claimed was President Trump’s re-election campaign. Microsoft concluded that the attempt was “not technically sophisticated” and ultimately unsuccessful, but felt compelled to disclose it and link it to Iran’s government.
Though it provided no evidence for the hack or its reasons for “believing” that the attack originated from Iran, media reports treated Microsoft’s declaration as proof that Iran had begun actively meddling in the 2020 election. Headlines such as “Iranian Hackers Target Trump Campaign as 2020 Threats Mount,” “Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says”, “Microsoft: Iran government-linked hacker targeted 2020 presidential campaign” and “Microsoft Says Iranians Tried To Hack U.S. Presidential Campaign,” were blasted across the front pages of American media. None of the reports scrutinized Microsoft’s claims or noted the clear conflict of interest Microsoft had in making such claims due to its efforts to see its own ElectionGuard Software adopted nationwide.
Media reports also left out the fact that Microsoft is a major government contractor for the U.S. intelligence community and the Pentagon. Notably, the Trump campaign, which Microsoft said was the target of this attack, was later identified as the only major presidential campaign using Microsoft’s “AccountGuard” software, part of its dubious “Defending Democracy” program that also spawned NewsGuard and ElectionGuard. AccountGuard claims to protect campaign-linked emails and data from hackers.
Microsoft surfaced not long after, again claiming that Iran was maliciously targeting the United States’ civilian infrastructure. This subsequent claim was first published by Wired and later covered by other outlets. Those reports cite a single person, Microsoft security researcher Ned Moran, who claimed that an Iran-backed hacking group called APT33 was targeting the U.S. “physical control systems used in electric utilities, manufacturing, and oil refineries.”
“They’re trying to deliver messages to their adversaries and trying to compel and change their adversaries’ behavior,” Moran told Wired. Moran also stated that “Microsoft hasn’t seen direct evidence of APT33 carrying out a disruptive cyberattack rather than mere espionage or reconnaissance, it’s seen incidents where the group has at least laid the groundwork for those attacks (emphasis added).”
Cybereason helps craft the narrative
While U.S. intelligence officials and media outlets alike have been largely responsible for setting the narrative that imminent meddling will be conducted by Russia, China and Iran, key components of that narrative, particularly with respect to China and Iran, have been laid by Cybereason, a company that recently ran 2020 doomsday election simulations and that has close ties to the intelligence communities of both the U.S. and Israel.
Shortly after the killing of Iranian General Qassem Soleimani earlier this month, an operation conducted in concert with Israeli intelligence, Cybereason warned that Iran could imminently retaliate with a cyber threat and quoted its own employees who explained what and how Iran would likely target in retaliation. Cybereason’s CSO Sam Curry, who actively participated in the firm’s 2020 doomsday election simulations, stated:
This means that Iran’s “forceful revenge” response is likely to be less about the flash and all about the bang. If you have connected systems that are responsible for kinetic world effects, like ICS systems and critical infrastructure around water, energy or vital services, it’s time to pay attention. Iran and the US are engaged in Cyber brinksmanship, which means that the gloves are off as Iran picks it’s targets (emphasis added).”
Cybereason also quoted visiting fellow for the National Security Institute and former advisor to the U.S. Secret Service (which participated in Cyberaeson’s election simulations), Anne Marie Zettlemoyer, who claimed that Iran could soon target Wall Street and critical U.S. infrastructure like the power grid:
An attack against the financial systems can be devastating economically and weaken the confidence and viability of markets. However, we cannot ignore the physical consequences and manifestations that can come from a cyberattack, particularly against critical infrastructure like energy and industry control systems.”
Cybereason’s claims regarding Iran’s interest in “critical infrastructure” systems likely originated with Microsoft, the claims were then parroted by the media in several reports, many of which quoted Cybereason’s Sam Curry. Curry is also a contributor to major news outlets like Forbes where he writes about Iran’s cyber warfare capabilities.
Notably, in Cybereason’s recent allegations against Iran, it states that “it’s clear that Iran has been preparing for future geopolitical conflict by gaining access to critical infrastructure and other important operations in the United States.” It backs these claims by citing an article authored by Curry for Forbes. Following Soleimani’s death, numerous media reports, including in the UK’s The Independent and ABC News, have cited Curry as an “expert” source in claiming that Iran would retaliate with cyberattacks.
Microsoft’s claims about foreign hackers and meddling — the evidence for which have never been made public but has been parroted as fact nonetheless — are frequently supported by Cybereason.
Last August, Microsoft claimed to have foiled Russian attempts at hacking two Republican-affiliated think tanks and, despite providing no evidence, Cybereason’s then-senior director of intelligence services Ross Rustici was quoted as an expert in several media reports as saying that such behavior was to be expected from Russia. In one such report, Rustici stated:
We’re very good at fighting the last war, but the Russians are very good at evolving their game. I suspect if they’re going to do a psychological operation around the elections, the way they do it will be different than what they did in 2016. How effective the defenses we’ve built for what they did in 2016 will be for those attacks is yet to be seen.”
None of the media reports quoting Rustici mentioned Cybereason’s ties to Israeli intelligence, referring to tech firms only a “Boston-based cybersecurity company” and similar variants. Cybereason’s Intelligence Group is stuffed with former and active members of U.S. and Israeli intelligence services and has released several reports about nation-state hacking with a focus on Russia and China.
Cybereason has also been at the forefront of claims that China has been engaged in aggressive cyberattacks against multinational companies that have also seen widespread coverage in U.S. media, despite the untransparent nature of the evidence for Cybereason’s claims.
In a story that received major coverage from outlets such as Fox News, Reuters, CNBC and others, Cybereason unveiled what it called “Operation Soft Cell,” an operation that stole mass troves of data from several global telecommunications companies. In each story, Cybereason is the sole source of the claim and declined to provide the name or location of any of the affected companies. The firm also claimed to have determined that the attack was likely perpetrated by someone “backed by a nation state, and is affiliated with China.” It further claimed to have debriefed and coordinated responses with U.S. intelligence.
In an article for Reuters, Cybereason stated that “this time as opposed to in the past we are sure enough to say that the attack originated in China” while Cybereason separately told CyberScoop that it had “found hacking tools such as a modified web shell and a remote access trojan that are commonly associated with, but not unique to, Chinese hackers.” Despite the incongruity, media reports laid the blame squarely on China, as seen in headlines such as “Chinese spies have been sucking up call records at multinational telecoms, researchers say.”
Prior to uncovering Operation Soft Cell, Cybereason had warned on its blogs in the months and years prior that China would imminently target U.S. companies. The revelation of Operation Soft Cell — which originated exclusively with Cybereason — has been used to build the case that China is openly engaged in cyberwarfare against its rival states, like the United States, and targeting “democracy itself.”
Best Known Deep Fake Creator is Funded by Israeli Intelligence
While the media, and even Cybereason itself, have helped lay the foundation to blame specific state actors for 2020 election meddling well ahead of the fact, it is worth revisiting Cybereason’s “Operation Blackout” election simulation and the tactics used by the “bad actors” in that scenario.
That simulation, discussed in detail in the first installment of this series, saw the weaponization of specific technologies, namely deep fakes, hacks of Internet of Things (IoT) devices and hacks of vehicles, in order to target the 2020 U.S. election, resulting in the cancellation of the election and the imposition of martial law.
Given the current narrative regarding what state actors are likely to meddle in the 2020 election — namely Russia, China and Iran — and the tactics they will allegedly use, it is important to explore the sources of the technologies weaponized per that narrative as well as in “Operation Blackout.”
Indeed, if there is any clear overlap between the creators of those technologies and the state actors being blamed in advance for their imminent use, it would certainly lend credibility to the claims promoted by U.S. intelligence, the media and companies like Microsoft and Cybereason.
Yet, upon closer examination, it becomes clear that the companies and state actors most involved in developing these technologies are the very ones claiming that Russia, China and Iran will use them to undermine the 2020 election.
Take for instance the use of deep fakes. Not only have numerous media reports focused on how deep fakes will be used to meddle in the 2020 elections, but Cybereason’s doomsday election simulation saw “bad actors” rely heavily on their use to spread disinformation and even make fake bomb threats. While much has been said of the coming election and deep fakes, remarkably few reports have bothered to look at the company best known for creating viral deep fakes.
Canny AI has garnered considerable media attention over the past few years for its persuasive deep fake videos that have frequently gone viral. In the last year alone, the tech firm’s viral deep fakes have included a controversial video of Mark Zuckerberg where the Facebook co-founder appears to be saying “Imagine this for a second: One man, with total control of billions of people’s stolen data, all their secrets, their lives, their futures,” as well as a video showing Richard Nixon giving a speech he never actually gave. More recently, Canny AI was behind the viral videos immediately prior to the 2019 U.K. general election that appeared to show Jeremy Corbyn and his rival Boris Johnson endorsing each other and another video that showed world leaders singing John Lennon’s “Imagine”:
Oddly, many of the media reports that discuss these viral videos fail to mention the role of Canny AI in creating these viral deep fakes and instead only mention the organization or artists with whom Canny AI partnered to create them. For instance, the Corbyn-Johnson videos were reported to have been produced by the group Future Advocacy and artist Bill Posters, but it was actually Canny AI that created those videos for that group. Similarly, the Nixon Speech deep fake was reported by several outlets as having been solely created by MIT’s Center for Advanced Virtuality. However, the Boston Globe noted that “the [MIT] team worked with Canny AI, an Israeli company that does Video Dialogue Replacement, and Respeecher, a Ukrainian startup specializing in speech-to-speech synthetic voice production” to create the video.
The Zuckerberg deep fake that Canny AI created led to lots of positive press for the company, with several media reports dubbing them as the company using “deep fakes for good” and that uses the controversial technology “responsibly.” The Zuckerberg deep fake has been cited as one of the main drivers behind Facebook’s new “deep fake” policy, which only bans some deep fake videos and has been criticized by U.S. lawmakers as insufficient. Notably, neither Facebook nor Facebook-owned Instagram ever took down Canny AI’s deep fake of Zuckerburg.
Given the concern over deep fakes in relation to the coming election and Canny AI standing out as the main producer of deep fakes that have gone viral over the past year, it is important to point out that Canny AI has ties to a state actor with a history of election meddling: the state of Israel.
Indeed, Canny AI is 100 percent funded by an Israeli start-up accelerator called Xcelerator, a joint venture between Tel Aviv University and Israeli intelligence agency Shin Bet (sometimes called Shabak). According to Start Up Nation Central, the Paul Singer-created organization that promotes Israeli technology start ups, Xcelerator-funded “start-ups participating in the program benefit from close mentoring from content and technology experts from the Shabak, experts from Tel Aviv University, and industry leaders. The connection to the Shabak also provides the entrepreneurs with ways to test the capabilities of their technologies and cooperation opportunities (emphasis added).”
In addition, Xcelerator is partnered not only with Israeli intelligence directly, but also with Cybereason, the very company that explored the use of deep fakes in the 2020 U.S. presidential election that saw the election cancelled and martial law declared as well as a company that itself has deep ties to Israeli intelligence. Other notable partners of Xcelerator include NEC Corp, which has intimate ties to top Cybereason investor Softbank; Check Point Technologies, which has ties to Israeli military intelligence Unit 8200; and the Israeli start-up accelerator Team8. In previous reports published by MintPress, Team8 was discussed in detail, particularly their recent hire of former director of the NSA and former head of U.S. Cyber Command Mike Rogers, and their close ties to Paul Singer’s Start Up Nation Central, which itself has deep ties to U.S. neoconservatives.
It is also worth noting that Xcelerator also backs an “anti-fake news” start-up called Cyabra, which has direct ties to Israel’s Mossad and offers its AI-driven “disinformation protection” to government agencies as well as politicians, particularly during election seasons. Two of Cyabra’s co-founders previously co-founded Psy-Group, which attempted to interfere in the 2016 U.S. election by weaponizing “fake news” and social media and later closed down its operations after U.S. government scrutiny into its activities began as part of the Mueller investigation.
Psy-Group also engaged in doxxing campaigns targeting Palesintian rights activists in the U.S. which were planned in conjunction with Ram Ben-Barak, the former deputy director of the Mossad who now advises Cyabra. Given that much of the concern ahead of the next election is related not only to deep fakes but also “fake news,” Cyabra’s rise and its clear ties to Mossad and the now defunct Psy-Group are important to note.
Furthermore, in examining the other technologies weaponized during Cybereason’s 2020 election simulation and cited in the aforementioned media narrative regarding 2020 meddling, a pattern similar to that of Canny AI emerges.
Indeed, the other technologies linked to these “bad actors” and foreign meddlers — namely hacking IoT devices and hacking vehicles — are also pioneered by companies with deep ties to Israeli military intelligence, specifically Unit 8200, and Israeli tech companies that have aggressively spied on U.S. government institutions in collusion with Israeli intelligence in the past, namely Comverse (now Verint) and Amdocs.
Hacking the Internet of Things
In Cybereason’s doomsday election simulation, another of the tactics used was the hacking of devices and appliances connected to the internet, often referred to as the Internet of Things (IoT) and which includes everything from smartphones to power grid infrastructure to city traffic lights.
While most reports on IoT hacks to date have focused on “lone wolf” or non-state-aligned actors, one company has stood out for its efforts to create a tool that would allow governments and intelligence agencies to hack these devices with ease. That company, called Toka, announced in 2018 that it planned to offer “a one-stop hacking shop for governments that require extra capability to fight terrorists and other threats to national security in the digital domain,” with “a special focus on [hacking] the so-called Internet of Things (IoT), covering tech like Amazon Echo, Nest connected home products, as well as connected fridges, thermostats and alarms.”
The Israel-based company, which raised $12.5 million within months of launching, has since been busy marketing its services to governments around the world, most recently France where it described its product portfolio as “empower[ing] governments, Intelligence, and law enforcement agencies to enhance Homeland Security with groundbreaking cyber-intelligence and operational capabilities” during an exposition in Paris last November.
Even though Toka openly markets the ability to hack private consumer devices to governments and law enforcement agencies around the world, the clear threat to privacy has gone ignored by media outlets as the company has garnered nearly no media attention since it launched nearly two years ago.
Yet, Toka is not only notable for what it offers but also for its founders and investors. Indeed, the co-founders of Toka have been described as an “all-star” team, largely because of the role of former Israeli Prime Minister and former head of Israeli military intelligence, Ehud Barak. Barak, in addition to co-founding the company, serves as its director and is also the chairman of the board of the controversial Israeli company Carbyne911, which markets software to emergency call centers in the United States. Interestingly, Cybereason’s 2020 doomsday election simulation also dealt with the hacking and weaponization of 911 call centers. Also of note is the fact that another of Carbyne911’s leadership team, former Unit 8200 commander Pinchas Buchris, is an adviser to Cybereason.
Toka’s top brass is a who’s who of former Israeli military and intelligence officials
In addition to Barak, Toka was co-founded by retired Brigadier General Yaron Rosen, former Chief of the IDF’s cyber staff, where he was “the lead architect of all [IDF] cyber activities” including those executed by Israeli military intelligence Unit 8200. Rosen, who now serves as Toka’s CEO, has stated that Toka’s technology will only be sold to countries allied with the U.S. and Israel, telling Forbes that “Russia, China and ‘other enemy countries’ would never be customers.”
Toka’s leadership and software architects are similarly tied into Israel’s national security state. Several — including the “architect” of its hacking software — previously worked for Israel’s Prime Minister’s Office and developed “offensive technologies” for Israel’s head of state and other top Toka employees and executives share numerous connections to Unit 8200, other divisions of Israeli military intelligence and Unit 8200-connected tech companies like Check Point Technologies.
Though Toka’s leadership team makes its ties to Israeli military intelligence abundantly clear, important connections also appear in examining Toka’s investors. One of the major investors in Toka is Dell technologies, one of the world’s largest technology companies that was founded by Michael Dell, a well-known pro-Israel partisan who has donated millions of dollars to the Friends of the IDF and one of the top supporters of the so-called “anti-BDS” bills that prevent publicly employed individuals or public institutions from supporting non-violent boycotts of Israel, even on humanitarian grounds. It goes without saying that a major technology company investing in a company that markets the hacking of that very technology (computers, IoT, smartphones, etc.) should be a red flag.
With a major foot in the door through its connections to Dell, whose products are used by the private and public sectors around the world, other investors in Toka again reveal its ties to Israel’s military intelligence and the same controversial Israeli tech companies that have aggressively spied on the U.S. government in the past — Amdocs and Comverse. For instance, Entrèe Capital, a venture capital fund that is one of Toka’s main investors, is managed by Aviad Eyal and Ran Achituv. The latter, who manages Entrée’s investment in Toka and sits on Toka’s board of directors, is the founder of the IDF’s satellite-based signals intelligence unit and also a former senior Vice President at both Amdocs and Comverse Infosys (Verint).
Another notable investor in Toka is the venture capital firm Andreesen Horowitz, which is advised by former Secretary of the Treasury Larry Summers, a close friend of the infamous pedophile Jeffery Epstein, whose own ties to Israeli military intelligence have been discussed in several MintPress reports. Epstein was also a close friend of Ehud Barak, co-founder and director of Toka, and invested at least $1 million in another company with close ties to Barak, Carbyne911. The remaining investors in Toka are Launch Capital, which is deeply tied to the Pritzker family — one of the wealthiest families in the U.S. with close ties to the Clintons and Obamas as well as the U.S.’ pro-Israel lobby, and Ray Rothrock, a venture capitalist who spent nearly three decades at VenRock, the Rockefeller family venture capital fund.
Unit 8200 – From Hacking Cars to Protecting Them?
Arguably the most disturbing aspect of Cybereason’s “Operation Blackout” election simulation was the hacking of vehicles that were then rammed into civilians waiting in line to vote at polling stations. In the simulation, this led to scores of dead Americans and hundreds of injuries.
As was the case with other technologies used to undermine the 2020 election in the simulation, this technology — the hacking of vehicles — is the bread and butter of an Israeli cybersecurity firm called Upstream Security that specializes in automobiles and boasts deep ties to the country’s military intelligence service.
Though vehicle hacking seemed out of left field when the 2020 election simulation took place last November, media reports about the imminent dangers of “car hacking” began to emerge just a month after the exercise took place, most of which cited a December 2019 report created by Upstream. Some of those reports have warned that car hacking could be used to undermine the coming U.S. election.
One report titled “Car Hacking Hits the Streets,” cites only Upstream’s report to claim that “In 2020, the connected-car market will reach a tipping point, with the majority of vehicles already connected to the Internet when sold in the United States, representing a large base of potential targets for attacks.” Another report, titled “New study shows just how bad vehicle hacking has gotten,” uses Upstream’s report (i.e. study) to claim that hacks of regular vehicles have exploded since 2016 and that most of the cars on U.S. roads today are vulnerable to hackers and that over 80 percent of those hacks occur remotely.
Neither report noted Upstream’s ties to Israeli military intelligence. Equally notable is the fact that both reports that covered the Upstream-written study say that only manufacturers can address the problem by partnering with a company like Upstream.
A screenshot from an Upstream promotional video
Lucky for Upstream, they have already partnered with a slew of auto manufacturers, including Hyundai, Volvo, Renault and even U.S. auto insurance giants like Nationwide, who now number among Upstream’s most important investors. The company’s original investors are Charles River Ventures, one of Cybereason’s first investors, and Israeli venture capital firm Glilot Capital.
Glilot Capital’s interest in Upstream is telling given the firm’s deep ties to Israel’s Unit 8200. Glilot was founded by two former Israeli military intelligence officers and has “a heavy focus on the cyber sector and the entrepreneurs who emerge from the elite Unit 8200,” according to the Jerusalem Post. Even the name of the firm is an homage to Unit 8200, as the unit’s main base is located in Glilot, near Herzliya.
“It’s as if Americans called a VC Fort Meade Capital [the US Army base in Maryland where the National Security Agency and the United States Cyber Command are headquartered], some VC names are meant to be symbolic, as in our case. Glilot is the home of several of the best intelligence and technology units in the IDF, it’s where we came from and it is where we find our best entrepreneurs,” Glilot Capital co-founder Arik Kleinstein told the Jerusalem Post in 2016.
Upstream is certainly the type of company that Glilot Capital is used to investing in. It was founded by two Israelis who both served in the IDF, with one of them serving in an elite intelligence unit. Upstream’s co-founders, Yoav Levy and Yonathan Appel, met while working at Check Point Technologies, the Unit 8200 alumni-founded company with deep ties to Israel’s military intelligence and military-industrial complex as well as the IoT hacking company Toka. Notably, Upstream recently partnered with the Japanese company Fujitsu, a longtime partner with Softbank — Cybereason’s main investor.
Softbank has also invested heavily in another Unit 8200-founded vehicle security start-up called Argus Cyber Security, a firm known for its numerous demonstrations showing how easy it is to hack vehicles. Argus is also backed by Nadav Zafrir, the former Unit 8200 commander who now runs Team8. Argus’ CEO Ofer Ben-Noon, a former captain in Unit 8200, told Forbes in 2014 that “Everything will be hacked in every single [car] brand. It will take time, it might be weeks, months, or a couple of years, but eventually it will happen.”
Since then, Unit 8200 alumni from Argus, Upstream and other Israeli automobile cybersecurity firms have shown media outlets around the world how much easier hacking vehicles has become in the years since Ben-Noon first made the claim. One such report from VICE includes a vehicle hacking demonstration, courtesy of a Unit 8200 alumni, and notes that “most cars today are susceptible to hacker attacks.”
Of course, Unit 8200 isn’t the only intelligence agency known to be experts at hacking vehicles. Indeed, in 2017, WikiLeaks revealed that the CIA was capable of hacking vehicles and exploring their use in committing “undetectable assassinations.”
“Bring down nations to their knees”
At the Tel Aviv Cybertech Conference in 2017, Israeli Prime Minister Benjamin Netanyahu stated the following:
Today warfare has changed dramatically…With a click of a button, you can bring down nations to their knees very rapidly if you so desire and if you’re willing to take the risks, because every system can be hacked. Our hospitals, our airplanes, our cars, our banks. The most important word here is our data banks, they can be hacked.”
Media reports and even members of the Israeli public and private sector have openly acknowledged that Israel’s intelligence apparatus — from Unit 8200 to the Mossad — remains directly linked to many of the private technology companies founded by its former members, especially in the field of cybersecurity. Though reports on the matter often praise this merging of Israel’s public and private spheres, they rarely acknowledge the documented corruption within Unit 8200, the unit’s dark past in recruiting felons and even pedophiles to join its ranks, or the danger posed by having companies directly linked to foreign intelligence being given access to the U.S. government’s most classified and sensitive systems and data.
The last omission is particularly troubling given that Israeli intelligence has not only been caught aggressively using private tech companies to spy on U.S. federal agencies and networks, but also intercepting the private communications of at least two U.S. presidents and using a notorious pedophile to sexually blackmail American politicians.
As was mentioned in the first installment of this series, Cybereason’s CEO Lior Div offers a clear example of this worrisome bridge between Israel’s public and private sector, as Div has openly stated that he views his work at Cybereason as a “continuation” of his service to Israeli military intelligence, where he led offensive cyberattacks against other nations.
Given Div’s past statements and his company’s clear ties to both Israeli and U.S. intelligence, Cybereason’s simulation of the 2020 U.S. election — which involved terrorist attacks and led to the election’s cancellation and the imposition of martial law — is highly concerning. This is particularly so considering that Cybereason’s investors have direct ties to individuals who would benefit from the election’s cancellation and also considering the clear narrative that has emerged in recent months regarding how the coming election will inevitably fall victim to tech-driven “chaos” in coming months.
The clear overlap between Cybereason’s simulation and the intelligence-driven media narrative is clear cause for concern, especially considering that the technologies that they highlight as ultimately upending the election are dominated by the very same intelligence agencies simulating and crafting that narrative.
The keyword that has been used to describe the end result of both Cybereason’s simulation and the prevailing media narrative regarding the 2020 election is “chaos,” chaos so imminent, widespread and unruly that it will shake American democracy to its core.
What has been left unsaid, however, is that a government’s solution to “chaos” is always the imposition of “order.” This means that — whatever “chaos” ultimately ensues prior to or on election day — will result in a government response that will do much more to crush freedom and undermine democracy than any act of foreign meddling has, be it real or imagined.
Whitney Webb is a MintPress News journalist based in Chile. She has contributed to several independent media outlets including Global Research, EcoWatch, the Ron Paul Institute and 21st Century Wire, among others. She has made several radio and television appearances and is the 2019 winner of the Serena Shim Award for Uncompromised Integrity in Journalism.
How an Israeli Spy-Linked Tech Firm Gained Access to the US Gov’t’s Most Classified Networks
Graphic by Claudio Cabrera
By Whitney Webb | MintPress News | January 14, 2020
If the networks of the U.S. military, the U.S. intelligence community and a slew of other U.S. federal agencies were running the software of a company with deep ties, not only to foreign companies with a history of espionage against the U.S. but also foreign military intelligence, it would — at the very least — garner substantial media attention. Yet, no media reports to date have noted that such a scenario exists on a massive scale and that the company making such software recently simulated the cancellation of the 2020 election and the declaration of martial law in the United States.
Earlier this month, MintPress News reported on the simulations for the U.S. 2020 election organized by the company Cybereason, a firm led by former members of Israel’s military intelligence Unit 8200 and advised by former top and current officials in both Israeli military intelligence and the CIA. Those simulations, attended by federal officials from the FBI, DHS and the U.S. Secret Service, ended in disaster, with the elections ultimately canceled and martial law declared due to the chaos created by a group of hackers led by Cybereason employees.
The first installment of this three part series delved deeply into Cybereason’s ties to the intelligence community of Israel and also other agencies, including the CIA, as well as the fact that Cybereason stood to gain little financially from the simulations given that their software could not have prevented the attacks waged against the U.S.’ electoral infrastructure in the exercise.
Also noted was the fact that Cybereason software could be potentially used as a backdoor by unauthorized actors, a possibility strengthened by the fact that the company’s co-founders all previously worked for firms that have a history of placing backdoors into U.S. telecommunications and electronic infrastructure as well as aggressive espionage targeting U.S. federal agencies.
The latter issue is crucial in the context of this installment of this exclusive MintPress series, as Cybereason’s main investors turned partners have integrated Cybereason’s software into their product offerings. This means that the clients of these Cybereason partner companies, the U.S. intelligence community and military among them, are now part of Cybereason’s network of more than 6 million endpoints that this private company constantly monitors using a combination of staff comprised largely of former intelligence operatives and an AI algorithm first developed by Israeli military intelligence.
Cybereason, thus far, has disclosed the following groups as lead investors in the company: Charles River Ventures (CRV), Spark Capital, Lockheed Martin and SoftBank. Charles River Ventures (CRV) was among the first to invest in Cybereason and has been frequently investing in other Israeli tech start-ups that were founded by former members of the elite Israeli military intelligence Unit 8200 over the last few years. Spark Capital, based in California, appears to have followed CRV’s interest in Cybereason since the venture capitalist who co-founded Spark and led its investment in Cybereason is a former CRV partner who still has close ties to the firm.
While CRV and Spark Capital seem like just the type of investors a company like Cybereason would attract given their clear interest in similar tech start-ups coming out of Israel’s cyber sector, Cybereason’s other lead investors — Lockheed Martin and SoftBank — deserve much more attention and scrutiny.
Cybereason widely used by US Government, thanks to Lockheed
“A match made in heaven,” trumpeted Forbes at the news of the Lockheed Martin-Cybereason partnership, first forged in 2015. The partnership involved not only Lockheed Martin becoming a major investor in the cybersecurity company but also in Lockheed Martin becoming the largest conduit providing Cybereason’s software to U.S. federal and military agencies.
Indeed, as Forbes noted at the time, not only did Lockheed invest in the company, it decided to integrate Cybereason’s software completely into its product portfolio, resulting in a “model of both using Cybereason internally, and selling it to both public and private customers.”
Cybereason CEO and former offensive hacker for Israeli military intelligence — Lior Div — said the following of the partnership:
Lockheed Martin invested in Cybereason’s protection system after they compared our solution against a dozen others from the top industry players. The US firm was so impressed with the results they got from Cybereason that they began offering it to their own customers – among them most of the top Fortune 100 companies, and the US federal government. Cybereason is now the security system recommended by LM to its customers for protection from a wide (sic) malware and hack attacks.”
Rich Mahler, then-director of Commercial Cyber Services at Lockheed Martin, told Defense Daily that the company’s decision to invest in Cybereason, internally use its software, and include the technology as part of Lockheed Martin’s cyber solutions portfolio were all “independent business decisions but were all coordinated and timed with the transaction.”
How independent each of those decisions actually was is unclear, especially given the timing of Lockheed Martin’s investment in Cybereason, whose close and troubling ties to Israeli intelligence as well as the CIA were noted in the previous installment of this investigative series. Indeed, about a year prior to their investment in the Israeli military intelligence-linked Cybereason, Lockheed Martin opened an office in Beersheba, Israel, where the IDF has its “cyberhub”. The office is focused not on the sales of armaments, but instead on technology.
Marilyn Hewson, Lockheed Martin’s CEO, said the following during her speech that inaugurated the company’s Beersheba office:
The consolidation of IDF Technical Units to new bases in the Negev Desert region is an important transformation of Israel’s information technology capability… We understand the challenges of this move. Which is why we are investing in the facilities and people that will ensure we are prepared to support for these critical projects. By locating our new office in the capital of the Negev we are well positioned to work closely with our Israeli partners and stand ready to: accelerate project execution, reduce program risk and share our technical expertise by training and developing in-country talent.”
Beersheba not only houses the IDF’s technology campus, but also the Israel National Cyber Directorate, which reports directly to Israel’s Prime Minister, as well as a high-tech corporate park that mostly houses tech companies with ties to Israel’s military intelligence apparatus. The area has been cited in several media reports as a visible indicator of the public-private merger between Israeli technology companies, many of them started by Unit 8200 alumni, and the Israeli government and its intelligence services. Lockheed Martin quickly became a key fixture in the Beersheba-based cyberhub.
Not long before Lockheed began exploring the possibility of opening an office in Beersheba, the company was hacked by individuals who used tokens tied to the company, RSA Security, whose founders have ties to Israel’s defense establishment and which is now owned by Dell, a company also deeply tied to the Israeli government and tech sector. The hack, perpetrated by still unknown actors, may have sparked Lockheed’s subsequent interest in Israel’s cybersecurity sector.
Soon after opening its Beersheba office, Lockheed Martin created its Israel subsidiary, Lockheed Martin Israel. Unlike many of the company’s other subsidiaries, this one is focused exclusively on “cybersecurity, enterprise information technology, data centers, mobile, analytics and cloud” as opposed to the manufacture and design of armaments.
Marillyn Hewson, center, poses with Israeli gov. officials at the opening of Lockheed Martin’s facility in Beersheba. Photo | Diego Mittleberg
Haden Land, then-vice president of research and technology for Lockheed Martin, told the Wall Street Journal that the creation of the subsidiary was largely aimed at securing contracts with the IDF and that the company’s Israel subsidiary would soon be seeking partnership and investments in pursuit of that end. Land oversaw the local roll-out of the company’s Israel subsidiary while concurrently meeting with Israeli government officials. According to the Journal, Land “oversees all of Lockheed Martin’s information-systems businesses, including defense and civilian commercial units” for the United States and elsewhere.
Just a few months later, Lockheed Martin partnered and invested in Cybereason, suggesting that Lockheed’s decision to do so was aimed at securing closer ties with the IDF. This further suggests that Cybereason still maintains close ties to Israeli military intelligence, a point expounded upon in great detail in the previous installment of this series.
Thus, it appears that not only does Lockheed Martin use Cybereason’s software on its own devices and on those it manages for its private and public sector clients, but it also decided to use the company’s software in this way out of a desire to more closely collaborate with the Israeli military in matters related to technology and cybersecurity.
The cozy ties between Lockheed Martin, one of the U.S. government’s largest private contractors, and the IDF set off alarm bells, then and now, for those concerned with U.S. national security. Such concern makes it important to look at the extent of Cybereason’s use by federal and military agencies in the United States through their contracting of Lockheed Martin’s Information Technology (IT) division. This is especially important considering Israeli military intelligence’s history of using espionage, blackmail and private tech companies against the U.S. government, as detailed here.
While the exact number of U.S. federal and military agencies using Cybereason’s software is unknown, it is widespread, with Lockheed Martin’s IT division as the conduit. Indeed, Lockheed Martin was the number one IT solutions provider to the U.S. federal government up until its IT division was spun off and merged with Leidos Holdings. As a consequence, Leidos is now the largest IT provider to the U.S. government and is also directly partnered with Cybereason in the same way Lockheed Martin was. Even after its IT division was spun off, Lockheed Martin continues to use Cybereason’s software in its cybersecurity work for the Pentagon and still maintains a stake in the company.
The Leidos-Lockheed Martin IT hybrid provides a litany of services to the U.S. military and U.S. intelligence. As investigative journalist Tim Shorrock noted for The Nation, the company does “everything from analyzing signals for the NSA to tracking down suspected enemy fighters for US Special Forces in the Middle East and Africa” and, following its merger with Lockheed and consequential partnership with Cybereason, became “the largest of five corporations that together employ nearly 80 percent of the private-sector employees contracted to work for US spy and surveillance agencies.” Shorrock also notes that these private-sector contractors now dominate the mammoth U.S. surveillance apparatus, many of them working for Leidos and — by extension — using Cybereason’s software.
Leidos’ exclusive use of Cybereason software for cybersecurity is also relevant for the U.S. military since Leidos runs a number of sensitive systems for the Pentagon, including its recently inked contract to manage the entire military telecommunications infrastructure for Defense Information Systems Agency (DISA). In addition to maintaining the military telecom network, Cybereason is also directly partnered with World Wide Technologies (WWT) as of this past October. WWT manages cybersecurity for the U.S. Army, maintains DISA’s firewalls and data storage as well as the U.S. Air Force’s biometric identification system. WWT also manages contracts for NASA, itself a frequent target of Israeli government espionage, and the U.S. Navy. WWT’s partnership is similar to the Lockheed/Leidos partnership in that Cybereason’s software is now completely integrated into its portfolio, giving the company full access to the devices on all of these highly classified networks.
Many of these new partnerships with Cybereason, including its partnership with WWT, followed claims made by members of Israel’s Unit 8200 in 2017 that the popular antivirus software of Kaspersky Labs contained a backdoor for Russian intelligence, thereby compromising U.S. systems. The Wall Street Journal was the first to report on the alleged backdoor but did not mention the involvement of Unit 8200 in identifying it, a fact revealed by the New York Times a week later.
Notably, none of the evidence Unit 8200 used to blame Kaspersky has been made public and Kaspersky noted that it was actually Israeli hackers that had been discovered planting backdoors into its platform prior to the accusation levied against Kaspersky by Unit 8200. As the New York Times noted:
Investigators later discovered that the Israeli hackers had implanted multiple back doors into Kaspersky’s systems, employing sophisticated tools to steal passwords, take screenshots, and vacuum up emails and documents.”
Unit 8200’s claims ultimately led the U.S. government to abandon Kaspersky’s products entirely in 2018, allowing companies like Cybereason (with its own close ties to Unit 8200) to fill the void. Indeed, the very agencies that banned Kaspersky now use cybersecurity software that employs Cybereason’s EDR system. No flags have been raised about Cybereason’s own collaboration with the very foreign intelligence service that first pointed the finger at Kaspersky and that previously sold software with backdoors to sensitive U.S. facilities.
SoftBank, Cybereason and the Vision Fund
While its entry into the U.S. market and U.S. government networks is substantial, Cybereason’s software is also run throughout the world on a massive scale through partnerships that have seen it enter into Latin American and European markets in major ways in just the last few months. It has also seen its software become prominent in Asia following a partnership with the company Trustwave. Much of this rapid expansion followed a major injection of cash courtesy of one of the company’s biggest clients and now its largest investor, Japan’s SoftBank.
SoftBank first invested in Cybereason in 2015, the same year Lockheed Martin initially invested and partnered with the firm. It was also the year that SoftBank announced its intention to invest in Israeli tech start-ups. SoftBank first injected $50 million into Cybereason, followed by an additional $100 million in 2017 and $200 million last August. SoftBank’s investments account for most of the money raised by the company since it was founded in 2012 ($350 million out of $400 million total).
Cybereason CEO Lior Div speaks at a SoftBank event in Japan, July 21, 2017. Photo | Cybereason
Prior to investing, Softbank was a client of Cybereason, which Ken Miyauchi, president of SoftBank, noted when making the following statement after Softbank’s initial investment in Cybereason:
SoftBank works to obtain cutting edge technology and outstanding business models to lead the Information Revolution. Our deployment of the Cybereason platform internally gave us firsthand knowledge of the value it provides, and led to our decision to invest. I’m confident Cybereason and SoftBank’s new product offering will bring a new level of security to Japanese organizations.”
SoftBank — one of Japan’s largest telecommunications companies — not only began to deploy Cybereason internally but directly partnered with it after investing, much like Lockheed Martin had done around the same time. This partnership resulted in SoftBank and Cybereason creating a joint venture in Japan and Cybereason creating partnerships with other tech companies acquired by SoftBank, including the U.K.’s Arm, which specializes in making chips and management platforms for Internet of Things (IoT) devices.
SoftBank’s interest in Cybereason is significant, particularly in light of Cybereason’s interest in the 2020 U.S. election, given that SoftBank has significant ties to key allies of President Trump and even the president himself.
Indeed, SoftBank’s Masayoshi Son was among the first wave of international business leaders who sought to woo then-president-elect Trump soon after the 2016 election. Son first visited Trump Tower in December 2016 and announced, with Trump by his side in the building’s lobby, that SoftBank would invest $50 billion in the U.S. and create 50,000 jobs. Trump subsequently claimed on Twitter that Son had only decided to make this investment because Trump had won the election.
Son told reporters at the time that the investment would come from a $100 billion fund that would be created in partnership with Saudi Arabia’s sovereign wealth fund as well as other investors. “I just came to celebrate his new job. I said, ‘This is great. The US will become great again,’” Son said, according to reports.
Then, in March of 2017, Son sent top SoftBank executives to meet with senior members of Trump’s economic team and, according to the New York Times, “the SoftBank executives said that because of a lack of advanced digital investments, the competitiveness of the United States economy was at risk. And the executives made the case, quite strongly, that Mr. Son was committed to playing a major role in addressing this issue through a spate of job-creating investments.” Many of SoftBank’s investments and acquisitions in the U.S. since then have focused mainly on artificial intelligence and technology with military applications, such as “killer robot” firm Boston Dynamics, suggesting Son’s interest lies more in dominating futuristic military-industrial technologies than creating jobs for the average American.
After their initial meeting, Trump and Son met again a year later in June 2018, with Trump stating that “His [Son’s] $50 billion turned out to be $72 billion so far, he’s not finished yet.” Several media reports have claimed that Son’s moves since Trump’s election have sought to “curry favor” with the President.
Through the creation of this fund alongside the Saudis, SoftBank has since become increasingly intertwined with Saudi Crown Prince Muhammad bin Salman (MBS), a key ally of President Trump in the Middle East known for his authoritarian crackdowns on Saudi elites and dissidents alike. The ties between Saudi Arabia and SoftBank became ever tighter when MBS took the reins in the oil kingdom and after SoftBank announced the launch of the Vision Fund in 2016. SoftBank’s Vision Fund is a vehicle for investing in hi-tech companies and start-ups and its largest shareholder is the Public Investment Fund of Saudi Arabia. Notably, Son decided to launch the Vision Fund in Riyadh during President Trump’s first official visit to the Gulf Kingdom.
Masayoshi Son, left, signs a deal related to the Vision Fund with Bin Salman in March 2018. Photo | SPA
In addition, the Mubadala Investment Company, a government fund of the United Arab Emirates (UAE), gave $15 billion to the Vision Fund. UAE leadership also share close ties to the Trump administration and MBS in Saudi Arabia.
As a consequence, SoftBank’s Vision Fund is majority funded by two Middle Eastern authoritarian governments with close ties to the U.S. government, specifically the Trump administration. In addition, both countries have enjoyed the rapid growth and normalization of ties with the state of Israel in recent years, particularly following the rise of current Saudi Crown Prince Muhammad bin Salman and Jared Kushner’s rise to prominence in his father-in-law’s administration. Other investments in the Vision Fund have come from Apple, Qualcomm and Oracle’s Larry Ellison, all tech companies with strong ties to Israel’s government.
The Saudi and Emirati governments’ links to the Vision Fund are so obvious that even mainstream outlets like the New York Times have described them as a “front for Saudi Arabia and perhaps other countries in the Middle East.”
SoftBank also enjoys close ties to Jared Kushner, with Fortress Investment Group lending $57 million to Kushner Companies in October 2017 while it was under contract to be acquired by SoftBank. As Barron’s noted at the time:
When SoftBank Group bought Fortress Investment Group last year, the Japanese company was buying access to a corps of seasoned investors. What SoftBank also got is a financial tie to the family of President Donald Trump’s senior advisor and son-in-law, Jared Kushner.”
According to The Real Deal, Kushner Companies obtained the financing from Fortress only after its attempts to obtain funding through the EB-5 visa program for a specific real estate venture were abandoned after the U.S. Attorney and the Securities and Exchange Commission began to investigate how Kushner Companies used the EB-5 investor visa program. A key factor in the opening of that investigation was Kushner Companies’ representatives touting Jared Kushner’s position at the White House when talking to prospective investors and lenders.
SoftBank also recently came to the aid of a friend of Jared Kushner, former CEO of WeWork Adam Neumann. Neumann made shocking claims about his ties to both Kushner and Saudi Arabia’s MBS, even asserting that he had worked with both in creating Kushner’s long-awaited and controversial Middle East “peace plan” and claimed that he, Kushner and MBS would together “save the world.” Neumann previously called Kushner his “mentor.” MBS has also discussed on several occasions his close ties with Kushner and U.S. media reports have noted the frequent correspondence between the two “princelings.”
Notably, SoftBank invested in Neumann’s WeWork using money from the Saudi-dominated Vision Fund and later went on to essentially bail the company out after its IPO collapse and Neumann was pushed out. SoftBank’s founder, Masayoshi Son, had an odd yet very close relationship with Neumann, perhaps explaining why Neumann was allowed to walk with $1.7 billion after bringing WeWork to the brink of collapse. Notably, nearly half of SoftBank’s approximately $47 billion investments in the U.S. economy since Trump’s election, went to acquiring and then bailing out WeWork. It is unlikely that such a disastrous investment resulted in the level of job creation that Son had promised Trump in 2016.
Given that it is Cybereason’s top investor and shareholder by a large margin, SoftBank’s ties to the Trump administration and key allies of that administration are significant in light of Cybereason’s odd interest in 2020 U.S. election scenarios that end with the cancellation of this year’s upcoming presidential election. It goes without saying that the cancellation of the election would mean a continuation of the Trump administration until new elections would take place.
Furthermore, with Cybereason’s close and enduring ties to Israeli military intelligence now well-documented, it is worth asking if Israeli military intelligence would consider intervening in 2020 if the still-to-be-decided Democratic contender was strongly opposed to Israeli government policy, particularly Israel’s military occupation of Palestine. This is especially worth considering given revelations that sexual blackmailer and pedophile Jeffrey Epstein, who targeted prominent U.S. politicians, mostly Democrats, was in the employ of Israeli military intelligence.
Notably, Cybereason’s doomsday election scenarios involved the weaponization of deep fakes, self-driving cars and the hacking Internet of Things devices, with all of those technologies being pioneered and perfected — not by Russia, China or Iran — but by companies directly tied to Israeli intelligence, much like Cybereason itself. These companies, their technology and Cybereason’s own work creating the narrative that U.S. rival states seek to undermine the U.S. election in this way, will all be discussed in the conclusion of MintPress’ series on Cybereason and its outsized interest in the U.S. democratic process.
Whitney Webb is a MintPress News journalist based in Chile. She has contributed to several independent media outlets including Global Research, EcoWatch, the Ron Paul Institute and 21st Century Wire, among others. She has made several radio and television appearances and is the 2019 winner of the Serena Shim Award for Uncompromised Integrity in Journalism.
Why a Shadowy Tech Firm With Ties to Israeli Intelligence Is Running Doomsday Election Simulations
Graphic by Claudio Cabrera for MintPress News
By Whitney Webb | MintPress News | January 4, 2020
Election Day 2020: 32 Americans dead, over 200 injured, martial law declared and the election itself is canceled. While this horrific scenario seems more like the plot of a Hollywood film, such was the end result of a recent simulation examining the preparedness of U.S. officials from the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS) and the U.S. Secret Service against “bad actors” seeking to undermine the upcoming presidential election.
Yet, this simulation was not a government-organized exercise but was instead orchestrated by a private company with deep ties to foreign and domestic intelligence services, a company that is also funded by investors with clear connections to individuals who would stand to benefit if such a catastrophic election outcome were to become reality.
Much of the rhetoric since the last presidential election in 2016 has focused on the issue of foreign meddling by U.S. rival states like Russia, while China has emerged as the new “meddler” of choice in American corporate media as the 2020 election approaches. Though time has revealed that many of the post-2016 election meddling claims were not as significant as initially claimed, the constant media discussion of foreign threats to U.S. democracy and electoral processes – whether real or imagined – has undeniably created a climate of fear.
Those fears have since been preyed upon by neoconservative groups and the U.S. military-industrial complex, both of which are hardly known for their love of democratic processes, to offer a series of ready-made solutions to these threats that actually undermine key pillars of American democracy, including independent reporting and voting machine software.
However, many of the very same media outlets and groups that frequently fretted about Russia, China or another rival state meddling in U.S. democracy have largely ignored the role of other nation states, such as Israel, in efforts to sway the last U.S. election in 2016 and meddle in numerous elections in Africa, Latin America and Asia in the years since.
As a consequence of this climate of fear, it should be hardly surprising that the corporate media lauded the recent 2020 election simulation that ended in an abysmal failure for U.S. officials, the cancellation of the U.S. election and the imposition of martial law. Yet, none of those reports on the exercise noted that the company that hosted the simulation, called Cybereason, is led by ex-members of Israel’s military intelligence unit 8200, advised by former top and current officials in both Israeli military intelligence and the CIA. In addition, it is funded by and partnered with top U.S. weapons manufacturer and government contractor Lockheed Martin and financial institutions with clear and direct ties to Saudi Crown Prince Mohammed bin Salman and White House adviser and the president’s son-in-law Jared Kushner. Also left unmentioned in media reports on Cybereason’s election simulations is the fact that Cybereason’s CEO, Lior Div, has openly admitted that he views his work at Cybereason as a “continuation” of his service to Israel’s intelligence apparatus.
With Cybereason planning to host more simulations in cooperation with federal agencies as the U.S. election inches closer, a deeper exploration of this company, its ties to intelligence and military contractors in the U.S. and Israel and its financial ties to key Trump allies both domestically and abroad warrants further investigation.
In this two part series, MintPress will not only explore these aspects but also how many of the technologies wielded by the “bad actors” in the Cybereason election simulation have been pioneered and perfected, not by U.S. rival states, but by Israeli companies and start-ups with clear ties to that country’s intelligence apparatus.
Also notable is the fact that Cybereason itself has covertly become a major software provider to the U.S. government and military through its direct partnership with Lockheed Martin, which followed the defense company’s decision to open an office at the Israeli military’s new cyber operations hub in the Negev desert. In examining all of these interlocking pieces, a picture emerges of a potentially sinister motive for Cybereason’s simulations aimed at gauging how U.S. federal officials respond to crisis situations on Election Day.
Understanding “Operation Blackout”
In early November, a team of “hackers” working for the private U.S.-based, Israeli-founded company Cybereason conducted a 2020 election simulation with members of various U.S. agencies, namely the DHS, FBI and the U.S. Secret Service. The simulation was organized by Cybereason and the law firm Venable and the U.S. agencies in attendance were invited and appear to not have been charged to participate.
The simulation, titled “Operation Blackout,” was set in a fictional swing state called “Adversaria” and pitted “ethical hackers” from Cybereason against a team of federal and local law enforcement officials. The opposing teams were supervised by a “white team” composed of members of Cybereason’s staff and Ari Schwartz — a former member of the White House’s National Security Council and the National Institute of Standards and Technology (NIST) — who set the rules of the simulation and would ultimately decide its outcome. Schwartz also used to work for the Center for Democracy and Technology (CDT), a major backer of Microsoft’s ElectionGuard software.
Operation Blackout did not involve hackers targeting election software or voting machines, instead, it focused on civilian infrastructure and psychological operations against the American citizens in the fictitious “Adversaria” on election day. The hacker team was led by Cybereason co-founder Yonathan Striem-Amit, a former contractor for Israeli government agencies and a former operative for the elite Israeli military intelligence Unit 8200, best known for its cyber offensives against other governments.
“In a country as fragmented as the US, the number of people needed to influence an election is surprisingly small,” Striem-Amit told Quartz of the exercise. “We attempted to create havoc and show law enforcement that protecting the electoral process is much more than the machine.”
Streim-Amit’s team completely devastated the U.S. law enforcement team in Operation Blackout by not only causing chaos but murdering numerous civilians. Hackers took control of city buses, ramming them into civilians waiting in line at polling stations, killing 32 and injuring over 200. They also took control of city traffic lights in order to cause traffic accidents, used so-called “deepfakes” to conduct psychological operations on the populace and created fake bomb threats posing as the terror group ISIS, which incidentally has its own ties to Israeli intelligence. Telecom networks and news outlets within the fictitious states were also hacked and flooded with deepfakes aimed at spreading disinformation and panic among U.S. citizens.
A map of targets in Adverseria is shown during Operation Blackout in Boston’s John Hancock Tower. Mark Albert | Twitter
The supervising team, composed of Cybereason employees and former NSC member Ari Schwartz, decided that the outcome of the face-off between the hacker and law enforcement teams was the outright cancellation of the 2020 election, the declaration of martial law by authorities, the growth of public fear regarding terrorism and allegations of U.S. government collusion with a foreign actor. Cybereason has stated that they will soon conduct another 2020 election simulation with federal authorities as the election draws closer.
Given how the simulation played out, it is quite clear that it is a far cry from the actual scope of alleged foreign meddling during the 2016 election, meddling which was allegedly the motivation behind Operation Blackout. Indeed, the extent of Russian interference in the 2016 election amounted to $100,000 worth of Facebook ads over three years, 25 percent of which were never seen by the public, and claims that Russian state actors were responsible for leaking emails from the then-Democratic presidential nominee Hillary Clinton and the Democratic National Committee (DNC). In contrast, Operation Blackout went well beyond any observed or even imagined “foreign meddling” related to the 2016 election and appears more like a terror attack targeting elections than a covert means of manipulating their outcomes.
Several mainstream publications have covered Operation Blackout but have failed to note that the company behind them has deep ties to foreign intelligence outfits and governments with a documented history of manipulating elections around the world, including the 2016 U.S. election.
Quartz framed the exercise as important for “preparing for any and all possibilities in 2020,” which “has become an urgent task for US regulators and law enforcement.” Similarly, CyberScoop treated the simulation as a “sophisticated exercise to help secure the vote.” Other articles took the same stance.
A series of simulations
In the weeks after the Washington area election simulation, Cybereason repeated the same exercise in London, this time with members of the U.K. Intelligence agency GCHQ, the U.K. Foreign Office and the Metropolitan Police. The law enforcement team in the exercise, which included the U.K. officials, was headed by a Cybereason employee — Alessandro Telami, who formerly worked for the NATO Communications and Information Agency (NCI). Like the prior simulation conducted in the U.S., Cybereason did not appear to charge U.K. government agencies for their participation in the exercise.
Cybereason has — with little fanfare — been promoting extreme election day scenarios since before the 2016 election. Cybereason’s first mention of these tactics appears in a September 2016 blog post written by the company’s CEO and former Israeli government contractor Lior Div — a former leader of offensive cyberattacks for the IDF’s elite Unit 8200 and a former development group leader at the controversial Israeli-American corporation Amdocs.
Div wrote that hackers may target U.S. elections by “breaking into the computers that operate traffic lighting systems and interfering with the ones around polling stations to create massive traffic jams, “hacking polling companies,” and “targeting live election coverage on cable or network television stations.” A follow-up post by Div from October 2016 added further meddling tactics such as “cut power to polling stations” and “mess with a voter’s mind.”
Two years later, Cybereason held its first election meddling simulation, touting many of these same tactics, in Boston. The simulation focused on local and state responses to such attacks and saw Boston-based Cybereason invite Massachusetts state and local officials as well as Boston police officers and a former police commissioner to participate. “Twitter accounts spreading fake news,” “turning off a city’s closed-circuit cameras,” “hacking self-driving cars and navigation apps,” and “targeting a city’s 911 call center with a DDoS attack” were all used in the simulation, which saw Cybereason’s “ethical hackers” attempt to disrupt election day. Media coverage of the simulation at the time framed it as a necessary preparation for countering “Russian” threats to U.S. democracy. Like the more recent simulations, the mock election was canceled and voter confidence in the electoral process was devastated.
This past July, Cybereason conducted a similar simulation with officials from the FBI, DHS and the Secret Service for the first time. That simulation, which also took place in Boston, was remarkably similar to that which occurred in November. One intelligence officer from DHS who participated in the July exercise called the simulation “very realistic.” Another claimed that the simulation was a way of applying “lessons learned from 9/11” by preventing the government’s “failure of imagination” that officials have long alleged was the reason for the government’s inability to thwart the September 11 attacks. Notably, The U.S. military simulated a scenario in which terrorists flew airplanes into the Pentagon less than a year before the September 11 attacks.
In this undated photo from Cybereason’s website, a faux ballot box is shown in the company’s Boston office.
Participating government officials, Cybereason staff and the media have consistently touted the importance of these simulations in securing elections against extreme threats, threats which — to date — have never materialized due to the efforts of foreign or domestic actors on election day. After all, these exercises are only simulations of possibilities and, even if those possibilities seem implausible or unlikely, it is important to be prepared for any eventuality.
But what if the very figures behind these simulations and the investors that fund them had a history of election meddling themselves? Cybereason’s deep ties to Israeli intelligence, which has a documented history of aggressive espionage and election meddling in the United States and in several nations worldwide, warrant a deeper look into the firms’ possible motives and the myriad conflicts of interest that arise in giving it such unprecedented access to the heart of America’s democracy.
What Does Cybereason Do?
Cybereason’s interest in terror events during elections seems out of place given that the company itself is focused on selling technological cybersecurity solutions like antivirus and ransomware protection software, software products that would be minimally effective against the type of threat encountered in the company’s election day simulations.
Cybereason is often described as offering a comprehensive technological defense platform to companies and governments that combines a next-generation antivirus with endpoint detection and response (EDR), which enables the company to respond to typical viruses and malware as well as sophisticated, complex attacks. The platform makes heavy use of artificial intelligence (AI) and cloud computing and specifically uses Amazon Web Services (AWS), which is used by a litany of private companies as well as U.S. intelligence agencies.
While many cybersecurity platforms combine antivirus and antimalware with EDR and AI, Cybereason claims that their military background is what sets them apart. They have marketed themselves as offering “a combination of military-acquired skills and cloud-powered machine learning to endpoint detection and response” and actively cite the fact that most of their employees are former members of Unit 8200 as proof that they are “applying the military’s perspective on cybersecurity to enterprise security.”
In 2018, Cybereason’s former senior director for intelligence, Ross Rustici, described the platform to CBR as follows:
Our founders are ex-Israeli intelligence who worked on the offensive side. They basically wanted to build a tool that would catch themselves. We follow the kill chain model started by Lockheed Martin [now a major investor in Cybereason] and try to interrupt every stage once an intruder’s inside a target network.”
Lior Div, Cybereason’s CEO described the difference between his company’s platform and that of past market leaders in this way to Forbes :
The old guard of antivirus companies like Symantec and McAfee would install something to block endpoints and you needed to do a lot [of monitoring] to make sure you weren’t under attack. We came with a different approach to see the whole enterprise and leverage AI to be able to fully autonomously identify where attackers are and what they’re doing.”
Thus, in looking at Cybereason’s product and its marketing objectively, it seems that the only innovative component of the company’s system is the large number of ex-military intelligence officers it employs and its tweaking of a previously developed and automated model for threat engagement, elimination and prevention.
Instead, Cybereason’s success seems to owe to its prominent connections to the private and public sectors, especially in Israel, and its investors who have funneled millions into the company’s operations, allowing them to expand rapidly and quickly claim a dominant position in emerging technology markets, such as the Internet of Things (IoT) and advanced healthcare systems.
A screenshot from a live stream of a 2019 Cybereason cyber-attack simulation
Their considerable funding from the likes of Lockheed Martin and Softbank, among others, has also helped them to expand their international presence from the U.S., Europe and Israel into Asia and Latin America, among other places. Notably, while Cybereason is open about their investors and how much funding they receive from each, they are extremely secretive about their financial performance as a company and decline to disclose their annual revenue, among other indicators. The significance of Cybereason’s main investors in the context of the company’s election simulations and its ties to Israeli and U.S. intelligence (the focus of this article) will be discussed in Part 2.
Cybereason also includes a security research arm called Nocturnus, currently headed by a former Unit 8200 officer. Nocturnus will be explored further in Part 2 of this series, as it essentially functions as a private intelligence company in the tech sector and has been behind several recent claims that have attributed alleged hacks to state actors, namely China and North Korea. For now, it is important to keep in mind that Nocturnus utilizes Cybereason’s “global network of millions of endpoints” for its intelligence gathering and research, meaning the endpoints of every device to which Cybereason’s software has access.
Given what Cybereason provides as a company, their interest in offering election simulations to government officials free of charge seems odd. Indeed, in the simulations hosted by Cybereason for U.S. officials, there is little opportunity for the company to market their software products given that the simulation did not involve electronic voting infrastructure at all and, instead, the malevolent actors used deep fakes, disinformation and terror attacks to accomplish their goals. Why then would this company be so interested in gauging the response of U.S. law enforcement to such crises on election day if there is no sales pitch to be made? While some may argue that these simulations are an altruistic effort by the company, an investigation into the company’s founders and the company’s ties to intelligence agencies suggests that this is unlikely to be the case.
The People Behind Cybereason
Cybereason was created in 2012 by three Israelis, all of whom served together as officers in the Israel Defense Force’s elite technological and signals intelligence unit, which is most often referred to as Unit 8200. Unit 8200 has been the subject of several MintPress investigative reports over the past year focusing on its ties to the tech industry.
Unit 8200 is an elite unit of the Israeli Intelligence corps that is part of the IDF’s Directorate of Military Intelligence and is involved mainly in signal intelligence, surveillance, cyberwarfare and code decryption. It is also well-known for its surveillance of Palestinian civilians and for using intercepted communications as blackmail in order to procure informants among Palestinians living under occupation in the West Bank.
The unit is frequently described as the Israeli equivalent of the NSA and Peter Roberts, a senior research fellow at Britain’s Royal United Services Institute, characterized the unit in an interview with the Financial Times as “probably the foremost technical intelligence agency in the world and stand[ing] on a par with the NSA in everything except scale.” Notably, the NSA and Unit 8200 have collaborated on numerous projects, most infamously on the Stuxnet virus as well as the Duqu malware.
Given the secrecy of the work conducted by Unit 8200, it is hard to know exactly what Cybereason’s co-founders did while serving in the controversial unit, however, a brief biography of the company’s current CEO and co-founder Lior Div states that “Div served as a commander [in Unit 8200] and carried out some of the world’s largest cyber offensive campaigns against nations and cybercrime groups. For his achievements, he received the Medal of Honor, the highest honor bestowed upon Unit 8200 members (emphasis added).”
Lior Div speaks during the Cyber Week conference in Tel Aviv, Israel, June 25, 2019. Corinna Kern | Reuters
After having served in leadership positions within Unit 8200, all three Cybereason co-founders went on to work for private Israel-based tech or telecom companies with a history of aggressive espionage against the U.S. government.
Cybereason co-founders Yonathan Striem Amit (Cybereason’s Chief Technology Officer) and Yossi Naar (Cybereason Chief Visionary Officer) both worked for Gita Technologies shortly before founding Cybereason with fellow Unit 8200 alumnus Lior Div. Gita, according to public records, is a subsidiary of Verint Systems, formerly known as Comverse Infosys.
Verint/Comverse was initially funded by the Israeli government and was founded by Jacob “Kobi” Alexander, a former Israeli intelligence officer who was wanted by the FBI on nearly three dozen charges of fraud, theft, lying, bribery, money laundering and other crimes for over a decade until he was finally extradited to the United States and pled guilty to some of those charges in 2016.
Despite its history of corruption and foreign intelligence connections, Verint/Comverse was hired by the National Security Agency (NSA) to create backdoors into all the major U.S. telecommunications systems and major tech companies, including Facebook, Microsoft and Google. An article on Verint’s access to U.S. tech infrastructure in Wired noted the following about Verint:
In a rare and candid admission to Forbes, Retired Brig. Gen. Hanan Gefen, a former commander of the highly secret Unit 8200, Israel’s NSA, noted his former organization’s influence on Comverse, which owns Verint, as well as other Israeli companies that dominate the U.S. eavesdropping and surveillance market. ‘Take NICE, Comverse and Check Point for example, three of the largest high-tech companies, which were all directly influenced by 8200 technology,’ said Gefen.”
Federal agents have reported systemic breaches at the Department of Justice, FBI, DEA, the State Department, and the White House going all the way back to the 1990s, breaches they claimed could all be traced back to two companies: Comverse/Verint and Amdocs. Cybereason’s other co-founder and current CEO, Lior Div, used to work for Amdocs as the company’s development group leader.
After leaving Amdocs, Div founded a company called Alfatech. Alfatech publicly claims to specialize in “professional Head Hunting and Quality Recruiting services,” yet it has no functional website. Despite its publicly stated mission statement, Israeli media reports that mention Alfatech describe it as “a cybersecurity services company for Israeli government agencies.” No reason for the obvious disconnect between the company’s own claims and those made by the media has been given.
Div left Alfatech in 2012 to found Cybereason alongside Striem-Amit and Naar. According to an interview that Div gave to TechCrunch earlier this year, he stated that his work at Cybereason is “the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit (emphasis added).” Div was a high-level commander in Unit 8200 and “carried out some of the world’s largest cyber offensive campaigns against nations and cybercrime groups” during his time there. TechCrunch noted that “After his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations,” an apparent reference to his work at Alfatech.
Even deeper ties to intelligence
Not only do Cybereason’s own co-founders have considerable links to the Israeli government, Israeli intelligence and intelligence-connected private companies, but it also appears that the work of Cybereason itself is directly involved with Israeli intelligence.
The company periodically publishes reports by a secretive faction of the company called the Cybereason Intelligence Group or CIG. The only description of CIG’s composition available on Cybereason’s website is as follows:
The Cybereason Intelligence Group was formed with the unique mission of providing context to the most sophisticated threat actors. The group’s members include experts in cyber security and international security from various government agencies, including the Israel Defense Forces’ Unit 8200, which is dedicated to conducting offensive cyber operations. Their primary purpose is to examine and explain the Who and the Why behind cyber attacks, so that companies and individuals can better protect themselves (emphasis added).”
It is unclear how many members comprise CIG and if its members are employees of only Israeli government agencies, or if it includes officials from the U.S. government/Intelligence or other governments. However, what is clear is that it is composed entirely of government officials, which include active members of Unit 8200, and that the purpose of the group is to issue reports that place blame for cyberattacks on state and non-state actors. Perhaps unsurprisingly, the vast majority of CIG’s reports published by Cybereason focus exclusively on Russia and China. When discussing nation-state cyber threats in general, Cybereason’s website only mentions China, North Korea, Iran and Russia by name, all of which are incidentally rival states of the U.S. government. Notably, Israel’s government — listed as a “leading espionage threat” to U.S. financial institutions and federal agencies by the U.S.’ NSA — is absent from Cybereason’s discussions of state actors.
In addition to CIG, Cybereason’s cybersecurity research arm, Nocturnus, includes several Unit 8200 alumni and former Israeli military intelligence and government contractors and has assigned blame to state actors for several recent hacks. It also has claimed to have discovered more such hacks but has declined to publicly disclose them due to the “sensitive” nature of the hacks and companies affected.
Other hints at Cybereason’s connections to state intelligence can be seen in its advisory board. Robert Bigman, the former Chief Information Security Officer (CISO) for the Central Intelligence Agency (CIA) who oversaw the spy agency’s “commercial partner engagement” program (i.e. alliances with the private tech sector), is a key figure on the company’s advisory board. According to his biography, Bigman “ contributed to almost every Intelligence Community information security policy/technical standard and has provided numerous briefings to the National Security Council, Congress and presidential commissions. In recognition of his expertise and contributions, Bigman has received numerous CIA and Director of National Intelligence Awards.”
Cybereason’s leadership team features a who’s who of Israeli and US intel officials
Unmentioned in his biography published on his own website, or on Cybereason’s website, is that Bigman is also an advisor to another Israeli tech company, Sepio Systems. The chairman of Sepio, Tamir Pardo, is a self-described “leader” in the cybersecurity industry and former director of Israel’s Mossad. Sepio is funded by a venture capital firm founded by the creators of the controversial Israeli spy tech company NSO Group, which has received a slew of negative press coverage after its software was sold to several governments who used it to spy on dissidents and human rights activists.
In addition to Bigman, Cybereason’s advisory board includes Pinchas Buchris, the former head of Unit 8200 and former managing director of the IDF. Not unlike Bigman, Buchris’ bio fails to mention that he sits on the board of directors of Carbyne911, alongside former Israeli Prime Minister Ehud Barak and Nicole Junkerman, both well-known associates of intelligence-linked sex trafficker Jeffery Epstein. Epstein himself poured at least $1 million into Carbyne, an Israeli company that seeks to run all 911 call centers in the U.S. at the national level and has close ties to the Trump administration. More information on Carbyne and its ties to Israeli and U.S. intelligence as well as its connection to coming pre-crime policies to be enacted in 2020 by the U.S. Department of Justice can be found in this MintPress report from earlier this year. Given that Cybereason’s election day simulations involve the simulated collapse of 911 call center functionality, Buchris’ ties to both Cybereason and Carbyne911 are notable.
Another notable Cybereason advisor is the former commissioner of the Boston Police Department, Edward Davis. Davis heavily promoted Cybereason’s disturbing election day simulations and even participated directly in one of them. He was also police commissioner of the Boston PD at the time of the Boston Marathon bombing and oversaw the near-martial law conditions imposed on the city during the manhunt for the alleged perpetrators of that bombing (who themselves had a rather odd relationship with the FBI). This is notable given that Cybereason’s election day simulations ended with martial law being imposed on the fictional city used in the exercise
Cybereason also has several advisors who hold top positions at powerful U.S. companies that are also — incidentally — U.S. government contractors. These include the Vice President Security and Privacy Engineering at Google, Deputy Chief Information Security Officer (CISO) of Lockheed Martin and CISO at Motorola. Both Motorola and Lockheed Martin use Cybereason’s software and the latter is also a major investor in the company. Furthermore, as will be explained in Part 2 of this article, Lockheed Martin has used its privileged position as the top private contractor to the U.S. government to promote the widespread use of Cybereason’s software among U.S. government agencies, including the Pentagon.
Much more than a cybersecurity company
Given Cybereason’s deep and enduring ties to Israeli intelligence and its growing connections to the U.S. military and U.S. intelligence through its hiring of top CIA officials and partnership with Lockheed Martin, it’s worth asking if these disturbing election simulations could serve an ulterior purpose and, if so, who would benefit. While some aspects regarding clear conflicts of interest in relation to the 2020 election and Cybereason will be discussed in Part 2, this article will conclude by examining the possibility that Cybereason is acting as a front company for Israeli intelligence based on that country’s history of targeting the U.S. through private tech companies and on Cybereason’s own questionable characteristics.
First, Cybereason as a company presents several oddities. Its co-founder and CEO openly states that he views Cybereason’s work as a continuation of his service for Israeli military intelligence. In addition, he and the company’s other founders — after they left Unit 8200 — went to work for Israeli tech companies that have been known to spy on U.S. federal agencies for the Israeli government.
In addition, as previously mentioned, Cybereason has sought out former intelligence officers from the CIA and Unit 8200 for its management team and board of advisors. The company itself also functions as a private intelligence firm through CIG and Nocturnus, both of which employ former and current intelligence officials, and have made significant claims regarding the attribution of specific cybercrimes to state actors. It appears highly likely that these claims are influenced by those same intelligence agencies that boast close ties to Cybereason. Furthermore, Nocturnus’ access to Cybereason’s “global” network of endpoints makes it a private intelligence gathering company as it gathers and analyzes data from all devices that run Cybereason’s software.
Yet, even more telling is the fact that Israel’s government has an open policy of outsourcing intelligence-related activity to the private sector, specifically the country’s tech sector. As MintPress previously reported, this trend was first publicly acknowledged by Israel in 2012, the same year that Cybereason was founded by former Israeli military intelligence officers then-working for private contractors for Israel’s government (Alfatech) or private companies known to have ties to Israeli intelligence, including Verint/Comverse.
As noted in an article on the phenomenon from the Israeli media outlet The Calcalist:
Israel is siphoning cyber-related activities from its national defense apparatus to privately held companies. Since 2012, cyber-related and intelligence projects that were previously carried out in-house in the Israeli military and Israel’s main intelligence arms are transferred to companies that in some cases were built for this exact purpose.”
Mention of Israel’s policy of blurring the lines between the public and private sector when it comes to cybersecurity and intelligence gathering has even garnered the occasional mention in mainstream media, such as in a 2018 Foreign Policy article:
Israel, for one, has chosen to combat the problem on a statewide level by linking the public and private spheres, sometimes literally. The country’s cyberhub in the southern city of Beersheba is home not just to the Israeli military’s new technology campus but also to a high-tech corporate park, Ben-Gurion University of the Negev’s cyber-research center, and the Israel National Cyber Directorate, which reports directly to the prime minister’s office. “There’s a bridge between them—physically,” [Gabriel] Avner, the security consultant, said by way of emphasis.”
Notably, a year before Lockheed Martin invested in and partnered with Cybereason, the U.S.-based weapons company opened an office at the IDF’s public-private cyber hub in Beersheba. At the inauguration ceremony for Lockheed’s Beersheba office, company CEO Marilyn Hewson stated:
The consolidation of IDF Technical Units to new bases in the Negev Desert region is an important transformation of Israel’s information technology capability… By locating our new office in the capital of the Negev we are well positioned to work closely with our Israeli partners and stand ready to: accelerate project execution, reduce program risk and share our technical expertise by training and developing in-country talent.”
Lockheed Martin CEO Marillyn Hewson, inaugurates the Lockheed Martin Israel Demonstration Center in Tel Aviv.
Further evidence of this public-private merger can be seen in how two of Israel’s intelligence agencies, Shin Bet and Mossad, have both recently launched a private start-up accelerator and a hi-tech venture capital fund, respectively. The Shin Bet’s accelerator, called Xcelerator, usually makes its investments in private companies public, while Mossad’s Libertad Ventures refuses to disclose the tech companies and start-ups in which it invests. Former directors of both Mossad and Shin Bet have described these intelligence agencies themselves of being like start-ups, clearly showing how much the line between intelligence apparatus and private company has been blurred within the context of Israel’s tech industry and specifically its cybersecurity industry.
The advantages of outsourcing cyber intelligence operations to private companies have been noted by several analysts, including Sasha Romanosky, a former Cyber Policy Advisor at the Department of Defense and current analyst at RAND Corporation. Romanosky noted in 2017 that private intelligence and cybersecurity firms “do not necessarily face the same constraints or potential repercussions” as their public counterparts when it comes to designating blame for a cyberattack, for example. In addition, outsourcing intelligence objectives or missions to private companies provides a government with plausible deniability if that private company’s espionage-related activities or ties are made public.
Furthermore, Israeli intelligence has a long history of using private tech companies for the purposes of espionage, including against the United States. While Amdocs and Verint/Comverse were already mentioned as having been used by the state of Israel in this way, other private companies have also been used to market software backdoored by Israeli intelligence to countries around the world, both within the U.S. and elsewhere. The most well-known example of this is arguably the mass sale and distribution of the bugged PROMIS software, which was discussed at length in several recent MintPress News reports.
Given Cybereason’s ties to intelligence and Israeli intelligence’s history of placing backdoors in its software, it is worth pointing out that Cybereason’s main product, its antivirus and network defense platform, offers a major espionage opportunity. Blake Darché, a former N.S.A. operator, told the New York Times in 2017 that antivirus programs, which Cybereason’s defense platform includes, is “the ultimate backdoor,” adding that it “provides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.” Whether a company like Cybereason would use its software for such ends is unknown, though the company does acknowledge that its cybersecurity arm does gather intelligence from all systems that use the company’s software and currently employs and works with active duty Unit 8200 officials through CIG. This is notable because Unit 8200’s main task for Israeli military intelligence is signals intelligence, i.e. surveillance.
More of a mystery, however, is why a company like Cybereason is so interested in U.S. election security, particularly when Israeli intelligence and Israeli intelligence-connected private companies have been caught in recent years meddling in elections around the world, including the United States.
Whitney Webb is a MintPress News journalist based in Chile. She has contributed to several independent media outlets including Global Research, EcoWatch, the Ron Paul Institute and 21st Century Wire, among others. She has made several radio and television appearances and is the 2019 winner of the Serena Shim Award for Uncompromised Integrity in Journalism.
Featured Video
No More Ukraine Proxy War? You’re a Traitor!
or go to
Aletho News Archives – Video-Images
From the Archives
The lies about the 1967 war are still more powerful than the truth
By Alan Hart | June 4, 2012
In retrospect it can be seen that the 1967 war, the Six Days War, was the turning point in the relationship between the Zionist state of Israel and the Jews of the world (the majority of Jews who prefer to live not in Israel but as citizens of many other nations). Until the 1967 war, and with the exception of a minority of who were politically active, most non-Israeli Jews did not have – how can I put it? – a great empathy with Zionism’s child. Israel was there and, in the sub-consciousness, a refuge of last resort; but the Jewish nationalism it represented had not generated the overtly enthusiastic support of the Jews of the world. The Jews of Israel were in their chosen place and the Jews of the world were in their chosen places. There was not, so to speak, a great feeling of togetherness. At a point David Ben-Gurion, Israel’s founding father and first prime minister, was so disillusioned by the indifference of world Jewry that he went public with his criticism – not enough Jews were coming to live in Israel.
So how and why did the 1967 war transform the relationship between the Jews of the world and Israel? … continue
Blog Roll
Recent Comments
Bill Francis on Chris Minns Defends NSW “Hate… Sheree Sheree on I was canceled by three newspa… Richard Ong on Czech–Slovak alignment signals… John Edward Kendrick on Colonel Jacques Baud & Nat… eddieb on Villains of Judea: Ronald Laud… rezjiekc on Substack Imposes Digital ID Ch… loongtip on US strikes three vessels in Ea… eddieb on An Avoidable Disaster Steve Jones on For Israel, The Terrorist Atta… cleversensationally3… on Over Half of Germans Feel Unab… loongtip on Investigation Into U.S. Milita… loongtip on Zelensky’s Impossible De…
Aletho News- No More Ukraine Proxy War? You’re a Traitor!
- Sexual Blackmail Makes the World Go ‘Round
- Powerful Israeli Strikes on South Lebanon and Bekaa
- UAE-backed militia in Yemen reaches out to Israel for alliance against ‘common foes’: Report
- The UAE’s reverse trajectory: From riches to rags
- Chris Minns Defends NSW “Hate Speech” Laws Linking Censorship to Terror Prevention
- Majority of Belgians oppose theft of Russian assets – poll
- Czech–Slovak alignment signals growing dissatisfaction with Brussels’ authoritarianism
- Colonel Jacques Baud & Nathalie Yamb Sanctioned: EU Goes Soviet
- Who gets to be a hostage? The language that legitimises Palestinian captivity
- If Americans Knew
- Amnesty: ‘Utterly preventable’ Gaza flood tragedy must mobilize global action to end Israel’s genocide
- Israel Propagandists Are Uniformly Spouting The Exact Same Line About The Bondi Beach Shooting
- Ha’aretz: Free the Palestinian Activist Who Dared to Document Israel’s Crimes in the West Bank
- Garbage Is Poisoning Gaza
- Palestinian journalist recounts rape and torture in Israeli prison
- Gaza is crumbling, but its people persevere – Not a Ceasefire Day 69
- Pro-Israel billionaire Miriam Adelson green-lights a Trump 3rd term
- Australians Being Massacred Shouldn’t Bother Us More Than Palestinians Being Massacred
- Garbage, stench, sewage, and rats plague Gaza – Not a Ceasefire Day 68
- The Zionist Billionaire Circle Hiding in Plain Sight
- No Tricks Zone
- New Study: 8000 Years Ago Relative Sea Level Was 30 Meters Higher Than Today Across East Antarctica
- The Wind Energy Paradox: “Why More Wind Turbines Don’t Always Mean More Power”
- New Study Reopens Questions About Our Ability To Meaningfully Assess Global Mean Temperature
- Dialing Back The Panic: German Physics Prof Sees No Evidence Of Climate Tipping Points!
- Astrophysicist Dr. Willie Soon Challenges The Climate Consensus … It’s The Sun, Not CO2
- Regional Cooling Since The 1980s Has Driven Glacier Advance In The Karakoram Mountains
- Greenland Petermann Glacier Has Grown 30 Kilometers Since 2012!
- New Study: Temperature-Driven CO2 Outgassing Explains 83 Percent Of CO2 Rise Since 1959
- Climate Extremists Ordered By Hamburg Court To Pay €400,000 In Damages
- More Evidence NE China Is Not Cooperating With The Alarmist Global Warming Narrative
Aletho News 