Export controls strangling Israel's cyberattack industry

Naftali Bennet address the Israel cyber conference Credit; Amos Ben-Gershom
Naftali Bennet address the Israel cyber conference Credit; Amos Ben-Gershom

Israeli spyware companies are struggling to survive as the Ministry of Defense grants fewer export permits following US pressure.

In the past few days a small, little-known Israeli cyberattack company called Nemesis shut down. The company, which tried to compete with NSO Group with spyware that takes control of smartphones, was never exposed by the media, and did not even have a company website but its closure marks for many in the Israeli cyberattack sector, a new era in relations between the Ministry of Defense and the Israeli industry.

Several senior figures in the sector told "Globes" that Nemesis shut down after the Israel Defense Exports Control Agency (DECA) refused to grant a license to export its intelligence software to countries in South America and Africa. In several other instances, the approval process was continually extended with no final response forthcoming. Eventually the company collapsed under the weight of its employees' salaries, most of them highly sought after cyber coders, who expect the highest of salaries.

US pressure

Many senior executives in Israel's cyberattack industry have complained in recent weeks of an abrupt change in policy by the Ministry of Defense towards Israeli companies exporting spyware for intelligence use. Since January, Israel's Ministry of Defense has significantly restricted the number of countries with an exemption for marketing licenses for spyware, to just 38 democratic countries in Western Europe and North America as well as Asia-Oceania countries such as Australia and New Zealand, South Korea and Japan. Israeli defense exports totaled $11.3 billion in 2021, of which about 4% was in intelligence and cyber systems, worth about $450 million.

When new measures were announced last November, the widespread assumption in the industry was that cyberattack exports would not be banned to countries that were not blacklisted like India, Poland, Chile, Mexico and the UAE, but individual export permits would be needed from the Ministry of Defense, at the start of the sales process for each individual deal. However, in the past few months, it has become clear that the Ministry of Defense is virtually not issuing any marketing or export permits, except for the limited list of democratic countries, probably following US pressure exerted on Israel.

Last November, the Biden administration declared that a serious war on harmful spyware was part of US foreign policy, among other things, for tracking opposition figures or human rights activists around the world. The US struggle on the matter focused on Israeli companies NSO and Candiru, which were put on the Department of Commerce's blacklist, while a range of Greek, French, German and Chinese companies, engaged in the field, were left off the list.

"An entire industry is being starved"

The closure of Nemesis, senior sources in the sector told "Globes," is a harbinger of future difficulties for other companies in Israel's cyberattack industry. Companies such as NSO itself as well as Cognyte, Quadream, Wintego and others are on a short list of those who have suffered in recent months from lack of approvals for new deals and cancellation of export permits that have expired. In some cases, it has been claimed that permits have been canceled just before they expired, and in extreme situations even canceled a long while before they expired, in unilateral notification from DECA.

The Ministry of Defense, in cooperation with the Ministry of Foreign Affairs, Israel Defense Forces (IDF) and other organizations examine every deal in which a cyberattack company is interested, in a procedure that takes about 45 days. In recent months, senior sources in Israel's cyberattack industry have reported that DECA personnel have repeatedly required an extension of the examination process, so that requesting a marketing license can take many months and ultimately most of them are not approved.

"An entire industry is being starved," a senior executive at one Israeli cyberattack company told "Globes," asking to remain anonymous. "They leave us in the dark and they don't tell us where our request stands and if it has not been approved, they don't explain why. It seems as if the state has given up on the cyberattack industry, without actually saying so, but if that is the policy - then why not say so up front? They are chewing things over until the entire industry bleeds to death."

Another senior executive in the industry claimed that, "The state is trying to tell us that we should forget about markets in South America, Africa, and some of the countries in Asia. But it's simply not possible to close down complete markets for an entire industry, while also asking it to rely on just Europe and North America. It's a crowded and unprofitable market that cannot support Israel's industry, as it is today."

Many countries who in the past were considered immediately available export markets for Israeli products have undergone a dramatic change recently. South America, for example, has seen a wave of progressive socialist governments come to power in some countries, which are not great fans of Israel.

Eastern Europe fills the vacuum

Foreign companies have naturally stepped into the vacuum that has been created by the Israel Defense Exports Control Agency, including European countries that have been operating in the cyberattack market since its formation. Although the three veteran European cyberattacks companies that formerly served Middle Eastern dictators - German company FinFisher, French company Emsys and Italian company Memento Labs (formerly Hacking Team) are no longer active due to stricter EU regulation, other companies from Eastern and Southern Europe have become active exporters of spyware.

One of them is Intellexa, founded by Colonel (res.) Tal Dilian who formerly headed a technological unit in the IDF Intelligence Corps and currently lives in Greece. Research by University of Toronto unit Citizen Lab into digital media, human rights and global security, which was published in December 2021, claimed that Intellexa markets Cytrox Predator spyware, which obtains software from mobile phones and competes with NSO's Pegasus. Intellexa reportedly undertakes its sales operations from North Macedonia, which is not an EU member and subject to its supervision, even though North Macedonia is subject to the Wassenaar Arrangement on cyberattack exports. Among Intellexa's customers are countries that DECA no longer provides permits for including Bangladesh, Turkey, Egypt, Indonesia, Saudi Arabia and Oman. In addition, the company is conducting talks with the UAE, a country in which many other Israeli cyberattack companies operate.

Another issue that DECA is required to cope with is the export of intellectual property (IP) of cyberattack companies. Cyberattack companies divide their IP into two; cyber vulnerabilities, in other words information about breaches that can be penetrated in operating systems or apps on various smartphone devices; and attack systems - hacking tools that exploit cyber vulnerabilities in order to enter and draw out content from the user's device.

Companies supervised by DECA cannot export either vulnerabilities or attack tools without an explicit permit but supervision in recent months might encourage Israelis to set up companies specializing in the development of cyber vulnerabilities that can theoretically be sold overseas without supervision by the Ministry of Defense. Alternatively, other Israelis can shut down companies and reopen them abroad, although this would require foregoing IP developed in Israel.

"We live in a global world and within five minutes you can open a company abroad and do things no less sophisticated in the US and Europe," said a senior executive in the cyberattack industry. "And if they make it difficult to live here and do the things that we are good at doing, we won't fight over something that we cannot win."

The Ministry of Defense said, "The Ministry, in cooperation with the Ministry of Foreign Affairs has tightened supervision over the past year on cyber exports and among other things has published a revised formulation for the 'end user declaration' that every country is required to sign as a condition for receiving licenses, for the export of cyber gathering systems and or intelligence systems. Alongside this, the State of Israel is examining special assistance for the cyber industry, which will protect their capabilities, even in a reality of stricter global regulation."

No response was received from Nemesis and Intellexa.

Published by Globes, Israel business news - en.globes.co.il - on April 25, 2022.

© Copyright of Globes Publisher Itonut (1983) Ltd., 2022.

Naftali Bennet address the Israel cyber conference Credit; Amos Ben-Gershom
Naftali Bennet address the Israel cyber conference Credit; Amos Ben-Gershom
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018