Israel reached out to US hackers for ‘Zero Days’ tools
Leaked 2015 Defense Ministry letter soliciting information on software vulnerabilities described as ‘bizarre’ by some recipients
A 2015 letter by the Israeli Defense Ministry to American hackers and companies who specialize in creating so-called “Zero Days” cyber exploits offers a rare glimpse into how some governments are working to thwart the increasingly common tools designed to secretly exploit software vulnerabilities.
The unsolicited letter, newly obtained by Motherboard, was called “bizarre” by some of its recipients, who said they had no prior contact with the Israeli government.
“The Government of Israel Ministry of Defense [GOIMOD] is interested in advanced Vulnerabilities R&D and zero-day exploits for use by its law enforcement and security agencies for a wide variety of target platforms and technologies,” said the letter, reportedly sent by the Israeli consulate in New York. “We are interested in both offensive and defensive cyber security contractors focused in vulnerabilities R&D that will enable the GOI-MOD to identify and engage with relevant team and projects.”
One anonymous recipient of the Israeli request called it “very irregular,” while another told the website that “there wasn’t a single thing about this that was normal. I don’t know what the mission was, given how bizarre it was.”
Read: Mutually assured cyber destruction?
But the cyber security experts interviewed by Motherboard downplayed the unusually blunt request as a standard governmental Request for Information.
“I’ve seen plenty of RFIs just like this from US government agencies,” a former US government contractor told the website.
Israel is considered a global leader in cyberdefense technologies, garnering some 20 percent of the global private investments in cybersecurity, according to government data. A 2016 report on the industry showed that there are some 430 cybersecurity companies currently operating in Israel, with an average of 52 new startups established in the sector annually since 2000.
In 2010, malicious software called Stuxnet significantly disrupted an Iranian uranium-enrichment facility, temporarily setting back Tehran’s nuclear ambitions. Although neither country has openly admitted responsibility, the worm is believed to be a jointly made US-Israeli cyberweapon.
