White-Hat’s hackers trawl the dark web in hunt for criminals

Tel Aviv-based startup staffed by former members of IDF intelligence units, who set up false identities and infiltrate black hat groups to foil cyber-attacks

Shoshanna Solomon is The Times of Israel's Startups and Business reporter

At White-Hat's offices in Tel Aviv, a white hat faces a Gur Fawkes mask of the type favored by the hacker group called Anonymous (Shoshanna Solomon/Times of Israel)
At White-Hat's offices in Tel Aviv, a white hat faces a Gur Fawkes mask of the type favored by the hacker group called Anonymous (Shoshanna Solomon/Times of Israel)

The offices of White-Hat Ltd., a cybersecurity firm in the heart of Tel Aviv, contain the typical trappings of a startup: workers waltz in at all hours on electric scooters or bikes, a ping pong table dominates the large open space and rows of desks with computers jostle each other around the sides of the room, to promote teamwork.

This startup different, though. None of the workers, except for the managers, agrees to have their photos taken and quickly cover their faces with their hands. That’s because they are hackers and they know the dangers of having your photos posted on social media or anywhere else. Once you are out there, on the web, anything is possible. Moreover, most of them are graduates of the Israeli army’s elite intelligence units and prefer to remain in the shadows.

These hackers know the shady secrets that lurk in that online universe called the dark or deep web, a world that works in parallel to the internet we know in a realm most of us are thankfully unaware of. It is a zone where users can surf anonymously and largely without a trace, and it is populated by arms dealers, pedophiles, terrorists and cyber criminals, among others. You can hire a hit man on the dark web, or buy a stolen credit card, and do it without leaving a footprint.

White-Hat’s hackers, mostly young men and women who joined after serving in the intelligence units of the Israeli army, live in this world and man the office desk 24/7. They plow through the web, set up false and numerous virtual identities, or so-called online avatars; they infiltrate hacker groups and forums to discover planned cyber-attacks, then prepare their clients before they occur. Watching them work is a bit like watching the latest season of “Homeland” or the movie “Snowden”: their screens are filled with diagrams and dots that connect one person or event to many, many others.

Ping-pong table, bikes in White-Hat's Tel Aviv offices (Shoshanna Solomon/TimesofIsrael)
Ping-pong table, bikes in White-Hat’s Tel Aviv offices (Shoshanna Solomon/TimesofIsrael)

“Our company deals with civilian cyber intelligence,” said Sharon Nimirovski, the CEO of the 4-year-old, 34-employee firm. The White-Hat hackers – white hats in the cyber world symbolize the good guys — collect intelligence about criminal or ransom attacks the black hat hackers — or the bad guys — are plotting.

“When you use hackers as hunters you get results,” Nimirovski said

Instead of the firewall or antivirus products offered by many other cybersecurity firms, White-Hat offers a service performed by its hackers.

“People are the core of the company,” said 29-year old Reut Menashe, WHite-Hat’s chief technology officer and head of its hackers team. “We don’t sell a product, but a service. Our product is intelligence.”

“Passive defense, in the sense of firewalls and antiviruses and web apps, are not enough anymore,” she added. “They were good five years ago. Information security officers need to be proactive and not reactive.”

That means protecting the company against future attacks, focusing on deterrence and being aware “that your whole organization needs to change. Cyber preparedness needs to reach all parts of your firm — from human resources to logistics and management. Everyone must understand that they are targets.”

White-Hat's CTO Reut Menashe (Courtesy)
White-Hat’s CTO Reut Menashe (Courtesy)

Last month a worldwide extortionate cyberattack wreaked havoc on over 10,000 organizations and 200,000 computers in over 150 countries, highlighting once more how vulnerable companies and nations are to the growing amount of cyber threats globally. The cybersecurity market is estimated to see growth from $112 billion in 2016 to $202 billion in 2021, according to MarketsandMarkets, a data firm.

The malware in question, specifically a ransomware attack known as WannaCry and WannaCrypt, spread quickly starting on Friday, May 12, and for much of the weekend. The worm took advantage of vulnerabilities in older versions of Microsoft Windows that were identified and stockpiled by the National Security Agency, and later stolen by hackers and published on the internet. The attackers encrypted files and held them for “ransom,” demanding between $300 and $600 worth of the crypto-currency bitcoin to unscramble the data and restore access.

The White-Hat team worked around the clock, even as Israeli firms were largely unaffected by the major damage of the attack.

White Hat's founder and CEO Sharon Nimirovski (Courtesy)
White Hat’s founder and CEO Sharon Nimirovski (Courtesy)

“We sent our customers the first vaccine against the attack within an hour” from when the attack was seen to have affected hospitals in the UK, Nimirovski said in an interview on May 14, as the world was still assessing the damage. The “vaccine” included IP addresses, URLs and file names that its customers were told to block.

Financial and healthcare firms around the world and in Israel and government ministries in Israel are among the firm’s clients, said Nimirovski, Before setting up White-Hat he worked as an information security officer in a private firm in Israel and as a chief technology officer at a local hospital.

White-Hat's offices in Tel Aviv (Shoshanna Solomon/TimesofIsrael)
White-Hat’s offices in Tel Aviv (Shoshanna Solomon/Times of Israel)

The company, which has so far been fueled by its own revenues, is now looking to raise funds to open a branch in New York and to finance the development of new cyber intelligence software that gives customers a full simulation of how their systems look to a hacker. Nimirovski has also recently set up a new company with Nigerian partners to set up a cyber operation center in Nigeria’s capital Abuja that services local banks and government offices by giving them cyber intelligence.

“The cyberthreat has no borders. It is a concern for both governments and the private sector,” said Menashe. “There has to be cooperation between the public and private sectors to ward off the threat.”

Her hackers scout for criminals that target the company’s customers, she said. But if they see an attack on the horizon, they will alert a concerned party even if it is not their client, she said. “We won’t sit quietly if we see an attack being organized on someone else,” she said.

The company has worked with the police to uncover pedophile networks in Israel, she said, and it also offers VIP cyber protection, a service for wealthy clients in which sensors are installed in all of the devices belonging to the customer and family members, such as mobile phones or laptops, which are then monitored for attempted hacks.

Desks and hackers at White-Hat offices in Tel Aviv (Shoshanna Solomon/TimesofIsrael)
Desks and hackers at White-Hat offices in Tel Aviv (Shoshanna Solomon/TimesofIsrael)

White Hat’s hackers “sift through huge amounts of data,” using software developed in-house and other tools to highlight issues that can be relevant to its clients. “From all of this we can make our deductions,” Menashe said. “We combine the abilities of very advanced machine learning with human faculties. Even with the best of software and machine learning, nothing is as good as the human brain. Maybe in a few years things will be different, but for now not yet.”

Israeli cybersecurity firms raised some $581 million in 2016, a 9 percent increase over 2015 and representing 15% of venture capital raised globally by cybersecurity firms, according to Start-up Nation Central, a Tel Aviv based nonprofit organization that aims to connect Israeli technology firms with investors.

“The cybersecurity industry is rapidly growing and filled with companies, many of which are dominant in the field. In addition, the cybersecurity market in Israel is extremely crowded, taking second place only to the US in its export of cybersecurity product and services,” said Ltd. in a report.

White-Hat meets a clear need of an “audience that is seeking higher performance alternatives,” Zirra said.

Even so, not much is known about the startup, as it does not have active profiles on the major social networks, has not raised outside money, and has been subject to little media coverage. is a Tel Aviv-based research firm that analyzes private companies using artificial intelligence and machine learning technologies.

Menashe, who joined White-Hat four years ago, has always had a passion for computers, she said.

“The people who work here love the field, and you have to be passionate about this work” because they spend so many hours doing their job, Menashe said.

“These are people who have been hackers since they were young,” she said. “White hat hackers stay on the right side of the law, and choose not to be black hats.”

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed