In the history of the tools of warfare, from the stone age slingshot to the drones and guided weapons of today, the 21st century has produced one of the most effective: the “silent” smartphone.
Terrorists, drug barons or insurgents can pick up a networked mobile phone almost anywhere. If they avoid voice calls – which can be intercepted – and use them just for computing and instant messaging services, they can transact nefarious business with little fear of detection.
A three-year-old Israeli startup, NSO, is selling what it calls “intelligence collection tools” that allow clients to combat perceived security threats posed by such users of smartphones. Its signature product is software that allows officials to obtain access to encrypted data transmitted via a user’s smartphone, tablet or other mobile device.
“Your smartphone today is the new walkie-talkie,” says Omri Lavie, NSO’s co-founder. “Most of your typical solutions for interception are inadequate, so a new tool had to be built.”
NSO is one of a growing cohort of cybersecurity companies in Israel, thought to number in the dozens, that trade in intelligence and security tools designed for a new era of cybercrime, designed to combat things ranging from hacking and phishing attacks on banks and companies to all-out cyberwarfare waged by state or non-state actors.
“There’s a boom here in the IT spectrum in Israel of creating new cybersolutions, whether it’s services, tools or products,” says Tal Pavel, an expert in internet and cyber threats in the Middle East, and chief executive of Middleeasternet, a consultancy that monitors and researches the Internet and cyberthreats in the Middle East and the Islamic world.
Nice Systems, one of the best-known, was started by seven former colleagues from the Israel Defence Forces who parlayed their military communications expertise into a business that helps companies sort, analyze and protect data and their operations.
Nyotron, a smaller five-year-old startup based in Herzliya, is the developer of Paranoid, a cybersecurity product that can kill computer viruses before they do any damage.
NSO, whose clients include foreign intelligence and law enforcement agencies, sits squarely towards the military and government, rather than the private sector, end of the cyber-continuum.
Israel’s prowess in all things cyber is well documented, if obscure in places: The country is widely held to have masterminded the Stuxnet computer worm that sowed chaos in Iran’s nuclear programme in 2010 , even if the Israeli government never admitted as much. Experts within Israel describe the country as one of five “cybersuperpowers” whose technological capabilities include the ability to crack open communications transmitted over mobile phones. (The other four such powers are said to be the U.S., the U.K., Russia and China.)
NSO might be described as a cyberwarfare company, but Mr. Lavie says not to use the word. Yair Pecht, NSO’s chief executive, agrees: “It’s not the right word,” he says.
They are speaking in the offices of a Tel Aviv public relations agency, rather than their head office in nearby Herzliya, and they both decline to be photographed. Nor will they address how their product works technologically, a matter Mr Lavie says is a “little sensitive.”
Even sharing a few illustrative stories about clients, with their nationalities omitted to help obscure their identity, is considered risky. “I don’t want to be beheaded,” Mr. Lavie jokes.
Instead, he says that marketing to foreign governments is a “very fine art.” Companies in the emerging cyberwarfare field cannot just go to trade fairs or rely on publicity and hope customers will come. Like conventional defence companies, they rely largely on private agencies that transact business for products on commission.
If the company is secretive itself, its clients also keep it out of the loop on much of their own business. “In some countries, we’re not even allowed to know where the building is, where [the product] will be installed,” says Mr Lavie. “Not only are we not allowed in the building, we don’t even know where the building is – it could be in another city.”
NSO emphasises that its business with foreign governments and government agencies is subject to approval from Israel’s defence ministry, which screens and monitors them before giving the green light. NSO will not say who its clients are, but its executives have visited about 35 countries over the past 18 months, they say.
At the same time, Mr. Lavie acknowledges that NSO’s signature product is an offensive, as opposed to a passive, cybertool. “It’s like laying a trap in the forest versus setting a sniper gun for a bear,” he says. “If you’re laying a trap, you’re hoping for your bear to wander out, but if you’re sitting in a bush waiting for a specific bear, once you see it you can actually act on it.”
Like Israel’s other companies that produce more conventional IT products, NSO got its start from the meshing of military and high-technology capabilities that have led some to term the country the “start-up nation.”
The company got its start in late 2010, funded with $1.6-million (U.S.) from private angel investors. Mr Lavie and his partner, Shalev Houlio, were serial entrepreneurs who had previously started Communitake, a company that allows telecoms companies’ help desks to gain remote access to customers’ mobile devices.
“We were approached several times by intelligence agencies and asked, ‘Can you do it without [the user’s] permission?’ ” Mr. Lavie recalls. “So we lied and we said, ‘Sure.’ We didn’t understand at the time that this was considered one of the holy grails of the industry.”
The company recruited Mr. Pecht, who served in the IDF’s elite Mamram computer unit before working for IBM, EDS and Alcatel-Lucent in Israel. Its partners raised more money from Aeromatics, a defence group that manufactures drones, then had the luck to buy out the investor just as it was making its first sale to an unnamed foreign government.
As an unlisted company, NSO does not report its earnings, but Mr. Lavie describes it as “massively profitable”. As for the unlikelihood of such companies listing, he notes: “One of my advantages [in not being listed] is that the things that are secret remain secret.”
Copyright The Financial Times Ltd. All rights reserved.