FYI.

This story is over 5 years old.

Tech

Israeli Government Asked European Security Companies for Zero-Days in Unsolicited Emails

Israel cast a wide net in Europe too, looking to purchase zero-days for its law enforcement and intelligence agencies.
Image: joshuapiano/Flickr

The Israeli government has been looking to purchase hacking tools from European cybersecurity firms and researchers through its Berlin embassy, Motherboard has learned.

Friday, Motherboard published a letter that the Israeli government sent to several security firms in the US. The letter asked for so-called zero-days, hacking tools that exploit unpatched vulnerabilities in software, and which are unknown to the affected vendor. These tools are often used by law enforcement and intelligence agencies—and criminals—to hack the phones and computers of targets.

Advertisement

Read more: How a Tiny Startup Became the Most Important Hacking Shop You’ve Never Heard Of

As it turns out, Israel was casting a wide net in Europe too. A European source shared an unsolicited email they received from the Israeli embassy in Berlin in August of 2017. The email contains much of the same language used in the 2015 letter sent to American companies.

“Does your company profile include zero-day vulnerabilities R&D?” the letter reads. “Does your company purchase zero-day vulnerabilities and exploits from a third party?”

Got a tip? You can contact Lorenzo Franceschi-Bicchierai securely on Signal on +1 917 257 1382 and Joseph Cox on Signal on +44 20 8133 5190. Details on our SecureDrop, a system to anonymously submit documents or information, can be found here.

A source from a European firm which has sold exploits to government agencies said they also received a similar letter from the Israeli government a number of years ago.

Notably, it seems the Israeli government didn’t even limit its request of zero-days to those who explicitly make exploits. The source who shared the email with Motherboard said they were surprised to receive it given that they are “miles from an exploit developer.” That being said, information security researchers, with no public-facing mention of zero-days, have been known to quietly sell capabilities to governments on the side.

The source also said they were reluctant to work with Israel.

“I'd be happy to help my own boys out but a foreign one not so much,” the source, who asked to remain anonymous to discuss sensitive issues, told Motherboard.

The Israeli embassy and consulate in Germany did not immediately respond to a request for comment.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.