Why is an Israeli intelligence-linked company filtering US journalists’ emails?

a logo for proofpoint

Cyber security is a huge and sensitive industry.

SOPA Images

With cybersecurity increasingly a focus for military research and development around the world, it is little wonder that most major corporations and institutions are keen to hire trusted experts to secure their electronic communications.

However, some of these companies may not be all they seem and some organizations might be well served to look more deeply into who they hire to provide cybersecurity and the access to information such a role entails.

When the US Department of Justice, during the Trump administration, sought to search journalists’ emails to find who their sources were, it went straight to the company in charge of cybersecurity at some media outlets.

Ultimately, the request was turned down. But the attempt showed two things: A massive amount of data resides in the hands of third-party companies, and governments will go to great lengths to secure data they may find useful.

This should be of concern, because Proofpoint, the US cybersecurity company in question that was revealed by court documents to be filtering the emails of CNN and Washington Post journalists, has an extremely close relationship with Israeli intelligence.

Over the past six years, Proofpoint has acquired several companies set up by alumni of Israeli military and intelligence institutions, including one organization that attended a special invitation-only meeting funded by several Israeli government ministries.

In addition to cybersecurity for CNN and the Washington Post, Proofpoint also provided email filtering services for major British universities like SOAS, University College London and the University of Surrey.

Email filtering is the process of blocking unwanted or potentially malicious code or links that redirect the user to suspicious websites. It prevents emails that seek entry into the system to get access to sensitive data.

But it also involves giving a third party access to your data. According to Daniel Kahn Gillmor, a technologist at the American Civil Liberties Union: “When you engage a security company to do filtering on your data, you are giving that security company access to your data … employing a security company means trusting that company to not leak information they have about your internal communication.”

“Still in the game”

Proofpoint has 200 employees across four floors in the Azrieli Center in Tel Aviv, directly next door to the Israeli Ministry of Defense.

The company has been filtering the emails of the Washington Post since January 2015 and CNN since September 2017. During that time, Proofpoint has acquired three other cybersecurity companies that should cause significant concern to employees at CNN and the Washington Post.

The first company was FireLayers, an Israeli startup. It was fully funded by YL Ventures, an Israeli seed stage or angel funding investor that specifically targets organizations set up by former Israeli military personnel.

According to the Wall Street Journal, YL Ventures receives alerts “based on the background of potential founders … indicators of interest include whether they’re in the IDF.”

Ben Bernstein of Twistlock says, “YL Ventures has a terrific reputation among ex-IDF cybersecurity veterans.”

The individual behind YL Ventures is Yoav Andrew Leitersdorf, who is due to speak at the 2023 CyberTech Global conference in Tel Aviv alongside both the president and prime minister of Israel, Isaac Herzog and Naftali Bennett respectively, if the latter stays in his role.

He has previously spoken at similar events alongside former Israeli prime minister Benjamin Netanyahu (who is also due to speak in 2023), including some sponsored by the Israeli foreign ministry and ministry of economy and industry. He has been hosted by the Israeli military’s tech unit to talk about his work with YL Ventures.

FireLayers, meanwhile, was founded by Yair Grindlinger and Doron Algrassi, both described by Haaretz as “veterans of the IDF’s computer unit.”

Grindlinger describes himself as a former officer in the Mamram unit – the Israeli military’s computer and technology unit. When he was asked if his time in the military contributed to his work with FireLayers, he cryptically responded: “It has been a while since then and I am still in the game.”

The year before Proofpoint acquired FireLayers in 2016, Grindlinger represented the company at a US-Israel cyberspace and intelligence conference at the Institute for National Security Studies in Washington DC. The meeting was billed as a “synergetic hub that initiates cooperation between Israeli, US and worldwide entities.”

The conference included an Israeli delegation of 70 participants from various government offices. Keynote speakers at the conference included the former head of Grindlinger’s unit in the military, Uzi Moscovici, and Amos Yadlin, the former head of Israeli military intelligence.

The program for the conference states that “the Israeli government is supporting this event by sponsoring Israeli companies to come and present.” It also lists among its supporters Israel’s foreign, intelligence and economy ministries as well as the cybertechnology unit (C41) of the Israeli military.

The former CEO of Israeli Military Industries (IMI), Udi Ganani, was also in attendance in 2015.

His company is believed to have manufactured the 5.56mm bullet that took the life of Al Jazeera correspondent Shireen Abu Akleh.

Grindlinger is quoted on the conference promotion material expressing his gratitude, on behalf of Firelayers, for the invitation.

A year after that conference, Proofpoint, the company that was filtering the emails of Washington Post journalists, acquired Firelayers.

Less than a year after the acquisition of Firelayers, Proofpoint would be filtering the emails of CNN journalists too.

Other links

In 2019, Proofpoint also bought Israeli startup Meta Networks.

The founder of Meta Networks is Alon Horowitz, a former officer in the Israeli military’s engineering corps, a position that, he claims, had a “very high security clearance which required taking a polygraph test every couple of years.”

Meta Networks has also employed other alumni of the Israeli military and intelligence institutions.

Another company acquired by Proofpoint in 2019 was ObserveIT.

ObserveIT was founded in 2006 by Gaby Friedlander and Avi Amos and has a research and development center in Tel Aviv.

It too draws staff from Israeli military and intelligence. Sometimes this works in reverse. Uri Chotzen went from working for ObserveIT for a year to working for Israeli intelligence for three years.

The revolving door between these cybersecurity companies, the tech sector in general and Israeli military and intelligence is notable.

Perhaps unsurprisingly, following these three companies’ acquisition by Proofpoint, there has been a large expansion of former Israeli military members employed by the organization.

And not only military: Proofpoint’s current senior HR business partner is Noam Korotky Salhov, who previously worked for six years doing an undisclosed job at the Israeli prime minister’s office.

The vice president of cloud security products at Proofpoint is Elad Horn, previously a section commander at the Israeli military’s notorious Unit 8200 for five years.

The senior director of security research, meanwhile, is Roie Cohen Duwek, who served in the Israeli military intelligence corps’ technological unit.

There are many more current employees of Proofpoint with Israeli military and intelligence backgrounds.

The connections between Proofpoint and Israeli intelligence do not end there. The company is owned by Thoma Bravo. Thoma Bravo also owns Applittools, which was founded by Gil Sever, who spent 17 years in an “elite intelligence unit” in the Israeli military.

Another venture of Thoma Bravo is ironSource, where the DevOps engineer Asaf Levy is also simultaneously DevOps engineer in the Israeli military.

A past in the Israeli military does not of itself, of course, prove much.

However, when major international media and educational establishments have trusted Proofpoint – and their questionable connections to Israeli intelligence – with their email security, due diligence is surely called for.

The conflicts of interest, which Proofpoint is riven with, should deeply worry students and journalists alike.

Lowkey is a British-Iraqi musician and academic who can be followed here @lowkey0nline.