Yet, this simulation was not a government-organized exercise but was instead orchestrated by a private company with deep ties to foreign and domestic intelligence services, a company that is also funded by investors with clear connections to individuals who would stand to benefit if such a catastrophic election outcome were to become reality.<\/p>\n
Much of the rhetoric since the last presidential election in 2016 has focused on the issue of foreign meddling by U.S. rival states like Russia, while China has emerged as the new \u201cmeddler\u201d of choice in American corporate media as the 2020 election approaches. Though time has revealed that many of the post-2016 election meddling claims were not as significant as initially claimed, the constant media discussion of foreign threats to U.S. democracy and electoral processes \u2013 whether real or imagined \u2013 has undeniably created a climate of fear.<\/p>\n
Those fears have since been preyed upon by neoconservative groups and the U.S. military-industrial complex, both of which are hardly known for their love of demcratic processes, to offer a series of ready-made solutions to these threats that actually undermine key pillars of American democracy, including\u00a0independent reporting<\/a>\u00a0and\u00a0voting machine software<\/a>.<\/p>\n However, many of the very same media outlets and groups that frequently fretted about Russia, China or another rival state meddling in U.S. democracy have largely ignored the role of other nation states, such as Israel, in efforts to sway\u00a0the last U.S. election in 2016<\/a>\u00a0and meddle in numerous elections in\u00a0Africa, Latin America and Asia<\/a>\u00a0in the years since.<\/p>\n As a consequence of this climate of fear, it should be hardly surprising that the corporate media lauded the recent 2020 election simulation that ended in an abysmal failure for U.S. officials, the cancellation of the U.S. election and the imposition of martial law. Yet, none of those reports on the exercise noted that the company that hosted the simulation, called Cybereason, is led by ex-members of Israel\u2019s military intelligence unit 8200, advised by former top and current officials in both Israeli military intelligence and the CIA. In addition, it is funded by and partnered with top U.S. weapons manufacturer and government contractor Lockheed Martin and financial institutions with clear and direct ties to Saudi Crown Prince Mohammed bin Salman and White House adviser and the president\u2019s son-in-law Jared Kushner. Also left unmentioned in media reports on Cybereason\u2019s election simulations is the fact that Cybereason\u2019s CEO, Lior Div, has\u00a0openly admitted<\/a>\u00a0that he views his work at Cybereason as a \u201ccontinuation\u201d of his service to Israel\u2019s intelligence apparatus.<\/p>\n With Cybereason planning to host more simulations in cooperation with federal agencies as the U.S. election inches closer, a deeper exploration of this company, its ties to intelligence and military contractors in the U.S. and Israel and its financial ties to key Trump allies both domestically and abroad warrants further investigation.<\/p>\n In this two-part series,\u00a0MintPress<\/em>\u00a0will not only explore these aspects but also how many of the technologies wielded by the \u201cbad actors\u201d in the Cybereason election simulation have been pioneered and perfected, not by U.S. rival states, but by Israeli companies and start-ups with clear ties to that country\u2019s intelligence apparatus.<\/p>\n Also notable is the fact that Cybereason itself has covertly become a major software provider to the U.S. government and military through its direct partnership with Lockheed Martin, which followed the defense company\u2019s decision to open an office at the Israeli military\u2019s new cyber operations hub in the Negev desert. In examining all of these interlocking pieces, a picture emerges of a potentially sinister motive for Cybereason\u2019s simulations aimed at gauging how U.S. federal officials respond to crisis situations on Election Day.<\/p>\n Understanding \u201cOperation Blackout\u201d<\/strong><\/p>\n In early November, a team of \u201chackers\u201d working for the private U.S.-based, Israeli-founded company Cybereason conducted\u00a0a 2020 election simulation<\/a>\u00a0with members of various U.S. agencies, namely the DHS, FBI and the U.S. Secret Service. The simulation was organized by Cybereason and the law firm Venable and the U.S. agencies in attendance were invited and appear to not have been charged to participate.<\/p>\n The simulation, titled \u201cOperation Blackout,\u201d was set in a fictional swing state called \u201cAdversaria\u201d and pitted \u201cethical hackers\u201d from Cybereason against a team of federal and local law enforcement officials. The opposing teams were supervised by a \u201cwhite team\u201d composed of members of Cybereason\u2019s staff and\u00a0Ari Schwartz<\/a>\u2014a former member of the White House\u2019s National Security Council and the National Institute of Standards and Technology (NIST)\u2014who set the rules of the simulation and would ultimately decide its outcome. Schwartz also used to work for the Center for Democracy and Technology (CDT), a major backer of Microsoft\u2019s\u00a0ElectionGuard software<\/a>.<\/p>\n Operation Blackout did not involve hackers targeting election software or voting machines, instead, it focused on civilian infrastructure and psychological operations against the American citizens in the fictitious \u201cAdversaria\u201d on election day. The hacker team was led by Cybereason co-founder Yonathan Striem-Amit, a\u00a0former contractor<\/a>\u00a0for Israeli government agencies and a\u00a0former operative<\/a>\u00a0for the elite Israeli military intelligence Unit 8200, best known for its cyber offensives against other governments.<\/p>\n \u201cIn a country as fragmented as the US, the number of people needed to influence an election is surprisingly small,\u201d Striem-Amit\u00a0told\u00a0Quartz<\/em><\/a>\u00a0of the exercise. \u201cWe attempted to create havoc and show law enforcement that protecting the electoral process is much more than the machine.\u201d<\/p>\n Streim-Amit\u2019s team completely devastated the U.S. law enforcement team in Operation Blackout by not only causing chaos but murdering numerous civilians. Hackers took control of city buses, ramming them into civilians waiting in line at polling stations, killing 32 and injuring over 200. They also took control of city traffic lights in order to cause traffic accidents, used so-called \u201cdeepfakes\u201d to conduct psychological operations on the populace and created fake bomb threats posing as the terror group ISIS, which incidentally has its\u00a0own ties<\/a>\u00a0to Israeli intelligence<\/a>. Telecom networks and news outlets within the fictitious states were also hacked and flooded with deepfakes aimed at spreading disinformation and panic among U.S. citizens.<\/p>\n The supervising team, composed of Cybereason employees and former NSC member Ari Schwartz, decided that the outcome of the face-off between the hacker and law enforcement teams was the outright cancellation of the 2020 election, the declaration of martial law by authorities, the growth of public fear regarding terrorism and allegations of U.S. government collusion with a foreign actor. Cybereason has stated that they will soon conduct another 2020 election simulation with federal authorities as the election draws closer.<\/p>\n Given how the simulation played out, it is quite clear that it is a far cry from the actual scope of alleged foreign meddling during the 2016 election, meddling which was allegedly the motivation behind Operation Blackout. Indeed, the extent of Russian interference in the 2016 election\u00a0amounted to<\/a>\u00a0$100,000 worth of Facebook ads over three years, 25 percent of which were never seen by the public, and claims that Russian state actors were responsible for leaking emails from the then-Democratic presidential nominee Hillary Clinton and the Democratic National Committee (DNC). In contrast, Operation Blackout went well beyond any observed or even imagined \u201cforeign meddling\u201d related to the 2016 election and appears more like a terror attack targeting elections than a covert means of manipulating their outcomes.<\/p>\n Several mainstream publications have covered Operation Blackout but have failed to note that the company behind them has deep ties to foreign intelligence outfits and governments with a documented history of manipulating elections around the world, including the 2016 U.S. election.<\/p>\n Quartz<\/em>\u00a0framed the exercise<\/a>\u00a0as important for \u201cpreparing for any and all possibilities in 2020,\u201d which \u201chas become an urgent task for US regulators and law enforcement.\u201d Similarly,\u00a0CyberScoop<\/em><\/a>\u00a0treated the simulation as a \u201csophisticated exercise to help secure the vote.\u201d\u00a0Other articles<\/a>\u00a0took the same stance.<\/p>\n A series of simulations<\/strong><\/p>\n In the weeks after the Washington area election simulation, Cybereason\u00a0repeated the same exercise<\/a>\u00a0in London, this time with members of the U.K. Intelligence agency GCHQ, the U.K. Foreign Office and the Metropolitan Police. The law enforcement team in the exercise, which included the U.K. officials, was headed by a Cybereason employee\u2014Alessandro Telami, who\u00a0formerly worked<\/a>\u00a0for the NATO Communications and Information Agency (NCI). Like the prior simulation conducted in the U.S., Cybereason did not appear to charge U.K. government agencies for their participation in the exercise.<\/p>\n Cybereason has\u2014with little fanfare\u2014been promoting extreme election day scenarios since before the 2016 election. Cybereason\u2019s first mention of these tactics appears in a\u00a0September 2016 blog post<\/a>\u00a0written by the company\u2019s CEO and former Israeli government contractor\u00a0Lior Div<\/a>\u2014a former leader of offensive cyberattacks for the IDF\u2019s elite Unit 8200 and a former development group leader at the\u00a0controversial Israeli-American corporation Amdocs<\/a>.<\/p>\n Div wrote that hackers may target U.S. elections by \u201cbreaking into the computers that operate traffic lighting systems and interfering with the ones around polling stations to create massive traffic jams, \u201chacking polling companies,\u201d and \u201ctargeting live election coverage on cable or network television stations.\u201d A\u00a0follow-up post<\/a>\u00a0by Div from October 2016 added further meddling tactics such as \u201ccut power to polling stations\u201d and \u201cmess with a voter\u2019s mind.\u201ddiv<\/p>\n Two years later, Cybereason held its first election meddling simulation, touting many of these same tactics, in Boston. The simulation focused on local and state responses to such attacks and saw Boston-based Cybereason invite Massachusetts state and local officials as well as Boston police officers and a former police commissioner to participate. \u201cTwitter accounts spreading fake news,\u201d \u201cturning off a city\u2019s closed-circuit cameras,\u201d \u201chacking self-driving cars and navigation apps,\u201d and \u201ctargeting a city\u2019s 911 call center with a DDoS attack\u201d were all used in the\u00a0simulation<\/a>, which saw Cybereason\u2019s \u201cethical hackers\u201d attempt to disrupt election day.\u00a0Media coverage of the simulation<\/a>\u00a0at the time framed it as a necessary preparation for countering \u201cRussian\u201d threats to U.S. democracy. Like the more recent simulations, the mock election was canceled and voter confidence in the electoral process was devastated.<\/p>\n This past July, Cybereason\u00a0conducted a similar simulation<\/a>\u00a0with officials from the FBI, DHS and the Secret Service for the first time. That simulation, which also took place in Boston, was remarkably similar to that which occurred in November. One intelligence officer from DHS who participated in the July exercise called the simulation \u201cvery realistic.\u201d Another claimed that the simulation was a way of applying \u201clessons learned from 9\/11\u201d by preventing the government\u2019s \u201cfailure of imagination\u201d that officials have long alleged was the reason for the government\u2019s inability to thwart the September 11 attacks. Notably, The U.S. military simulated a scenario in which terrorists flew airplanes into the Pentagon\u00a0less than a year<\/a>\u00a0before the September 11 attacks.<\/p>\n Participating government officials, Cybereason staff and the media have consistently touted the importance of these simulations in securing elections against extreme threats, threats which\u2014to date\u2014have never materialized due to the efforts of foreign or domestic actors on election day. After all, these exercises are only simulations of possibilities and, even if those possibilities seem implausible or unlikely, it is important to be prepared for any eventuality.<\/p>\n But what if the very figures behind these simulations and the investors that fund them had a history of election meddling themselves? Cybereason\u2019s deep ties to Israeli intelligence, which has a documented history of aggressive espionage and election meddling in the United States and in several nations worldwide, warrant a deeper look into the firms\u2019 possible motives and the myriad conflicts of interest that arise in giving it such unprecedented access to the heart of America\u2019s democracy.<\/p>\n What does Cybereason do?<\/strong><\/p>\n Cybereason\u2019s interest in terror events during elections seems out of place given that the company itself is focused on selling technological cybersecurity solutions like antivirus and ransomware protection software, software products that would be minimally effective against the type of threat encountered in the company\u2019s election day simulations.<\/p>\n Cybereason is often described as offering a comprehensive technological defense platform to companies and governments that combines a next-generation antivirus with endpoint detection and response (EDR), which enables the company to respond to typical viruses and malware as well as sophisticated, complex attacks. The platform makes heavy use of artificial intelligence (AI) and cloud computing and\u00a0specifically uses<\/a>\u00a0Amazon Web Services (AWS), which is used by a litany of private companies as well as\u00a0U.S. intelligence agencies<\/a>.<\/p>\n While many cybersecurity platforms combine antivirus and antimalware with EDR and AI, Cybereason claims that their military background is what sets them apart. They have\u00a0marketed themselves<\/a>\u00a0as offering \u201ca combination of military-acquired skills and cloud-powered machine learning to endpoint detection and response\u201d and actively cite the fact that most of their employees are former members of Unit 8200 as proof that they are \u201capplying the military\u2019s perspective on cybersecurity to enterprise security.\u201d<\/p>\n In 2018, Cybereason\u2019s former senior director for intelligence, Ross Rustici,\u00a0described<\/a>\u00a0the platform to\u00a0CBR<\/em>\u00a0as follows:\u00a0\u201cOur founders are ex-Israeli intelligence who worked on the offensive side. They basically wanted to build a tool that would catch themselves. We follow the kill chain model started by Lockheed Martin [now a major investor in Cybereason] and try to interrupt every stage once an intruder\u2019s inside a target network.\u201d<\/p>\n Lior Div, Cybereason\u2019s CEO described the difference between his company\u2019s platform and that of past market leaders in this way to\u00a0Forbes<\/em><\/a>:\u00a0\u201cThe old guard of antivirus companies like Symantec and McAfee would install something to block endpoints and you needed to do a lot [of monitoring] to make sure you weren\u2019t under attack. We came with a different approach to see the whole enterprise and leverage AI to be able to fully autonomously identify where attackers are and what they\u2019re doing.\u201d<\/p>\n Thus, in looking at Cybereason\u2019s product and its marketing objectively, it seems that the only innovative component of the company\u2019s system is the large number of ex-military intelligence officers it employs and its tweaking of a previously developed and automated model for threat engagement, elimination and prevention.<\/p>\n Instead, Cybereason\u2019s success seems to owe to its prominent connections to the private and public sectors, especially in Israel, and its investors who have funneled millions into the company\u2019s operations, allowing them to expand rapidly and quickly claim a dominant position in emerging technology markets, such as\u00a0the Internet of Things (IoT)<\/a>\u00a0and\u00a0advanced healthcare systems<\/a>.<\/p>\n Their considerable funding from the likes of Lockheed Martin and Softbank, among others, has also helped them to expand their international presence from the U.S., Europe and Israel into\u00a0Asia<\/a>\u00a0and\u00a0Latin America<\/a>, among other places. Notably, while Cybereason is open about their investors and how much funding they receive from each, they are\u00a0extremely secretive<\/a>\u00a0about their financial performance as a company and decline to disclose their annual revenue, among other indicators. The significance of Cybereason\u2019s main investors in the context of the company\u2019s election simulations and its ties to Israeli and U.S. intelligence (the focus of this article) will be discussed in Part 2.<\/p>\n Cybereason also includes a security research arm called Nocturnus,\u00a0currently headed by<\/a>\u00a0a former Unit 8200 officer. Nocturnus will be explored further in Part 2 of this series, as it essentially functions as a private intelligence company in the tech sector and has been behind\u00a0several recent claims<\/a>\u00a0that have attributed alleged hacks to state actors, namely China and North Korea. For now, it is important to keep in mind that Nocturnus utilizes Cybereason\u2019s \u201cglobal network of millions of endpoints\u201d for its intelligence gathering and research, meaning the endpoints of every device to which Cybereason\u2019s software has access.<\/p>\n Given what Cybereason provides as a company, their interest in offering election simulations to government officials free of charge seems odd. Indeed, in the simulations hosted by Cybereason for U.S. officials, there is little opportunity for the company to market their software products given that the simulation did not involve electronic voting infrastructure at all and, instead, the malevolent actors used deep fakes, disinformation and terror attacks to accomplish their goals. Why then would this company be so interested in gauging the response of U.S. law enforcement to such crises on election day if there is no sales pitch to be made? While some may argue that these simulations are an altruistic effort by the company, an investigation into the company\u2019s founders and the company\u2019s ties to intelligence agencies suggests that this is unlikely to be the case.<\/p>\n The people behind Cybereason<\/strong><\/p>\n Cybereason was created in 2012 by three Israelis, all of whom served together as officers in the Israel Defense Force\u2019s elite technological and signals intelligence unit, which is most often referred to as Unit 8200. Unit 8200 has been the subject of several\u00a0MintPress<\/em>\u00a0investigative reports<\/a>\u00a0over the past year<\/a>\u00a0focusing on its ties to the tech industry.<\/p>\n Unit 8200 is an elite unit of the Israeli Intelligence corps that is part of the IDF\u2019s Directorate of Military Intelligence and is involved mainly in signal intelligence, surveillance, cyberwarfare and code decryption. It is also well-known for its surveillance of Palestinian civilians and for using intercepted communications as blackmail in order to procure informants among Palestinians living under occupation in the West Bank.<\/p>\n The unit is frequently described as the Israeli equivalent of the NSA and Peter Roberts, a senior research fellow at Britain\u2019s Royal United Services Institute, characterized the unit in\u00a0an interview<\/a>\u00a0with the\u00a0Financial Times<\/em>\u00a0as \u201cprobably the foremost technical intelligence agency in the world and stand[ing] on a par with the NSA in everything except scale.\u201d Notably, the NSA and Unit 8200 have collaborated on numerous projects, most infamously on the\u00a0Stuxnet virus<\/a>\u00a0as well as the\u00a0Duqu malware<\/a>.<\/p>\n Given the secrecy of the work conducted by Unit 8200, it is hard to know exactly what Cybereason\u2019s co-founders did while serving in the controversial unit, however,\u00a0a brief biography<\/a>\u00a0of the company\u2019s current CEO and co-founder Lior Div states that \u201cDiv served as a commander [in Unit 8200] and carried out some of the\u00a0world\u2019s largest cyber offensive campaigns against nations<\/strong>\u00a0and cybercrime groups. For his achievements, he received the Medal of Honor, the highest honor bestowed upon Unit 8200 members (emphasis added).\u201d<\/p>\n After having served in leadership positions within Unit 8200, all three Cybereason co-founders went on to work for private Israel-based tech or telecom companies with a history of aggressive espionage against the U.S. government.<\/p>\n Cybereason co-founders\u00a0Yonathan Striem Amit<\/a>\u00a0(Cybereason\u2019s Chief Technology Officer) and\u00a0Yossi Naar<\/a>\u00a0(Cybereason Chief Visionary Officer) both worked for Gita Technologies shortly before founding Cybereason with fellow Unit 8200 alumnus Lior Div. Gita, according to public records, is\u00a0a subsidiary of Verint Systems<\/a>, formerly known as Comverse Infosys.<\/p>\n Verint\/Comverse was initially funded by the Israeli government and was founded by Jacob \u201cKobi\u201d Alexander, a former Israeli intelligence officer who was wanted by the FBI on nearly three dozen charges of\u00a0fraud, theft, lying, bribery, money laundering and other crimes<\/a>\u00a0for over a decade until he was finally\u00a0extradited to the United States<\/a>\u00a0and pled guilty to some of those charges in 2016.<\/p>\n Despite its history of corruption and foreign intelligence connections, Verint\/Comverse was hired by the National Security Agency (NSA) to create backdoors into all the major U.S. telecommunications systems and major tech companies, including Facebook, Microsoft and Google. An article on Verint\u2019s access to U.S. tech infrastructure\u00a0in\u00a0Wired<\/em><\/a>\u00a0noted the following about Verint: \u201cIn a\u00a0rare and candid admission<\/a>\u00a0to Forbes, Retired Brig. Gen. Hanan Gefen, a former commander of the highly secret Unit 8200, Israel\u2019s NSA, noted his former organization\u2019s influence on Comverse, which owns Verint, as well as other Israeli companies that dominate the U.S. eavesdropping and surveillance market. \u2018Take NICE, Comverse and Check Point for example, three of the largest high-tech companies, which were all directly influenced by 8200 technology,\u2019 said Gefen.\u201d<\/p>\n Federal agents\u00a0have reported systemic breaches<\/a>\u00a0at the Department of Justice, FBI, DEA, the State Department, and the White House going all the way back to the 1990s, breaches they claimed could all be traced back to two companies: Comverse\/Verint and Amdocs. Cybereason\u2019s other co-founder and current CEO,\u00a0Lior Div<\/a>, used to work for Amdocs as the company\u2019s development group leader.<\/p>\n After leaving Amdocs, Div founded a company called Alfatech. Alfatech\u00a0publicly claims<\/a>\u00a0to specialize in \u201cprofessional Head Hunting and Quality Recruiting services,\u201d yet it has no\u00a0functional website<\/a>. Despite its publicly stated mission statement,\u00a0Israeli media reports<\/a>\u00a0that mention Alfatech describe it as \u201ca cybersecurity services company for Israeli government agencies.\u201d No reason for the obvious disconnect between the company\u2019s own claims and those made by the media has been given.<\/p>\n Div left Alfatech in 2012 to found Cybereason alongside Striem-Amit and Naar. According to\u00a0an interview that Div gave to\u00a0TechCrunch<\/em><\/a>\u00a0earlier this year, he stated that his work at Cybereason is \u201cthe continuation<\/strong>\u00a0of the six years of training and service he spent working with the Israeli army\u2019s 8200 Unit (emphasis added).\u201d Div was\u00a0a high-level commander<\/a>\u00a0in Unit 8200 and \u201ccarried out some of the world\u2019s largest cyber offensive campaigns against nations and cybercrime groups\u201d during his time there.\u00a0TechCrunch<\/em>\u00a0noted that \u201cAfter his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations,\u201d an apparent reference to his work at Alfatech.<\/p>\n Even deeper ties to intelligence<\/strong><\/p>\n Not only do Cybereason\u2019s own co-founders have considerable links to the Israeli government, Israeli intelligence and intelligence-connected private companies, but it also appears that the work of Cybereason itself is directly involved with Israeli intelligence.<\/p>\n The company periodically publishes reports by a secretive faction of the company called the Cybereason Intelligence Group or CIG. The\u00a0only description<\/a>\u00a0of CIG\u2019s composition available on Cybereason\u2019s website is as follows:\u00a0\u201cThe Cybereason Intelligence Group was formed with the unique mission of providing context to the most sophisticated threat actors. The group\u2019s members include experts in cyber security and international security\u00a0from various government agencies, including the Israel Defense Forces\u2019 Unit 8200<\/strong>, which is dedicated to conducting offensive cyber operations. Their primary purpose is to examine and explain the Who and the Why behind cyber attacks, so that companies and individuals can better protect themselves (emphasis added).\u201d<\/p>\n It is unclear how many members comprise CIG and if its members are employees of only Israeli government agencies, or if it includes officials from the U.S. government\/Intelligence or other governments. However, what is clear is that it is composed entirely of government officials, which include active members of Unit 8200, and that the purpose of the group is to issue reports that place blame for cyberattacks on state and non-state actors. Perhaps unsurprisingly, the vast majority of CIG\u2019s reports published by Cybereason focus exclusively on\u00a0Russia<\/a>\u00a0and\u00a0China<\/a>. When\u00a0discussing nation-state cyber threats in general<\/a>, Cybereason\u2019s website only mentions China, North Korea, Iran and Russia by name, all of which are incidentally rival states of the U.S. government. Notably, Israel\u2019s government\u2014listed as a\u00a0\u201cleading espionage threat\u201d<\/a>\u00a0to U.S. financial institutions and federal agencies by the U.S.\u2019 NSA\u2014is absent from Cybereason\u2019s discussions of state actors.<\/p>\n In addition to CIG, Cybereason\u2019s cybersecurity research arm,\u00a0Nocturnus,<\/a>\u00a0includes several Unit 8200 alumni and former Israeli military intelligence and government contractors and\u00a0has assigned blame to state actors<\/a>\u00a0for several recent hacks. It also has claimed to have discovered more such hacks but has declined to publicly disclose them due to the \u201csensitive\u201d nature of the hacks and companies affected.<\/p>\n Other hints at Cybereason\u2019s connections to state intelligence can be seen in its\u00a0advisory board<\/a>.\u00a0Robert Bigman<\/a>, the former Chief Information Security Officer (CISO) for the Central Intelligence Agency (CIA) who oversaw the spy agency\u2019s \u201ccommercial partner engagement<\/a>\u201d program (i.e. alliances with the private tech sector), is a key figure on the company\u2019s advisory board. According to\u00a0his biography<\/a>, Bigman \u201c contributed to almost every Intelligence Community information security policy\/technical standard and has provided numerous briefings to the National Security Council, Congress and presidential commissions. In recognition of his expertise and contributions, Bigman has received numerous CIA and Director of National Intelligence Awards.\u201d<\/p>\n Unmentioned in his biography published his own website, or on Cybereason\u2019s website, is that Bigman is also\u00a0an advisor<\/a>\u00a0to another Israeli tech company, Sepio Systems. The\u00a0chairman of Sepio<\/a>, Tamir Pardo, is a self-described \u201cleader\u201d in the cybersecurity industry and former director of Israel\u2019s Mossad. Sepio is\u00a0funded by<\/a>\u00a0a venture capital firm\u00a0founded by the creators<\/a>\u00a0of the controversial Israeli spy tech company NSO Group, which has received a slew of negative press coverage after its software was sold to several governments who used it to spy on dissidents and human rights activists.<\/p>\n In addition to Bigman, Cybereason\u2019s advisory board includes\u00a0Pinchas Buchris<\/a>, the former head of Unit 8200 and former managing director of the IDF. Not unlike Bigman, Buchris\u2019 bio fails to mention that he sits\u00a0on the board of directors of Carbyne911<\/a>, alongside former Israeli Prime Minister Ehud Barak and Nicole Junkerman, both well-known associates of intelligence-linked sex trafficker Jeffery Epstein. Epstein himself poured at least $1 million into Carbyne, an Israeli company that seeks to run all 911 call centers in the U.S. at the national level and has close ties to the Trump administration. More information on Carbyne and its ties to Israeli and U.S. intelligence as well as its connection to coming pre-crime policies to be enacted in 2020 by the U.S. Department of Justice can be found in\u00a0this\u00a0MintPress<\/em>\u00a0report<\/a>\u00a0from earlier this year. Given that Cybereason\u2019s election day simulations involve the simulated collapse of 911 call center functionality, Buchris\u2019 ties to both Cybereason and Carbyne911 are notable.<\/p>\n Another notable Cybereason advisor is the former commissioner of the Boston Police Department, Edward Davis. Davis heavily promoted Cybereason\u2019s disturbing election day simulations and even participated directly in one of them. He was also police commissioner of the Boston PD at the time of the Boston Marathon bombing and oversaw\u00a0the near-martial law conditions<\/a>\u00a0imposed on the city during the manhunt for the alleged perpetrators of that bombing (who themselves had\u00a0a rather odd relationship<\/a>\u00a0with the FBI). This is notable given that Cybereason\u2019s election day simulations ended with martial law being imposed on the fictional city used in the exercise<\/p>\n Cybereason also\u00a0has several advisors<\/a>\u00a0who hold top positions at powerful U.S. companies that are also\u2014incidentally\u2014U.S. government contractors. These include the Vice President Security and Privacy Engineering at\u00a0Google<\/a>, Deputy Chief Information Security Officer (CISO) of\u00a0Lockheed Martin<\/a>\u00a0and CISO at\u00a0Motorola<\/a>. Both Motorola and Lockheed Martin use Cybereason\u2019s software and the latter is also a major investor in the company. Furthermore, as will be explained in Part 2 of this article, Lockheed Martin has used its privileged position as the top private contractor to the U.S. government\u00a0to promote the widespread use<\/a>\u00a0of Cybereason\u2019s software among U.S. government agencies, including the Pentagon.<\/p>\n Much more than a cybersecurity company<\/strong><\/p>\n Given Cybereason\u2019s deep and enduring ties to Israeli intelligence and its growing connections to the U.S. military and U.S. intelligence through its hiring of top CIA officials and partnership with Lockheed Martin, it\u2019s worth asking if these disturbing election simulations could serve an ulterior purpose and, if so, who would benefit. While some aspects regarding clear conflicts of interest in relation to the 2020 election and Cybereason will be discussed in Part 2, this article will conclude by examining the possibility that of Cybereason is acting as a front company for Israeli intelligence based on that country\u2019s history of targeting the U.S. through private tech companies and on Cybereason\u2019s own questionable characteristics.<\/p>\n First, Cybereason as a company presents several oddities. Its co-founder and CEO openly states that he views Cybereason\u2019s work as a continuation of his service for Israeli military intelligence. In addition, he and the company\u2019s other founders\u2014after they left Unit 8200\u2014went to work for Israeli tech companies that have been known to spy on U.S. federal agencies for the Israeli government.<\/p>\n In addition, as previously mentioned, Cybereason has sought out former intelligence officers from the CIA and Unit 8200 for its management team and board of advisors. The company itself also functions as a private intelligence firm through CIG and Nocturnus, both of which employ former and current intelligence officials, and have made significant claims regarding the attribution of specific cybercrimes to state actors. It appears highly likely that these claims are influenced by those same intelligence agencies that boast close ties to Cybereason. Furthermore, Nocturnus\u2019 access to Cybereason\u2019s \u201cglobal\u201d network of endpoints makes it a private intelligence gathering company as it gathers and analyzes data from all devices that run Cybereason\u2019s software.<\/p>\n Yet, even more telling is the fact that Israel\u2019s government has an open policy of outsourcing intelligence-related activity to the private sector, specifically the country\u2019s tech sector. As\u00a0MintPress<\/em>\u00a0previously reported<\/a>, this trend was first publicly acknowledged by Israel in 2012, the same year that Cybereason was founded by former Israeli military intelligence officers then-working for private contractors for Israel\u2019s government (Alfatech) or private companies known to have ties to Israeli intelligence, including Verint\/Comverse.<\/p>\n As noted in an article on the phenomenon from the Israeli media outlet\u00a0The Calcalist<\/em><\/a>:\u00a0\u201cIsrael is siphoning cyber-related activities from its national defense apparatus to privately held companies. Since 2012, cyber-related and intelligence projects that were previously carried out in-house in the Israeli military and Israel\u2019s main intelligence arms are transferred to companies that in some cases were built for this exact purpose.\u201d<\/p>\n Mention of Israel\u2019s policy of blurring the lines between the public and private sector when it comes to cybersecurity and intelligence gathering has even garnered the occasional mention in mainstream media, such as in a\u00a02018\u00a0Foreign Policy<\/em>\u00a0article<\/a>: \u201cIsrael, for one, has chosen to combat the problem on a statewide level by linking the public and private spheres, sometimes literally. The country\u2019s cyberhub in the southern city of Beersheba is home not just to the Israeli military\u2019s new technology campus but also to a high-tech corporate park, Ben-Gurion University of the Negev\u2019s cyber-research center, and the Israel National Cyber Directorate, which reports directly to the prime minister\u2019s office. \u201cThere\u2019s a bridge between them\u2014physically,\u201d [Gabriel] Avner, the security consultant, said by way of emphasis.\u201d<\/p>\n Notably, a year before Lockheed Martin invested in and partnered with Cybereason, the U.S.-based weapons company opened an office at the IDF\u2019s public-private cyber hub in Beersheba. At the inauguration ceremony for Lockheed\u2019s Beersheba office, company CEO\u00a0Marilyn Hewson stated<\/a>:\u00a0\u201cThe consolidation of IDF Technical Units to new bases in the Negev Desert region is an important transformation of Israel\u2019s information technology capability\u2026By locating our new office in the capital of the Negev we are well positioned to work closely with our Israeli partners and stand ready to: accelerate project execution, reduce program risk and share our technical expertise by training and developing in-country talent.\u201d<\/p>\n Further evidence of this public-private merger can be seen in how two of Israel\u2019s intelligence agencies, Shin Bet and Mossad, have both recently launched a private start-up accelerator and a hi-tech venture capital fund, respectively. The Shin Bet\u2019s accelerator, called\u00a0Xcelerator<\/a>, usually makes its investments in private companies public, while Mossad\u2019s\u00a0Libertad Ventures<\/a>\u00a0refuses to disclose the tech companies and start-ups in which it invests. Former directors of both Mossad and Shin Bet\u00a0have described<\/a>\u00a0these intelligence agencies themselves of being like start-ups, clearly showing how much the line between intelligence apparatus and private company has been blurred within the context of Israel\u2019s tech industry and specifically its cybersecurity industry.<\/p>\n The advantages of outsourcing cyber intelligence operations to private companies have been noted by several analysts, including Sasha Romanosky, a former Cyber Policy Advisor at the Department of Defense and current analyst at RAND Corporation. Romanosky\u00a0noted in 2017<\/a>\u00a0that private intelligence and cybersecurity firms \u201cdo not necessarily face the same constraints or potential repercussions\u201d as their public counterparts when it comes to designating blame for a cyberattack, for example. In addition, outsourcing intelligence objectives or missions to private companies provides a government\u00a0with plausible deniability<\/a>\u00a0if that private company\u2019s espionage-related activities or ties are made public.<\/p>\n Furthermore, Israeli intelligence has a long history of using private tech companies for the purposes of espionage, including against the United States. While Amdocs and Verint\/Comverse were already mentioned as having been used by the state of Israel in this way, other private companies have also been used to market software backdoored by Israeli intelligence to countries around the world, both within the U.S. and elsewhere. The most well-known example of this is arguably the mass sale and distribution of the bugged PROMIS software, which was discussed at length in\u00a0several recent<\/a>\u00a0MintPress News<\/em>\u00a0reports<\/a>.<\/p>\n Given Cybereason\u2019s ties to intelligence and Israeli intelligence\u2019s history of placing backdoors in its software, it is worth pointing out that Cybereason\u2019s main product, its antivirus and network defense platform, offers a major espionage opportunity. Blake Darch\u00e9, a former N.S.A. operator,\u00a0told the\u00a0New York Times<\/em><\/a>\u00a0in 2017 that antivirus programs, which Cybereason\u2019s defense platform includes, is \u201cthe ultimate backdoor,\u201d adding that it \u201cprovides consistent, reliable and remote access that can be used for any purpose, from launching a destructive attack to conducting espionage on thousands or even millions of users.\u201d Whether a company like Cybereason would use its software for such ends is unknown, though the company does acknowledge that its cybersecurity arm does gather intelligence from all systems that use the company\u2019s software and currently employs and works with active duty Unit 8200 officials through CIG. This is notable because Unit 8200\u2019s main task for Israeli military intelligence is signals intelligence, i.e. surveillance.<\/p>\n More of a mystery, however, is why a company like Cybereason is so interested in U.S. election security, particularly when Israeli intelligence and Israeli intelligence-connected private companies have been caught in recent years\u00a0meddling in<\/a>\u00a0elections around the world<\/a>,\u00a0including the United States<\/a>.<\/p>\n