Israeli Police State Has Backdoor ISP Access to Every Citizen and Website, Cellebrite Claims to Break Signal App Encryption
Haaretz published two astonishing reports over the past few days about Israeli cyber-security. In the first. it broke a story noting that Israeli police have for years required all internet service providers (ISPs) to offer a backdoor to access the accounts of every Israeli citizen. In addition, police have similar access to every website and may alter the content of any website whose pages are served to Israeli users. Further, none of the ISPs have raised any objections publicly or otherwise to this arrangement. Nor was it ever approved by the Knesset or via legislation. The closest this arrangement ever came to facing any oversight was when the prime minister approved it. Nor do the police have to obtain approval from a judge for any of this.
Many of us complained vociferously about FISA and the Bush administration’s abuse of constitutional protections. We thought the cavalier, opaque nature of FISA applications and approvals was an outrage. We tried to organize to repeal the USA Patriot Act (with limited success). But this news about Israel’s internet permeability goes far beyond anything contemplated by Bush. That’s why I used the term I did in the headline for this post. Permitting police complete access to the private communication of any citizen for any reason or no reason, without any oversight, is the hallmark of a police state.
The problem of course, is that Israel has no constitution, no guarantee of basic rights. Nor does it have a jurisprudence system which can check such excesses. Essentially, compliance with Supreme Court rulings is voluntary. In many cases, the military or intelligence services simply ignore the decisions or interpret them in a way that permits them to continue engaging in the very behavior that was sanctioned.
In the U.S., consumers, privacy NGOs, members of Congress, and telecommunications companies have fought tooth and nail against such a backdoor. Apple has refused to help the FBI access the electronic devices of criminal and terror suspects for fear that it would decimate the overall security of its devices for all users. NGOs believe rightly that creating such backdoors will permit law enforcement to ride roughshod over individual rights, including the right to privacy.
While the FBI, Justice Department and House Republicans rail about coddling criminals and endangering national security, they are oblivious to the erosion of protections afforded by the Constitution against illegal search and seizures, among other rights guaranteed.
Compare this knock-down-drag-out ‘bang’ to the ‘whimper’ of Israelis when facing the same predicament. This system has been in place for seven years before the public even knew it existed. No one, so far, has appealed to the Supreme Court to stop it. It’s not even clear that it would given its composition includes settlers and a majority of right-wing justices appointed by the Likud.
Cellebrite Boasts It’s Defeated Signal Encryption
The second Haaretz report I mentioned above concerns the announcement by Israeli cyber-hacking company, Cellebrite, that it has broken the encryption of one of the most trusted, secure text messaging apps, Signal. It is used around the world by journalists, human rights activists and others who are targets of intelligence agencies and their repressive governments.
In a subsequently deleted post on its website, Cellebrite boasted that it cracked Signal’s encryption by exploiting the fact that the company’s code was open source. This of course is a clear violation of a developer code of conduct which prohibits someone from taking advantage of the transparency of the code product in order to render it useless.
Cellebrite also offers the usual hypocritical narrative about its practices being entirely legal and transparent, and that it sells its products only to “authorized” customers (whatever that means):
Our technology serves 154 countries and has made convictions possible in more than 5 million cases of serious crime, such as murder, rape, human trafficking and pedophilia. We do not provide information about our clients and their activities. We provide our solutions to authorized agencies only, and apply a range of tools dictating the manner in which they can be used. In addition, we work subject to clear policy and accepted international rules to prevent a business relationship with agencies subject to international restrictions.”
Note that the above blather serves to obscure what some of those “authorized agencies” do with its products. Cellebrite sells to Venezuelan dictator Nicholas Maduro, who uses it to hack the phones of his political opponents. While its sales began by targeting national government agencies, it has expanded its market to local police agencies, who use the hacking devices for every purpose imaginable.
As a encryption expert explained to me, UFED devices need physical access to a cell phone in order to hack into its contents. You cannot do so remotely as NSO’s Pegasus tool does:
Cellebrite can only decrypt messages with physical access to a device, this is rendered moot when you enable disappearing messages and complete a full power cycle (turn the device all the way off then on again)
This Reddit thread explores the Signal app and general encryption issues in more detail, and offers skepticism about Cellebrite’s claims. The question arises: did the company exaggerate in order to promote sales of its products? Or has it done what it claims? The latter seems unlikely.
The company until recently offered it devices to China, which used them to spy on Hong Kong human rights activists, who are desperately trying to maintain their democratic system in the face of a massive Chinese onslaught. Only after Israeli human rights lawyer Eitay Mack exposed these sales did Cellebrite cancel its contact.
The corrupt Belarus dictator, Aleksander Lukashenko has purchased Cellebrite gear for his secret police, who use it to intercept personal communications of protest movement leaders attempting to overthrow him after decades in power. When Eitay Mack called out Cellebrite, it cancelled the Belarus deal.
A recent story noted that a Texas public school resource officer persuaded a high school student to give him his cell phone. The officer used Cellebrite to access all of its content, including deleted texts which incriminated a teacher and sent her to jail. This violates Supreme Court decisions which say that a cell phone is private property of its owner and a search warrant is needed to access it. In this case, the high school student gave his phone voluntarily, so he forfeited his rights. But should a teenager have to be a constitutional scholar in order to protect himself from predatory, snooping law enforcement officers?
In addition, unlike Israeli cyber-hacking companies like NSO Group, Cellebrite’s products are not considered military or security-related. So the paltry oversight NSO faces in marketing its Pegasus cyber-hacking tool is entirely absent in Cellebrite’s case. It faces no government regulation at all. It can sell to anyone, anywhere.
As I’ve written here frequently, Israel exports not just these repressive technology products to the most violent regimes on the planet, it also exports the Israeli system which underpins them. A system in which individual rights are derogated, minority citizens are subject to state-sponsored violence and discrimination; in which the military-intelligence apparatus is exalted on the altar of national sacrifice. The Israeli surveillance state exports itself as a brand along with these invasive products.
An Israeli security source, when approached for a comment for this story, refused to respond.
15 thoughts on “Israeli Police State Has Backdoor ISP Access to Every Citizen and Website, Cellebrite Claims to Break Signal App Encryption – Tikun Olam תיקון עולם إصلاح العالم”
Comments are published at the sole discretion of the owner.
Israel ‘betrays’ Lukashenko, Europe’s ‘Last Dictator’.
@ Sepp: Israel is very good at sniffing out which way the political winds are blowing. Of course, it realizes that the protest movement will eventually topple the dictator. It wants to be in on the ground floor with whichever leader comes forward to replace him. This isn’t a moral choice. This is a cynical decision based on naked power calculations.
And no, Israel hasn’t “betrayed” Lukashenko. In fact, the Israeli official who held this meeting probably went directly to the Belarusian intelligence services and told them what was said in the meeting; after telling the Mossad first, of course.
No more comments from you in this thread.
All this is par for the course in the Israeli police state.
I am concerned that you describe Maduro as a ‘dictator’. He isn’t. He was elected and has faced a massive destabilisation campaign from Trump and Obama before him. It would not be surprising that when you are in a war situation that you act against your opponents like a dictator.
The regime in Venezuela, for all its faults, is seen as an anti-imperialist one by most people on the left
I think most countries are going towards this. It is not particular to Israel. From what I have read in several places there are 60,000,000 cameras in Eng with a total pop of 62,000,000.
I assume you have seen the latest news in Israel. They want to give ‘green passports’ to those who take the Covid vaccination thus barring those without one entrance into many places. The only problem is that 50-75% of the pop do not want it.
@ Avram: There are a number of problems. First among them is you offer no credible evidence for your claims. Saying “most countries” are doing x or y means nothing without a source and evidence. In fact, I know of no democratic countries which permit a backdoor for internet traffic. There may be one or two, but I haven’t heard of any. So if you want to compare Israel to Belarus or North Korea and say Israel is doing what they are, fine with me. But it’s not a flattering comparison.
Comparing CCTV cameras to internet backdoors is comparing apples to oranges. Surveillance cameras are placed in public spaces where people have less expectation of privacy. You don’t own open spaces where the cameras are placed. But you do own your electronic devices and their content. They are yours and private. Or at least they should be. Snoops have no right to it whether they are hacking companies or secret police.
And if you are a criminal, there are many other ways to catch you doing illegal acts than rummaging through your cell phone. The truth is–hacking a cell phone is an easy shortcut for police so they don’t have to engage in the sort of painstaking investigative work they traditionally would have to do in solving crime. So naturally they take the easy way out and go for the hack.
hey guy [ you are messing with the “ONLY DEMOCRACY IN THE MIDDLE EAST”
if that’s not the biggest lie/joke of the last 2000 years i don’t know a good joke
what are we voting for, what’s the purpose of the elections charade –
not even erdogan has that – PUTIN / XI FOR SURE =
and to whom does bibi go to cry when iran does this or that / to whom does katz sell israel for a bunch of second grade plastic full containers.
why should you be surprised ==== shame on you for your naivete === this is not ellsberg
what should you is that a “left / smolani” newspaper had the guts to put it in black and white
and yet the bibists will tell you that this is for the “PROTECTION” == just as bibi ran as THE PROTECTOR., years ago
and yet you should see the despise that likudniks and other alike have for haaretz
they don’t care to see the truth just as trump won the elections. samo samo
btw = havent you read in a newspaper that nso’s software has gone to mexican cartels and now just about every poor shmo in mexico fears for his life – not far that even the government sold it to cartels. surprised, not yet. if cartels have it , it will become just another torrent to download for free in a few weeks. then who’s safe == herd contagion gone digital
oh and were did that genius software was born , no not in a private company , all these genius programmers got their “free” education in the israel “DEFENSE” force (because you see israel does not have an army , it has a DEFENSE force ==😂
“This of course is a clear violation of a developer code of conduct which prohibits someone from taking advantage of the transparency of the code product in order to render it useless.”
No such thing. Point to it.
@ Foo: You raise an interesting question. Here’s one rebuttal to your claim. I am sure there are others. It seems obvious that if you create an open source philosophy built on transparency and sharing of knowledge in order to improve the artifact you are creating, that those who adhere to open source philosophy would denounce such bad actors. After all, someone who steals or manipulates open source code in order to devalue, hack and destroy a product is striking at the very essence of the entire philosophy. It seems obvious, except to pro-Israel cynics like you who either do it yourself for a living, or know other Israelis who do.
Why did this all come about?
“According to the information obtained by Haaretz, the idea and initial proposal were born after the 2014 kidnapping and murder of three Israeli youths in the West Bank“.
@ Forrest: Unclear what your point is. If it’s that the backdoor is justified because it was launched in response to a terror attack, that’s may possibly be the reason. But if it is it’s nonsense because you don’t need to access the online search history of every Israeli to catch a terrorist.
dec 21 – yet another hack this time saudis and emiratis using ,, surprise surprise,,, NSO hacked DOZENSSS OF AL JAZEERA JOURNALISTS —- am sure none were saudi or emirati citizens—, this according to U. of Toronto lab research apparently all using ios pre 14, oh surprise surprise ,
i dont understand all these people who still use outdated drivers and firmware, first and only computer rule is ALWAYS KEEP YOUR DRIVERS AND FIRMWARE UP TO DATE, SOFTWARE ONLY IN PCs. most most hacks use outdated codes, most respected software companies always immediately issue updates when they get wind of attacks successes.
btw there is also this which is also Israeli researchers use RAM as a small Wi-Fi transmitter to leak sensitive data from isolated systems === this is done to access servers used by banks and others that are NOT CONNECTED TO THE INTERNET and transmit their data up to certain distance and can be caught by other pc’s as receivers . will this lead to something positive — coming from bibi founded research i doubt it, go ahead thumb me down, i know you live in planet hasbara,
i hope i pray for santa to tell me this is the beginning of the end = i ve been a good boy
Tech Giants vs. NSO: Google, Microsoft and Others Join Facebook’s Battle Against Israeli Spytech Firm