תומר אייגס פירסם קוד מקור הכולל חולשה קריטית במערכת הפעלה, שאותה מכירים רק בצה”ל (חולשות כאלה מאפשרות, למשל, לחדור לטלפונים או למחשבים ללא ידיעת המשתמש)
Avner Cohen and I have for days been attempting to parse the Tomer Eiges tragedy to understand both what happened, and what lessons might be learned from it.
After hearing the views of a friend who once served in IDF military intelligence, Avner believes that during his military service Tomer, who specialized in cryptography, might have developed computer code capable of performing highly-valuable top-secret intelligence tasks. Tomer may have seen some of the project code as his own intellectual property and planned to use it in civilian applications when he left military service. He might also have believed that some of the code is not, and should not be, classified.
Former Soldier, a commenter on an earlier post with apparent military-intelligence experience wrote this:
“He published source code that contained a critical operating system vulnerability known only to the IDF (for example, some of those vulnerabilities enable people to tap into phones or computers without the user knowing).
Apparently, it’s common for members of such units to use the unique personal code or algorithms they developed while in service as selling points for future employers. In effect, this is the way they market themselves as they search for jobs permitting them to continue and expand upon such work. As Former Soldier wrote:
Why [did] he publish it? Probably to gain reputation in the hacking community or just sheer naivete. We’ll probably never know.
The cyber-innovaions developed by these programmers is one of the reasons Israel is termed the Start-Up nation. For example, Unit 8200 is often considered the cradle of such technological innovation. But it appears that Unit 8200 and AMAN (where Tomer served) may not have clearly-defined rules defining the line between classified and non-classified material in this fast-moving technological environment. In the absence of such regulation, the permissible boundaries are determined on an ad hoc case-by-case basis according to understandings between retiring officers and their commanders.
Tomer had a Github account. Currently, the only projects displayed there are ones he worked on before he entered the army. But it’s very possible that he had published either at GitHub or some other developer platform, some of the products he created during his work in AMAN, to demonstrate his skills. From yesterday’s IDF statement it appears that whatever Tomer did, he believed he did not damage Israeli national security. He apparently thought initially that publishing his code was non-classified.
But such publication on an accessible website would meet the technical requirements of committing a major national security offense under IDF military code. But on the other hand, it would not be terribly dissimilar from what other Israeli cyber-intelligence specialists might do before his or her exit. Unit 8200 had such cases in the past in which the individual was not imprisoned or put on trial.
So the $64,000 Question is: why was Tomer singled out? Why do others act in similar ways and get their golden parachute and entre to the lucrative world of commercial cyber-security? Did he do something that set him apart from others? Did he anger his commanding officer? Was there an element of retaliation in reporting him to counter-intelligence officials? We do not know the answers to these critical questions. But Israelis have the right to know.
The IDF needs to come to terms with its haphazard system regarding those planning to leave cyber-intelligence positions for the commercial market. It should not be left to capricious, improvised or individualized protocols to determine who can take what with them when they go. There should be a well-defined system in place that permits everyone to know what the rules are and how they will be interpreted. No one should be punished unless their behavior is egregious and willful.
Perhaps the most troubling aspect of this case is that the IDF expects us to take at face value its self-serving claim that the leak of Tomer’s work into the public sphere did “incalculable damage” to Israeli national security. Well, pardon me if I ask: according to whom? Nixon told a federal judge that publication of the Pentagon Papers would wreck the Republic. In Avner’s case too, his interrogators told him that publication of his groundbreaking book on Israel’s nuclear weapons program, Israel and the Bomb, would destroy the policy of “opacity” Israel had painstakingly followed for decades. These Torquemadas always imagine the worst. But the worst never happens. So why should we trust them?
In fact, former IDF chief military prosecutor, Maj. Ilan Schiff today told Israel Radio that for the sake of maintaining the IDF’s integrity, it should appoint a retired senior military judge to examine this case and determine independently all aspects of it. Following this proposal Cohen suggests that, with the help of former IDF cyber-security experts, the judge should examine the details of Tomer’s alleged breach to determine the possible damage, if any, that he might have inadvertently caused to Israeli national security.
One thing is for certain: Israel has lost a brilliant young mind. Imagine the things Tomer could have invented. Imagine the contribution he could have made to the world. Instead, he was ground up like wood chips in the IDF military legal system. A man who may have been too proud of his accomplishments and revealed too much of them to too many, is destroyed because he was too proud of his work and wanted his peers to know. In fact, his sense of personal pride may have been what the IDF statement alluded to when it said that he did what he did for “personal reasons.”
Tomer and Turing
This case reminds Avner of the brilliant mathematician and cryptographer, Alan Turing. He commanded the code-breakers at UK’s Bletchley Park who decrypted the Nazi Enigma code, which helped speed the end of World War II. Turning was lionized for this immense contribution to the war effort. But later in the 1950s, when social paranoia began to creep into both British and American society, Turing was hounded to his death by law enforcement authorities provoked by his homosexuality. In despair, Turing ate a poisoned apple and died. Only decades later, did the British government offer a Royal pardon and formally apologize for this heinous affront to human decency. The same acknowledgement of responsibility, Avner believes, must come from the army and Israeli government. Apologize to Tomer Eiges’ family for the indignity and suffering they inflicted on their son.
Of course, Israel is not the only country whose army might devalue individuality and demand total discipline at the latter’s expense. But when you destroy gifted souls like Tomer, what does that say about your nation? What does it say about the army to whom you’ve entrusted the nation’s safety? When parents send such a child off to the army, they have a right to believe that his or her gifts will be respected and nourished. Not to have their child come home in a body bag.
So Sad
[comment deleted: You were warned of past comment rule violations. Comments which disagree with my post must offer credible evidence and sources to rebut them. Snark, disdain and insult are not that. Yyou are now banned.]
I am suspicious of this article, especially because of the last line, “body bag”. I don’t know if the army did something wrong, or if Tomer did.
I do agree there should be a uniform process to determine what can and cannot be disclosed by people in 8200, and I think Tomers case should be reviewed to determine if he really did something wrong or not.
So your previous theory about being in contact with Russian hackers went down the drain? how convenient.
@ Blat: Please read comments in the thread before commenting. I arleady answered this question posed by someone else. The Russian connection was a claim offered to me by 2 separate sources who may have been deliberately trying to mislead me; or who may have offered a fact that was tangential to the real story. When intelligence agencies have bad news they try to deflect the public by offering confusing claims so that the public won’t know who or what to believe. Hence it will cut down on the anger the public feels regarding the failure or scandal.
After I watched Rabin’s assassin’s Shabak handler Avishai Raviv revealed on Israel’s censored Channel One it became apparent anyone is expendable. Replace the regular driver, who said Rabin was a friend, with another by way of a sudden car crash that day. Have several too close for comfort investigators commit suspicious suicide. Now rewrite history for those who didn’t see the live feed or watch Rabin get shot multiple times and turn around with absolutely no reaction in the convenient Kempler video.
Hi Richard, just wanted to note that you sell Turing a bit short here. Beyond just cracking Enigma, he virtually invented the modern fields of theoretical computer science and artificial intelligence. The direct positive consequences of this contribution are so enormous as to be incalculable.