Cybersecurity

Shalev Hulio Made Pegasus Spyware, Now He’s King of Israeli AI


Shalev Hulio, once dubbed “Israel’s cyber bad boy,” has been working hard to remake himself. By all appearances, it’s been a big success. 

Things were looking dicey a few years ago when his company, the Israeli firm NSO Group, rose to infamy. Its Pegasus spyware had been exposed as enabling human rights abuses. Eventually, NSO was blacklisted by the U.S. government, and in August 2022, Hulio resigned as CEO. 

In the last two years, however, Hulio has become involved in a web of new cybersecurity ventures. He is back, it seems, and better than ever. 

In November, in a video filmed at the Gaza Strip, Hulio announced his new startup, Dream Security, an AI firm focused on defending critical infrastructure. 

In April, according to Israel’s largest newspaper, a co-founder of IntelEye — a company that monitors the “dark web” — identified his former NSO colleague Hulio as an investor. (Another IntelEye official later told The Intercept that Hulio isn’t a shareholder but refused to clarify further.)

Taking the helm of The Institute is the most recent step in Hulio’s makeover from being a public villain to becoming a cyberhero.

Now, Hulio is moving his cybersecurity entrepreneurism into a new arena: the academy. This month, he announced the founding of “The Institute,” a new initiative at Israel’s Ben-Gurion University of the Negev that aims to become an Israeli hub for training and research on artificial intelligence.

Hulio has described his post-NSO career as a move away from “offensive” cybersecurity work. When he launched Dream, Hulio told the press, “We decided to leave the intelligence side, offensive side if you want, and move to the defensive side.”

Taking the helm of The Institute is the most recent step in Hulio’s makeover from being a public villain to becoming a cyberhero, leading a nation’s technological education. At The Institute’s highly publicized launch he shared a stage with Israeli President Isaac Herzog.

The companies Hulio has been involved in — founded, led, launched, or reportedly invested in — feature the same rotating cast of characters. And from NSO to Dream to IntelEye, there are different, sometimes intersecting missions, but one thing is constant: All three support the Israeli government in its war effort. 

Hulio had bragged in November that NSO’s Pegasus software was used to track down Israeli hostages, confirming an October report. Meanwhile, Hulio announced Dream’s founding one month after Hamas’s attack on the Gaza border to show Israel’s resilience and help the government.

IntelEye is involved in direct, offensive intelligence work. At the request of the Israeli government, the company reportedly uncovered information identifying a pair of Palestinian brothers and shutting down Hamas propaganda — leading to the killing of one brother and a police raid on the other.

Exactly what resulted from IntelEye’s work, however, is the subject of conflicting accounts. This much is obvious: The company is in the high-stakes cybersurveillance business.

“We are continuing to monitor and search for terrorist elements that could threaten the State of Israel,” NSO veteran and IntelEye co-founder Ziv Haba told Israel Hayom after his company found the Palestinian brothers. “The surveillance is extremely close, closer than you can imagine.”

“The Institute”

The launch of The Institute at Ben-Gurion University was itself marked by confusion. An article in the Jerusalem Post announcing the initiative described it as a partnership with the Israel Defense Forces’ elite cyberspying unit, known as 8200. NSO’s founders — including Hulio — and many of its employees are veterans of 8200.

Days after the initial article ran, however, all of its references to 8200 were scrubbed without any notice. 

An IDF spokesperson told The Intercept, “The IDF in general and Unit 8200 in particular do not take part in the aforementioned program.” (Shmuel Dovrat, a spokesperson for Ben-Gurion University, said The Institute had not been in touch with the Jerusalem Post after the initial publication, but said, “I’m glad that they changed it because of the wrong information.”)

According to a press release, The Institute will bring together AI luminaries and run training programs and research, with Hulio and other Dream employees among its leaders. In the coming year, The Institute’s research laboratories will strengthen Israel’s hand in the tech world by collaborating with actors across the industry, according to a report in a U.K. tech news site.

“Through hard work born out of love and commitment to the state of Israel, we have built a team of the best entrepreneurs, investors and leading companies in the world to help Israel become a global leader in artificial intelligence,” journalist Sivan Cohen Saban, The Institute’s CEO, said at the launch event on May 8.

On hand at the launch, according to coverage, were officials from global firms like Microsoft and General Motors, as well as top-tier Israeli politicians, like Herzog, the president. (A spokesperson for GM told The Intercept they could not confirm the company’s attendance.)

Herzog said The Institute would help fight Israel’s isolation amid the Gaza war. “History is being made here today,” he said at the launch, in remarks later posted to YouTube in a promotional video. “There are countries that want to sever a relationship with us and only because of you, they don’t do it.”

At The Institute, Hulio is joined in leadership by Dovi Frances, co-founder of the U.S.-based venture capital firm Group 11. Marking its launch, Frances, who also led funding pushes for Dream Security, wrote on LinkedIn: “A historic day.”

“DREAM is proud to be in the forefront of AI technologies and take part in ‘The Institute,’” Tal Veksler, a spokesperson for the company, told The Intercept.

The trainings and other programs offered by The Institute will be run by employees from Dream Security and other leading Israeli tech firms. Among them are Tomer Simon and Alon Haimovich, chief scientist and general manager at Microsoft in Israel, and Nati Amsterdam, Israel’s lead at Nvidia, a California-based giant of the artificial intelligence world. 

Like politicians on hand for the launch, Saban, the CEO, linked the founding of The Institute to the October 7 attack on Israel. “Along with the concern for our soldiers, our abductees, the bereaved families and the situation in the country,” she said in a post on X, “we decided to do this.” 

“The Deep, Dark Web”

At The Institute’s launch, Hulio was not the only NSO veteran present. So was Haba, co-founder of IntelEye, the firm that claims to plumb the depths of the dark web. Haba took part in a panel, according to his company’s LinkedIn profile, sitting alongside Hulio for a discussion on AI cyberattacks.

Hulio and Haba had worked together at NSO until August 2022, when Hulio stepped down. The next month, while still at NSO, Haba was already working on the nascent firm IntelEye, according to social media posts for an event he participated in. (IntelEye would officially launch in June 2023.) 

According to an article in Israel Hayom last month, Haba said that both Hulio and Frances, Hulio’s Dream business partner, are investors in IntelEye. 

In response to a request for comment about Hulio’s relationship to IntelEye, company co-founder Maor Sellek, another NSO veteran, said, “Shalev does not hold any shares in the company.” Sellek declined to explain why Haba confirmed to Israel Hayom that Hulio is an “investor.”

IntelEye’s participation in Israel’s war effort made headlines. Local media reported on the suspenseful cyber-takedown of Mustafa and Mohammed Ayyash, the two Palestinian brothers alleged to have run the Gaza Now Telegram channel. The company’s work, according to Israel Hayom, led to the “coordinated transcontinental effort by government agencies” to shut down the channel.

Sellek, in his emails to The Intercept, said IntelEye works in “assisting police forces and law enforcement agencies in Israel and around the world.” He said the company “helped Law enforcement agencies locate the operators of the Hamas organization’s Telegram channel ‘Gaza Now.’”

Described as “Hamas-aligned” by the Atlantic Council’s Digital Forensic Research Lab, the Gaza Now channel went from having 340,000 subscribers to nearly 1.9 million after October 7. The U.S. Treasury Department accused the channel and its founders of fundraising for Hamas, levying sanctions. 

In Israel Hayom, IntelEye officials claimed they revealed the identities of the channel’s leaders, the Ayyash brothers, and tracked them down in Austria and Gaza. Mustafa ended up under investigation by Austrian police, and Mohammed was reportedly killed in Gaza.

The brothers had reportedly been found by tracking their cryptocurrency use and online habits. Privacy experts pointed out that if this information was already fairly public, it would not have been hard to track. “All this information can have digital breadcrumbs,” said Elies Campo, a digital security researcher who previously worked with Telegram and WhatsApp.

As the Israelis and Austrians caught up with the alleged Gaza Now creators, some sort of misidentification appears to have occurred, with the United Nations saying the wrong Ayyash brother had been killed — Mustafa, it turned out, was still alive in Austria — and then going on to correct that error with a note about the Ayyashs’ relationship that conflicts with all other accounts. 

Mustafa, it turned out, had not even been in Gaza. Even as the U.N. initially reported his death, Mustafa continued to post on X from his home in Austria. In March, the U.S. and U.K. imposed sanctions on him and the Gaza Now channel. Then, in Israel Hayom, the article about IntelEye claimed that Mustafa had been arrested.

The Israel Hayom article questions how the Austrian government found Ayyash. The report notes that “IntelEye investors — Shalev Hulio and Dovi Francis — have ties to a former Austrian chancellor through another company.” Former Austrian Chancellor Sebastian Kurz is a co-founder of Dream. A controversial political figure, Kurz resigned from office amid a corruption probe and was recently convicted of making false statements to a parliamentary inquiry into separate allegations of corruption and given an eight-month suspended statement. (A spokesperson for Dream Security said that the company had “NO relationship whatsoever” to other companies or technologies in this article. Kurz did not respond to a request for comment.)

On exactly how Austrian authorities got the information about the Ayyash brothers, according to Israel Hayom, the people involved remained “tight-lipped.”

Yet there was never an arrest, authorities said. The Linz public prosecutor’s office in Austria told The Intercept that Mustafa was not arrested or restricted in his movement. His home had been raided, and documents and devices were seized for analysis. The office, which said it had no contact with the foreign authorities, told The Intercept that Mustafa is under investigation for terror financing. (Mustafa has posted at length on social media denouncing the police raid and declaring his innocence.)

For its part, an Austrian Ministry of the Interior spokesperson said they are “in contact with international partners” but declined to answer questions about whether the Israelis had provided information.

Israel Hayom claimed that Gaza Now’s Telegram and WhatsApp channels were shut down and “dramatically impaired.” Both, however, remain up and running, with hundreds of thousands of followers. (Telegram did not respond to a request for comment.)

“We understand there were good people involved who helped prevent ‘Gaza Now’ from spreading poison and hatred,” Haba told Israel Hayom. Of Hulio and Frances, he added, “They are super Zionists who want what’s best for Israel.”





Source

Related Articles

Back to top button