Avner Cohen and I have for days been attempting to parse the [cpt.] Tomer Eiges [25 yrs.] [IDF Cyber-Intelligence Analyst] tragedy to understand both what happened, and what lessons might be learned from it.
After hearing the views of a friend who once served in IDF military intelligence, Avner believes that during his military service Tomer, who specialized in cryptography, might have developed computer code capable of performing highly-valuable top-secret intelligence tasks.
Tomer may have seen some of the project code as his own intellectual property and planned to use it in civilian applications when he left military service. He might also have believed that some of the code is not, and should not be, classified.
“Former Soldier”, a commenter on an earlier post with apparent military-intelligence experience wrote this:
“He published source code that contained a critical operating system vulnerability known only to the IDF (for example, some of those vulnerabilities enable people to tap into phones or computers without the user knowing).”
Apparently, it’s common for members of such units to use the unique personal code or algorithms they developed while in service as selling points for future employers. In effect, this is the way they market themselves as they search for jobs permitting them to continue and expand upon such work. As Former Soldier wrote:
“Why [did] he publish it? Probably to gain reputation in the hacking community or just sheer naivete. We’ll probably never know.”
The cyber-innovaions developed by these programmers is one of the reasons Israel is termed the Start-Up nation. For example, Unit 8200 is often considered the cradle of such technological innovation. But it appears that Unit 8200 and AMAN (where Tomer served) may not have clearly-defined rules defining the line between classified and non-classified material in this fast-moving technological environment. In the absence of such regulation, the permissible boundaries are determined on an ad hoc case-by-case basis according to understandings between retiring officers and their commanders.
Tomer had a Github account. Currently, the only projects displayed there are ones he worked on before he entered the army. But it’s very possible that he had published either at GitHub or some other developer platform, some of the products he created during his work in AMAN, to demonstrate his skills. From yesterday’s IDF statement it appears that whatever Tomer did, he believed he did not damage Israeli national security. He apparently thought initially that publishing his code was non-classified.
But such publication on an accessible website would meet the technical requirements of committing a major national security offense under IDF military code. But on the other hand, it would not be terribly dissimilar from what other Israeli cyber-intelligence specialists might do before his or her exit. Unit 8200 had such cases in the past in which the individual was not imprisoned or put on trial.
So the Question is: why was Tomer singled out?
Why do others act in similar ways and get their golden parachute and entre to the lucrative world of commercial cyber-security? Did he do something that set him apart from others? Did he anger his commanding officer? Was there an element of retaliation in reporting him to counter-intelligence officials? We do not know the answers to these critical questions. But Israelis have the right to know.
The IDF needs to come to terms with its haphazard system regarding those planning to leave cyber-intelligence positions for the commercial market. It should not be left to capricious, improvised or individualized protocols to determine who can take what with them when they go. There should be a well-defined system in place that permits everyone to know what the rules are and how they will be interpreted. No one should be punished unless their behavior is egregious and willful.
Perhaps the most troubling aspect of this case is that the IDF expects us to take at face value its self-serving claim that the leak of Tomer’s work into the public sphere did “incalculable damage” to Israeli national security.
Well, pardon me if I ask: according to whom? Nixon told a federal judge that publication of the Pentagon Papers would wreck the Republic. In Avner’s case too, his interrogators told him that publication of his groundbreaking book on Israel’s nuclear weapons program, Israel and the Bomb, would destroy the policy of “opacity” Israel had painstakingly followed for decades. These Torquemadas always imagine the worst. But the worst never happens. So why should we trust them?
In fact, former IDF chief military prosecutor, Maj. Ilan Schiff today told Israel Radio that for the sake of maintaining the IDF’s integrity, it should appoint a retired senior military judge to examine this case and determine independently all aspects of it. Following this proposal Cohen suggests that, with the help of former IDF cyber-security experts, the judge should examine the details of Tomer’s alleged breach to determine the possible damage, if any, that he might have inadvertently caused to Israeli national security.
One thing is for certain: Israel has lost a brilliant young mind. Imagine the things Tomer could have invented. Imagine the contribution he could have made to the world. Instead, he was ground up like wood chips in the IDF military legal system. A man who may have been too proud of his accomplishments and revealed too much of them to too many, is destroyed because he was too proud of his work and wanted his peers to know. In fact, his sense of personal pride may have been what the IDF statement alluded to when it said that he did what he did for “personal reasons.”
Tomer and Turing
This case reminds Avner of the brilliant mathematician and cryptographer, Alan Turing. He commanded the code-breakers at UK’s Bletchley Park who decrypted the Nazi Enigma code, which helped speed the end of World War II. Turning was lionized for this immense contribution to the war effort. But later in the 1950s, when social paranoia began to creep into both British and American society, Turing was hounded to his death by law enforcement authorities provoked by his homosexuality. In despair, Turing ate a poisoned apple and died. Only decades later, did the British government offer a Royal pardon and formally apologize for this heinous affront to human decency. The same acknowledgement of responsibility, Avner believes, must come from the army and Israeli government. Apologize to Tomer Eiges’ family for the indignity and suffering they inflicted on their son.
Of course, Israel is not the only country whose army might devalue individuality and demand total discipline at the latter’s expense. But when you destroy gifted souls like Tomer, what does that say about your nation? What does it say about the army to whom you’ve entrusted the nation’s safety? When parents send such a child off to the army, they have a right to believe that his or her gifts will be respected and nourished. Not to have their child come home in a body bag.
Source: Tikun Olam – Richard Silverstein
Eiges had been kidnapped off a Tel Aviv street last September by counter-intelligence officers and held in solitary confinement for most of the nine months he was in custody for a crime the army has refused to disclose.
Eiges during his cyber-intelligence work had, we theorize, discovered a major vulnerability in an operating system of the cell phones and electronic devices it hacks.
The officer either published the vulnerability and its source code or planned to do so. He likely saw this as a way to market himself to future employers as he prepared to leave army service.
Kochavi’s statement indicates the army has been roiled by the scandal and that it recognizes that it gravely mishandled it.