Pages

11 January 2019

The Israeli Fighter Pilots Who Got Rich Off Angola's Civil War and Their Link to a Massive Cyberattack

Gur Megiddo

An international criminal probe has been investigating for the past two years suspicions that a company named Cellcom Liberia (and which has nothing to do with the Israeli mobile carrier of a similar-sounding name) ordered an Israeli-British hacker it hired in Angolato wage continuous cyberattacks against a competitor called Lonestar.

The attacks, whose goal was to put Lonestar out of business, spun out of control so much so that by November 2016 the Liberian government believed the state was actually being targeted by these assaults.

skip - Haaretz Weekly podcast, Episode 10
Haaretz Weekly podcast, Episode 10Haaretz

As Markerweek reported last week, hacker Daniel Kaye testified in his investigation — which took place in Germany — that the operation he carried out was ordered by the CEO of Cellcom Liberia, Avishai Marciano.

One of the controlling shareholders of Cellcom Liberia since its establishment in 2004 until mid-2016 was a secret business empire named LR Group. It was founded by three Israeli former fighter pilots, who monetized on business opportunities that arose out of Angola's 27-year-long civil war, which ended in 2002. After one of the founders, Eitan Stiva, left in 2011 to set up an independent investment fund, the company remained in the hands of the other two founders: Ami Lustig and Roee Ben-Yami.

In 2016, Cellcom Liberia was sold to the international network Orange and changed its name to Orange Liberia the following year. Marciano, the CEO suspected to be linked to the cyberattacks, stepped down.

The hacker

In 2016, Daniel Kaye, an Israel-U.K. dual citizen who was raised in Israel, was 28 years old. The hacker was skilled enough to take over routers of telecom giants or put out of order the websites of British banks. Still, according to his testimony, he was short on cash. Kaye lived in London at the time and had planned to propose to his girlfriend, who was living in Cyprus.

The cyberattack for which he was arrested had garnered him several thousands of dollars.Sim cards by MTN, one of the biggest cellular companies in Africa.George Osodi /Bloomberg

Sometime in February 2017, Kaye landed in London's Luton Airport, where he was arrested. Later he was extradited by British authorities to Germany, which ordered an international arrest warrant and asked that he be extradited because he made use of hundreds of thousands of routers belonging to German telecom giant Deutche Telecom during the attack. In May of that year, while under interrogation by federal police in Germany, he admitted to the acts that were attributed to him and explained to his interrogators what led to the attack.

Kaye used a malware which carries out DDoS attacks (Distributed Denial of Service). Behind this acronym is a fairly simple method: The malware locates devices with internet connection that can be infiltrated and taken over from afar, and uses them to load traffic onto servers that it attacks until it makes them crash.

The German interrogators quickly understood that the telecom giant was just a means for the hacker in this case. "Deutche Telecom was never the target. I was looking for devices that were exposed for infiltration all over the world," Kaye told them. "And I happened to use Deutche Telecom routers."

At the height of the cyberattack, in 2016, it was widely covered across the world. An attack on such a scale happens from time to time, but most such attacks take place in cyber world powers such as China, the United States, Russia or Israel. Liberia, in comparison, is a west African, poverty-stricken country with a low life expectancy. It's not a country you would expect to see prepared for modern cyber threats.

"I didn't want to attack Liberia," Kaye explained to his interrogators. "I wanted to take down a cellular network in Liberia named Lonestar Cell (of the MTN group), one of the most popular cellular brands in Africa."

When the interrogators asked Kaye why he set out to attack Lonestar, Kaye said: "I, personally, don't have anything against this company" but that a competing company had hired him for the mission.

While it remains unclear from protocols of the hacker's investigation how long the attacks actually took place, it is believed they lasted at least several months. A source close to Lonestar says the assault went on from the end of 2015 until February 2017.

The question of the attacks' duration is critical, because they are suspected to have taken place around the same period when the company moved to the hands of Orange. That sale was announced in April 2016, and it is known that the attack lasted into the following year while the company was run by a different Israeli CEO that LR appointed; the new director-general also resigned several months after the attack ended.

A rich, anonymous trio

The three Israelis started LR in the 1980s. They knew each other from Israel Air Force's flight academy, where they trained together to become pilots.

Similarly to other resource-rich African nations that have oil, gold, diamonds or particularly fertile soil, Angola is a paradox of a country full of natural wealth that actually makes its citizens poorer largely due to the involvement of foreigners in its local conflicts and corrupt government.A child standing by a building that was hit by multiple bullets during the civil war in Angola.Ami Cohen /AP

LR got involved in defense exports in Angola in the mid-80s and spent years massively arming the government there and training its troops. According to a variety of reports, the company sold Sukhoi 27 combat planes, artillery shells, and light weapons to the government. At the same time, the three founders also built airports and security systems and were involved in purchasing a plane for Jose Eduardo dos Santos, the president who ruled in Angola for 38 years through 2017. Some attribute his victory in the war to the country’s aerial armament, which LR greatly contributed to.

In the 2000s, after the war ended, the ex-pilots sought to break into civilian fields. They entered into infrastructure, technology and agriculture projects; first in Angola and then in other countries. They led ambitious projects to set up dozens of agricultural communities in Angola and Congo, modeling them after the Israeli moshav. Later they set up farms, barns, water purification plans and other agricultural projects in countries such as Ghana, Nigeria, and most recently, Chad. They also supported philanthropic work such as orphanages and agricultural boarding schools in Angola — projects which they didn’t fail to share with Israeli media.

The three also dabbled in the medical field, setting up clinics in Angola and a hospital in Ukraine at an investment of tens of millions of shekels. Recently they joined a deal to train a medical team in China.

“This trio seem to be among the richest people in Israel, but because their business is private, people don't know them,” a source familiar with them said.

How wealthy are they? “Every one of them has a billion, maybe more,” the source added.

Throughout the years LR has had cellular companies in countries such as Liberia, Sierra Leone, and Guinea. The cellular network was operated by Ben-Yami and Lustig since Stiva’s retirement in 2011. The company website says it employs some 2,000 people worldwide.

LR Group issued the following statement in response to this report: “We were surprised to hear about the case that took place in the period after the sale of Cellcom Liberia and deny anything to do with this case if it indeed took place. We thoroughly condemn any aggressive behavior on the web and have always taken strict care that company directors and employees belonging to the group operate only within the confines of local and international regulatory law.”

No comments:

Post a Comment