Unit 8200

Unit 8200 (יחידה 8200, Yehida shmone matayim "Unit eight two-hundred") is an Israeli Intelligence Corps unit of the Israel Defense Forces responsible for clandestine operation, collecting signal intelligence (SIGINT) and code decryption, counterintelligence, cyberwarfare, military intelligence, and surveillance. Military publications include references to Unit 8200 as the Central Collection Unit of the Intelligence Corps, and it is sometimes referred to as Israeli SIGINT National Unit (ISNU). It is subordinate to Aman, the military intelligence directorate.

The unit is composed primarily of 18–21 year olds. As a result of the youth of the soldiers in the unit, and the shortness of their service period, the unit relies on selecting recruits with the ability for rapid adaptation and speedy learning. Afterschool programs for 16–18 year olds, teaching computer coding and hacking skills, also serve as feeder programs for the unit. Former Unit 8200 soldiers have, after completing their military service, gone on to founding and occupying top positions in many international IT companies and in Silicon Valley.

According to the Director of Military Sciences at the Royal United Services Institute, "Unit 8200 is probably the foremost technical intelligence agency in the world and stands on a par with the NSA in everything except scale."

Overview
Unit 8200 is the largest unit in the Israel Defense Forces, comprising several thousand soldiers. It is comparable in its function to the United States' National Security Agency and is a Ministry of Defense body just as the NSA is part of the United States Department of Defense.

Subordinate to Unit 8200 is Unit Hatzav (Hebrew name for Drimia (יחידת חצב)), responsible for collecting OSINT intelligence. The unit monitors and collects military intelligence–related information from television, radio, newspapers, and the internet. The translation of various items accounts for part of what is termed "basic intelligence", which is collected by the units.

The IDF's most important signal intelligence–gathering installation is the Urim SIGINT Base, a part of Unit 8200. Urim is located in the Negev desert approximately 30 km from Beersheba. In March 2004, the Commission to investigate the intelligence network following the War in Iraq recommended turning the unit into a civilian national SIGINT agency, as is in other Western countries, but this proposal was not implemented.

Staff
Unit 8200 is staffed primarily by 18–21 year old conscripts. Selection and recruitment to the unit usually occurs at age 18 through the IDF screening process after high school. However, the unit also scouts potential younger recruits through after-school computer classes. These after-school computer classes, teaching 16–18 year olds computer coding and hacking skills, sometimes act as feeder programs for the unit, with students receiving invitation letters from the IDF.

The 18-year-olds selected for the unit are primarily chosen for their ability to teach themselves and to learn very quickly as the unit will only have access to their services for a short time before their military service period ends.

Soldiers are not permitted to publicly disclose that they are part of the unit, or their role within it.

Command structure
Unit 8200 is led by a commander and a deputy commander, the latter holding the rank of colonel. The identities of both officers are kept secret. An additional command role is that of the "Data Science and AI Commander".

Known commanders

 * Brigadier General Yoel Ben-Porat (1970s)
 * Reuven Yeredor (1980s)
 * Lior Div (unknown period)
 * Aharon Ze'evi-Farkash (unknown period)
 * Brigadier General Nadav Zafrir (unknown period)
 * Brigadier General Yair Cohen (2001 2005)
 * Brigadier General Hanan Gefen (succeeding Cohen)
 * Brigadier General "A" (anonymous, mid-2010s)
 * Brigadier General Asaf Kochan (unknown period)
 * Brigadier General Yossi Sariel (2021 or earlier present)

History
Unit 8200 was established in 1952 using primitive surplus American military equipment. Originally, it was called the 2nd Intelligence Service Unit and then the 515th Intelligence Service Unit. In 1954, the unit moved from Jaffa to its current base at the Glilot junction.

According to Peter Roberts, the Director of Military Sciences at the Royal United Services Institute, "Unit 8200 is probably the foremost technical intelligence agency in the world and stands on a par with the NSA in everything except scale. They are highly focused on what they look at — certainly more focused than the NSA — and they conduct their operations with a degree of tenacity and passion that you don't experience elsewhere."

Activities


In 2010, the French newspaper Le Monde diplomatique wrote that Unit 8200 operates a large SIGINT base in the Negev, one of the largest listening bases in the world, capable of monitoring phone calls, emails, and other communications, throughout the Middle East, Europe, Asia, and Africa, as well as tracking ships. Unit 8200 also reportedly maintains covert listening posts in Israeli embassies abroad, taps undersea cables, maintains covert listening units in the Palestinian territories, and has Gulfstream jets equipped with electronic surveillance equipment.

Ronen Bergman says in a 2009 book that a Hezbollah bomb, disguised as a cell phone, was picked up by agents, and taken for investigation to Unit 8200's headquarters in February 1999. Basic safety protocols were neglected. The device never underwent the necessary x-ray procedures meant to ensure it was explosives-free. Inside the laboratory the cell phone exploded. Two Unit 8200 soldiers were severely injured, one losing a hand.

In 2010, The New York Times cited "a former member of the United States intelligence community" alleging that this unit used a secret kill switch to deactivate Syrian air defenses during Operation Orchard.

In 2014, 43 veterans of Unit 8200 signed a protest letter decrying what they called the electronic surveillance unit's abusive gathering of Palestinians' private information. In response, 200 other reservists signed a counter-protest letter.

According to The New York Times, the Unit 8200's hack of Kaspersky Lab allowed them to watch in real time as Russian government hackers searched computers around the world for American intelligence programs. Israelis who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion of US systems.

In March 2024, The New York Times reported that Corsight and Google Photos were being used in a facial recognition program by Unit 8200 to surveil Palestinians in Gaza amid the Israel-Hamas War. Intelligence officers told the Times that the unit uploads databases of known faces to the service and uses its search functions to identify individuals. A Google spokesman commented that the service is free and "does not provide identities for unknown people in photographs." Corsight, a private Israeli company, declined to comment, although its president had recently written on LinkedIn that its technology could identify faces from "extreme angles, (even from drones,) darkness, poor quality."

2023 Hamas attack
In the failure to forecast the 2023 Hamas attack on Israel by Israel's intelligence agencies, Unit 8200 was blamed for having underestimated Hamas activities. Unit 8200 is alleged to have stopped listening to Hamas's handheld radios in 2022, deciding it was a "waste of effort". Monitoring that radio network might have helped the Shin Bet realize a few hours before the attack that the unusual activity they were seeing on the Gaza border was not just another military exercise by Hamas, Times of Israel noted. The New York Times reported in November that a veteran analyst in Unit 8200 had warned in July that Hamas were preparing for a cross-border attack and that the analyst's concerns were dismissed by senior military leadership as "totally imaginative".

The "Spotters", known as tatzpitaniyot, are female members of the IDF who observe the barriers along the border and activate complex technological systems to prevent the enemy from penetrating into Israel. Their responsibilities have been described as a "difficult, cognitively and emotionally demanding job that entails hours of closely monitoring surveillance cameras, with the knowledge that missing even the slightest unusual event along the border could have disastrous effects on the entire country" but "[t]hey didn’t miss Hamas' preparations for the October 7 attack"; one was quoted as saying, "We were all seeing Hamas militants training for exactly what happened: We saw them training to crash the fence, training to kill civilians, training to take back hostages" and another stated "We knew this would happen. We warned the higher ups. But they ignored us. They told us that they know better, even though this is our job—we have to know every tree, every tent, every pothole in our section, and especially to know when something unusual is happening. And we do." Only two of the tatzpitaniyot on duty on 7 October 2023 evaded death or abduction.

In April 2024, The Guardian claimed that Brigadier General Yossi Sariel (a former head of intelligence for the IDF's Central Command) is currently leading Unit 8200. The identity of the unit's commander is kept secret, but The Guardian "easily" connected an anonymous email account included with electronic copies of a book published under the pseudonym YS to his name.

Duqu
Duqu is a collection of computer malware discovered on 1 September 2011. Non-Israeli sources routinely state it to be the creation of Unit 8200.

Companies founded by alumni
Former soldiers of Unit 8200 have gone on to found many high-tech companies, among them:


 * Adallom
 * AlphiMAX
 * Altnext
 * Argus Cyber Security
 * Armis
 * Astrix Security
 * AudioCodes
 * Axis Security
 * Bizo
 * Bzigo
 * CardScan
 * Check Point
 * Claroty
 * CloudEndure
 * Cloudinary
 * CommScope
 * Crosswise
 * CTERA Networks
 * CTS Labs
 * CyberArk
 * Cyberbit
 * Cybereason
 * CyCognito
 * Cypago
 * Dig Security
 * Explorium
 * Entitle
 * EZchip
 * Fireblocks
 * Forter
 * FST Biometrics
 * GIDEON
 * Gilat
 * Hub Cyber Security
 * Hunters.Ai
 * Hyperwise Security
 * ICQ
 * IL Ventures
 * Imperva
 * Indeni
 * Infinidat
 * Infinipoint
 * IntSights
 * IVIX
 * Lacoon Mobile Security
 * Leadspace
 * LEVL Technologies
 * noname Security
 * Namogoo
 * NICE
 * NSO Group
 * Onavo
 * Opster
 * OverOps
 * Palo Alto Networks
 * PerimeterX
 * PrimeSense
 * Radware
 * Rosh Intelligent Systems
 * Salt Security
 * Secdo
 * Silverfort
 * Solaredge
 * Viber
 * Votiro
 * Verint (spin-off from Comverse)
 * Waze
 * Wing Security
 * Wix
 * Wiz
 * XenSource
 * XIV
 * Yonatan Labs
 * ZoomInfo