Skip to content

6Scan Founders Worked for the Israeli NSA

Startup Company Now Scans Websites in Stealth Mode

Source Documents

6Scan Breaks Stealth with its Proactive Website Security Startup
Interview with 6Scan founders Nitzan Miron and Yaron Tal.

6Scan Auto-Fix Feature
6Scan suite empowers itself to scan your code, and alter it as well.

6Scan Terms of Service
6Scan disclaims any responsibility for inaccuracy, errors, or loss of data. Will not guarantee non-infringement of intellectual property rights.

On August 27, 2013 my web host emailed me to say my website had been scanned by a new software company called 6 Scan with this result:

Your sites are currently free from vulnerable and malicious code.
Your sites were not currently found on any search engine blacklist.

Of course, I am a white-hat designer, but still I was stunned. What is 6Scan? No test was authorized by me. The test proceeded in stealth mode, apparently the stock-in-trade of the 6Scan founders.

6Scan founders Nitzan Miron and Yaron Tal say they both worked for the Israeli Defence Force in a branch informally known as the ‘Israeli NSA.’ Their new company 6Scan has an edict to ‘especially target SQL databases.

This may mean nothing; or a lot.

My sites passed the test. Still, I was flummoxed that an unknown, untested startup company should be given full – in fact any – access to my code without my prior knowledge or consent.

My web host set this company loose to roll through our websites and databases, yet our hosting package never mentioned or sought permission for such intrusion.

6Scan asks customers to place on their webpages a security seal bearing the company name and logo. But that would provide a blatant free advertisement for 6Scan. Tuum Est feels it would be appropriate to affix the seal only if we were paid for the advertising space.

6Scan Targets Web Hosting Channel reveals: The model for partnering with hosting providers is a direct revenue share, where the web host receives 40 percent of the monthly fee. 6Scan has three pricing plans: Basic for $9.99/month, Professional for $29.99/month, and Enterprise for $49.99/month.

6Scan: Main Focus is SQL Databases

To list a few concerns: What if the 6Scan company has a hidden agenda? We would never know until it is too late. Even if the agenda is legitimate, what happens if errors or bugs exist in their software? Why should we be subject to unknown risks?

The 6Scan company especially targets SQL databases. My own website is educational, and does not have a database. But many sites do. Search engines such as Bing, Google, and Yahoo all make a firm point of respecting the Robots Exclusion Protocol which prevents search bots from indexing any page that carries the no-index command. There are good reasons why some pages should not be broadly accessible. This is especially true for databases. For example:

  • Commerce sites construct databases to hold customer names, credit card numbers, and account numbers.
  • Medical clinics store charts online for large groups of patients as physicians move to electronic record-keeping. In most countries, confidentiality of health records is an ethical pillar, and is enacted into the civil law statutes via HIPPA legislation.
  • Legal firms use online storage for precedent searches and drafts of court documents which disclose strategy the opposing party in a lawsuit should not see ahead of time.
  • Journalists, patent inventors, and researchers deserve privacy to prevent intellectual theft before a project reaches fruition.

The Israeli NSA

6Scan founders Nitzan Miron and Yaron Tal say: Until now, 6Scan was in a very quiet, stealth mode while it put final touches on two security products called Patrol and Bodyguard. The two products work in conjunction. Patrol scans for threats constantly, then calls in Bodyguard to automatically fix the problem. Bodyguard is an automatic repair agent that sits installed on the customer's system. Make no mistake: 6Scan not only reads your code, it can alter it as well.

Some background appears in 6Scan Breaks Stealth with its Proactive Website Security Startup:

  • 6Scan is a startup company looking for funding.
  • 6Scan is based in Israel, which has a mandatory 3-year term in the Israeli Defence Force for all men when they turn eighteen. 6Scan founders Nitzan Miron and Yaron Tal both served in the Defence Force, in what Miron calls the Israeli NSA working to protect military information from hackers.
  • I believe the Israelis are a fine people, exceptionally intelligent, but you must admit they have chosen a life of war. Amidst war, the ends justify the means. With 6Scan this may mean nothing; or a lot.
  • The disclosures of Edward Snowden in June 2013 showed the world that the American NSA excels at data-mining. The British GCHQ excels at data-mining. So … can we be certain of the real or full intentions of any company seeking access to every website, everywhere?

6Scan Disclaims Responsibility for Errors or Data Loss

Anyone who contemplates involvement with 6Scan should read their Terms of Service. Three paragraphs are quoted verbatim below. Vague, convoluted language – deliberate obfuscation – surrounds any mention of customer rights. This goal is to gain wriggle-room if the company is ever challenged by a complaint.

In the Terms of Service, clarity emerges only when the company disclaims responsibility. For example, 6Scan refuses any liability for accuracy, errors, or loss of data. Founders Nitzan Miron and Yaron Tal expressly will not guarantee non-infringement of intellectual property rights.

Excerpt from ‘6Scan Terms of Service’
(points numbered 3 to 5)

  1. Disclaimer:  The materials on Six Scan Ltd.'s web site are provided as is. Six Scan Ltd. makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, Six Scan Ltd. does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.
  2. Limitations:  In no event shall Six Scan Ltd. or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on Six Scan Ltd.'s Internet site, even if Six Scan Ltd. or a Six Scan Ltd. authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
  3. Revisions and Errata:  The materials appearing on Six Scan Ltd.'s web site could include technical, typographical, or photographic errors. Six Scan Ltd. does not warrant that any of the materials on its web site are accurate, complete, or current. Six Scan Ltd. may make changes to the materials contained on its web site at any time without notice. Six Scan Ltd. does not, however, make any commitment to update the materials.

Israeli-American Cyber Weapons

Stuxnet is a computer worm devised to decimate Iran's nuclear facility. Edward Snowden confirmed the worm was conceived by the NSA and co-written by Israel.

Stuxnet was to cause sporadic damage while sowing confusion among Iranian scientists about the cause of mishaps at the nuclear plant. Iran was meant to believe its engineers were incapable of running an enrichment facility. If wholesale destruction occured right away, scientists could pinpoint the cause and rule out incompetence. The plan therefore was to string it out. Stuxnet was a weapon against morale.

But Stuxnet did not do a marksman's job. A programming error in the worm allowed it to escape Iran's nuclear facility. It popped up in Indonesia, India, Pakistan, America, and other countries. Soon Stuxnet was common knowledge.

Flame is a worm designed to secretly map and monitor Iran's computer networks, sending back a steady stream of intelligence to prepare for a sustained cyber­warfare campaign. But this worm, too, exceeded its bounds.

Flame masqueraded as a routine Microsoft update. Flame then replicated across even highly secure networks, and took control of routine computer functions to send data back to its creator. The worm could activate computer microphones and cameras, log keyboard strokes, take screen shots, extract geo­location data from images, and send and receive commands and data through Bluetooth wireless technology. The media cried foul.

Georgena S. Sil
Saskatoon, Canada
Physicist & Technical Writer
Alumnus: University of British Columbia
TuumEstContact@protonmail.com

Copyright © 2008-2018 Georgena Sil. All Rights Reserved.