Israel’s Iron Dome missile defense system has done wonders as a shield against the constant barrage of rockets from the Gaza Strip. But though technologically sophisticated in other respects, it has no defense against hackers, especially the Chinese variety, who have been waging cyber warfare to dig out the secrets of Israel’s civilian information networks.
Between 2011 and 2012, these cyber thieves broke into the computer systems of RAFAEL, Israel Aircraft Industries (IAI) and Elisra (a subsidiary of Elbit), the companies responsible for developing and building Iron Dome. The cyber infiltrators, apparently operating out of China, stole a mass of documents related to the missile defense shield, as well as files on other defense systems including drones, the Arrow 3 and other anti-ballistic missiles.
The cyber security company CyberESI only recently uncovered the two-year old infiltration, which was revealed this week by the KrebsOnSecurity blog. The firm’s CEO Joseph Drissel said that the type of data stolen led to the hackers’ special interest in Iron Dome.
DEBKA Weekly’s cyber experts note that the fact that it took two years to discover the first breach does not detract from its severity but the reverse. Cyber poachers of various ilks and motivations have always been on the lookout for cracks in Israel’s most critical civilian systems. Little did anyone imagine that its most carefully guarded computers would be so easily breached and invaded by illicit programs, and its most classified IAE documents read like an open book.
China’ state-sponsored “Comment Crew” conducted phishing attacks
Many of the stolen documents were marked classified, including a 900-page report containing precise sketches and blueprints for Arrow 3.
“Most of the Arrow 3 technology was not developed in Israel, but rather by Boeing and other American companies,” Drissel said. But whatever its provenance, the information was compromised on Israeli machines.
According to CyberESI, hackers using targeted email phishing attacks first breached IAI’s systems on April 15, 2012. The nature of the attack suggests it was carried out by the “Comment Crew,” a group of Chinese hackers known to be affiliated with the Chinese government. The group has filched vast caches of data from American security companies in the past. And as recently as Tuesday, July 29, Canada lodged a protest with Beijing, accusing “a highly sophisticated Chinese state-sponsored actor" of breaking into the National Research Council, which works with major aircraft companies.
After infiltrating the IAI system over a period of four months, the hackers installed spy programs and Trojan horse malware, giving them access to the company’s network and classified files.
With entrée into a network, hackers are able to access passwords, administrative accounts, and even plant software for recording the exact letters typed into a computer.
Hackers had similarly compromised Elisra’s systems, retaining control from October 2011-July 2012 and were able to spy on email correspondence from the CEO, vice president for technology and other high-placed executives.
Israeli firms minimize breach, but a grave slip-up is evident
On Tuesday, July 29, Elisra declined to comment on the reported infiltration. RAFAEL spokesman Amit Tzimer also refused to address it in any detail: “We are not commenting on this matter,” said Tzimer. “All of our systems are protected and secured and there is no problem with them.”
IAI spokeswoman Eliana Fisher issued a firm denial of the intrusion to the Israel journal Calcalist: “The reports about leaks of sensitive information are incorrect,” she said, adding that they refer to an attempted infiltration attempt of the company’s civilian and non-classified Internet network that appeared to have occurred a few years ago.
“IAI's information protection systems meet the strictest standards and, in this case, too, they proved their effectiveness."
DEBKA Weekly’s cyber experts say that, despite the companies’ weak-sounding denials or refusals to acknowledge the problem altogether, KrebsOnSecurity is among the world’s top ten information security blogs and its revelations must be taken seriously. It finds reason to believe that the computers of the manufacturers of Iron Dome, Arrow 3 and other classified military systems were seriously compromised.
A spokesperson for IAI dismissed the hacks as “old news,” when challenged about the wide cracks remaining in the organization’s computers for random break-ins.
The evidence provided by KrebsOnSecurity of the theft of Iron Dome schematics leaves little room for interpretation and, combined with China’s tests of short-range and medium-range missile intercept systems some two years after the theft, eloquently bespeaks the magnitude of the lapse.
Basic rules for information security
The information security world has developed a three-part method for protecting data. If it is followed to the letter with the utmost care, it is proof against theft, except in very rare cases. But Rafael, the IAI and Elisra must have fallen down on a very simple dictum: If it isn’t connected to the Internet, it won’t make it onto the Internet.
Tools and methods
Documents, plans, inventions and patents are secure if they are kept on a closed company network, with no devices hooked up to the Internet – even behind a firewall. Such networks cannot be broken into by external devices. And when a new machine is added to the closed network, all external links, like BlueTooth and WiFi capabilities, are first neutralized. Printers too, whether fixed or movable, are just about useless as vehicles of entry.
It is standard practice in security companies to allow employees to surf the Internet only after strict and frequent screening and constantly updated firewalls for keeping unwanted intruders at bay.
In extreme cases, dedicated computers are completely cut off from other computers in the organization. Any external media introduced into the compartmented core system are first scanned file by file by security experts on separate, independent machines, using anti-virus and cleaning software, before it is given the all-clear for use in the quarantined network.
This three-tiered technology, while providing ultimate security, is cumbersome and apt to slow down the day-to-day functioning of commercial companies.
It is backed up by a whole range of “tools”, including fire walls designed to ward off threats from addresses belonging to known malefactors and antivirus software that detects and destroys viruses and their harmful effects.
The structure of a given network can also be designed in such a way that it puts off unwanted intruders.
The optimal success of a security system – there’s no such thing as totally unbreakable security – depends most essentially on the personal commitment and responsibility of every employee in the organization.
This individual self-discipline goes hand in hand with updated instruction for the work force and each member’s awareness of how important it is to follow procedures to the letter.
Any incoming email can spell disaster by means of a shared password or a response to an online survey of some kind. Hackers are constantly hunting for a way into foreign networks. A single penetration may give them free rein inside the victim’s system or cause a major infection.
Enforcement may often be lax in companies with a friendly environment where workers have worked side by side for many years. Employers may find that in this atmosphere, they are not capable of strictly enforcing security measures or meting out punishment to offenders. These tasks should therefore be entrusted to outside security services, although this sort of outsourcing also has its drawbacks. The company may close ranks against outsiders gaining access to its systems, either because it is engaged in top-secret work or security projects, or because its managerial ranks are unwilling to share their domain with such outsiders. Therefore, internal enforcement may not be the way to guarantee the best security for the computer networks of organizations. Military technology may continue to be vulnerable to anyone with enough money and know-how to breach it.