[Infowarrior] - Israel adds Cyber-Attack to IDF

[Richard Forno]

Israel adds Cyber-Attack to IDF
http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2010/02/01/DT_02_01_2010_p39-198440.xml
By David Eshel
Tel Aviv

There is no equivocation in how the Israeli military views cyber- 
security. “Using computer networks for espionage is as important to  
warfare today as the advent of air support was to warfare in the 20th  
century,” says Maj. Gen. Amos Yadlin, chief of military intelligence.

Speaking recently at the Institute for National Security Studies  
(INSS) here, Yadlin says the ability to collect information and launch  
cyber-attacks gives small countries, terror groups and even  
individuals the power to inflict serious damage unlimited by range on  
a target—the kind of damage that was once the province of large  
countries.

Noting that the U.S. and Britain are setting up cyber-warfare  
commands, Yadlin says Israel has its own soldiers and officers working  
on an “Internet warfare” team dedicated to cyber-security. The issue  
is critical for many governments. In the U.S., Lockheed Martin  
recently opened the NexGen Cyber Innovation and Technology Center to  
address global cyber-security needs. The company has helped launch an  
industry association focusing on providing government, business and  
industry (including defense contractors) with integrated cyber- 
security solutions (see p. 43).

In confronting cyber-attacks, military intelligence has become a  
combat arm of the Israel Defense Forces (IDF). Computer networks are  
being exploited by hacking into databases or carrying out sabotage  
with malicious software (malware) that infiltrates and inflicts damage  
in adversary computers.

To counter cyber-attack, Yadlin says Israel’s armed forces have the  
means to provide adequate network security. “The cyber-warfare field  
fits well with Israel’s defense doctrine.”

The ubiquity of the Internet and its ease of use make it vulnerable to  
infiltration, exploitation and sabotage. IDF intelligence estimates  
that several countries in the Middle East use Russian hackers and  
scientists to operate on their behalf. Since the 2006 war against  
Hezbollah, when cyber-warfare was part of the conflict, Israel has  
attached growing importance to cyber-tactics.

Israel in fact is, along with the U.S., France and a couple of other  
nations, a leader in cyber-war planning. Cyber-warfare teams are  
integrated within Israel’s spy agencies, which have rich experience in  
traditional sabotage techniques.

Israel’s high-tech industry is at the forefront of computer and  
software development, particularly in the areas of security and  
communications. Companies such as Comverse and Nice Systems are world  
leaders in “legal eavesdropping” networks, while Checkpoint Software  
is an innovator in network security. Many international high-tech  
companies are locating research and development operations in Israel,  
where local hires are often veterans of the IDF’s elite computer units.

In fact, most of Israel’s technical know-how originates from the army,  
especially the computer and C4I (command, control, communications,  
computers and intelligence) division of the intelligence branch.  
Veterans of these specialized units have become the mainstay of top- 
secret work at tech companies.

While it is clear Israel has successfully used cyber-tactics against  
enemies, it is harder to know to what extent it has been hit by cyber- 
attacks. Israel says little about its cyber-operations, but occasional  
leaks point to a trend of active involvement by computer experts in  
covert and sometimes overt operations.

In September 2007, for example, Israeli jets destroyed a suspected  
nuclear facility under construction in a remote part of Syria. From  
what journalists have discerned, Israel jammed Syrian radar and other  
defenses, allowing sufficient time to launch the strike undetected.  
During the attack, cyber-tactics appeared to involve remote air-to- 
ground electronic attack and network penetration of Syria’s command- 
and-control systems.

There is evidence that a sophisticated network attack and electronic  
hacking capability have become indispensable components of the IDF  
arsenal. Government-owned Elta Systems, an authority on communications  
intelligence (comint), recently announced a line of “CellInt” support  
systems, offering cross-border interception of cellular networks and  
active monitoring of satellite links, including those operated by the  
UAE’s Thuraya satellite communications network, used throughout  
Southwest Asia. Elta’s cyber-warfare systems, activated from ground,  
naval, airborne or unmanned platforms, intercept a target network,  
track connections and calls between networks, and infiltrate deep into  
an enemy’s communications loop.

The vanguard of Israel’s cyber-warfare efforts is focused on blocking  
Iran’s nuclear ambitions. A U.S. expert said recently that malware  
could be inserted, disrupting the controls of sensitive sites like  
uranium enrichment plants. The appeal of cyber-attacks has increased,  
Israeli intelligence sources say, due to the limited feasibility of  
air strikes on the distant and heavily fortified Iranian nuclear  
facilities, and by U.S. reluctance to open another war front in the  
region. The newspaper Ha’aretz reports that Israeli intelligence has  
tried to insert malware that can damage information systems within  
Iran’s nuclear program. The systems are not connected to the Internet,  
but to equipment sold to the Iranian government

This is the future of cyber-war. Modern societies are complex networks  
of people, information systems and equipment. Enormous advantages will  
be obtained by adversaries that quickly identify and neutralize  
critical nodes within the systems.

Apart from the military, two other government bodies operate in the  
field of cyber-warfare. Shin Bet, Israel’s internal security  
authority, directs its focus on Palestinians and Israeli Arabs. The  
agency has established a department for the protection of information  
that is responsible for coordinating network security of government  
and infrastructure of strategic importance, such as Israel’s electric  
utility or the Mekorot water company. A special department in the  
finance ministry also works to protect government cyber-systems from  
being hacked.

While critical systems are not directly connected to the Internet,  
they can be penetrated and attacked by indirect means, such as  
stealthy “Trojan horses” planted in electronic devices like cell  
phones, personal digital assistants and computers, through file- 
sharing services or through the Internet without an owner’s knowledge,  
turning personal communicators into active eavesdropping devices.

Cyber-attacks against Israeli networks have been encountered in recent  
conflicts. When tensions with Hamas or the Palestinian Authority flare  
up, Israeli web sites immediately suffer a barrage of virtual  
assaults. During Operation Cast Lead in Gaza last year, cyber-attacks  
were unusually severe, peaking with millions of junk mail deliveries  
lasting for days.

Israel has made major investments in infrastructure as part of the  
global war on terrorism and the related fight against money-laundering  
and financial support of terrorist activities. Agencies are targeting  
individuals and groups of known terrorist supporters in an attempt to  
extract intelligence from e-mails, chat rooms, instant messaging and  
Internet phone calls. But there are more layers of information to be  
mined below such direct intercepts, empowering services with the  
capability to spot, track and isolate suspicious objectives through  
mass interception methods. Employing mass interception requires  
sophisticated analysis tools and processing reams of information,  
enabling services to trace network activities and extract clues by  
analyzing volumes of communications.

Though considered vulnerable to hostile intercepts, wireless cellular  
networks offer Western intelligence agencies dramatic advantages,  
since they have become common in Third World countries and in areas  
not covered by U.S. and European lawful interception acts. Exploited  
by modern communications intelligence, wireless connections—including  
WiFi, microwave links, local area networks, cellular systems and WiMax  
broadband mobile links, and even satellite networks—are easily  
intercepted, providing covert access to a wealth of information  
without subscribers’ or operators’ knowledge.

Hence, the demand for comint equipment. Physical networks considered  
relatively safe from eavesdropping have become vulnerable to stealthy  
probes, with bugging devices capable of capturing traffic over  
broadband channels and gathering intelligence by searching for  
suspicious words, phrases and names.

Critical government systems are run on intranets, networks that  
operate independently from the Internet and often carry sensitive and  
classified information. A nation’s most secret networks are  
increasingly “air-gapped,” meaning they do not link to other systems.  
But many government webs still have points at which they interface  
with the Internet, and thus can be infected with malware. So even  
though intranets are relatively controlled environments, one mistake  
in procedure, however slight, can compromise an entire network.

Eternal vigilance, it has been said, is the price of freedom, and, it  
appears, of cyber-security.