[Infowarrior] - Cyber-Attack Deploys In Israeli Forces

Thu Sep 16 06:16:22 CDT 2010

Cyber-Attack Deploys In Israeli Forces
By David Eshel
Tel Aviv
http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2010/09/01/DT_09_01_2010_p42-248207.xml

Geopolitical concerns and two wars in recent years have put Israel at the forefront of cyberwar and cyber-defense. As the most computerized country in the Middle East, Israel stands to lose a great deal if its military and civilian networks prove vulnerable to cyber-attack.

According to Maj. Gen. (ret.) Isaac Ben-Israel, a professor at Tel Aviv University and an expert on digital warfare, Israel’s defense community has been aware of the dangers of cyberspace for two decades. In the late 1990s, the government established a special authority to supervise all aspects of national information security. The internal security authority (Shin Bet) took responsibility for civilian and national assets, while military security supervised defense networks. These activities eventually came under the supervision of the national security council, which also advised on national research and development initiatives in cyber-security systems. This initiative led to the formation of high-tech companies specializing in cyber-security, which became market leaders internationally. Most of these firms were founded by former Israel Defense Force (IDF) veterans who became experts in computer systems during their service.

Israel is also involved in developing an offensive cyber-doctrine. While air force Maj. Gen. Amos Yadlin, chief of intelligence, is concerned about defensive capabilities in cyberspace, he also promotes an offensive dimension to cyberwarfare, stating that both fit well within Israel’s combat doctrine. According to Yadlin, cyberwarfare covers three areas—intelligence-gathering, defense and attack. The IDF plans to be active in all three. Although authorities keep a low profile on such activities, foreign sources highlight some of the latest Israeli successes in the field.

In an interview with DTI, Ben-Israel stressed the importance of fast reactions when a critical computer network, national or military, comes under attack. This creates a dilemma for decision-makers over who should be responsible for cyberwarfare and cyber-defense. Heated discussions have, in fact, been underway between military intelligence and top army brass about which group should have control of current and future assets. Since the question ultimately involves intelligence-gathering and operational considerations, the decision will probably be made by the prime minister, perhaps with guidance from the national security council.

While the decision is pending, there have been successful cyberwar operations. Although official versions are unavailable, reports from foreign experts indicate that the Israeli air attack in September 2007 on a Syrian structure believed to be housing a nuclear weapons development program illustrated how a cyber-attack can affect a defense infrastructure. During the attack the Syrian skies seemed empty and safe to air-defense radars even as Israeli jets penetrated the airspace. Israeli cyberwarriors had hacked into the air defenses and controlled them during the attack. While Israel officially remains silent about the attack, it should be noted that Israeli technicians discovered compromising operational details about the Soviet SA-6 surface-to-air missile system during the 1973 Yom Kippur War, some of which they could have used on the SA-6 batteries in Syria’s air-defense network.

Cyberwar is not only fought by the military. In a small country like Israel, critical systems controlling banks, national water  supplies, the electrical grid—indeed almost all aspects of life—are vulnerable to a cyber-attack that could paralyze life for days or weeks.

Israel’s security communities have been aware of this threat for decades and measures have been taken to defend the most vulnerable national systems. Nevertheless, efforts to attack, sabotage or deny critical computer network access continue to be aimed at Israel. Some events have been leaked to the media.

During Operation Cast Lead in 2009, while the IDF was involved in heavy fighting in Gaza, an initially unidentified source  attacked Israel’s Amos 3 spy satellite. The aim was to manipulate TV broadcasts of a major network, by inserting malware (malicious software) that would distribute demoralizing news about troop losses and defeats. The attacker transmitted modulated digital video broadcasting to Amos 3 and inserted a TV program called “Qassam” (also the name of a crude rocket fired repeatedly at Israel from Gaza). The frequency used by the attacker was identified as the feed-channel of ArabSat, which normally transmits the Al Aksa TV channel of Hamas. Although immediate countermeasures prevented serious problems, it was the first time Israel faced a cyber-attack on its satellite transmissions.

Israel got its licks in as well. A U.K. newspaper reported that Air Chief Marshal Sir Stephen Dalton of the Royal Air Force said, “Britain should take lessons from the Israeli military in Gaza in the use of sophisticated measures to engage in 21st-century cyberwarfare.” According to Dalton, Israel transmitted accurate and timely information critical to the military, cleverly using operations in cyberspace, parallel with action on the ground and the air.

An information campaign was also waged on the Internet with the Israel Air Force downloading sensor imagery onto the YouTube social website warning Israelis of hostile rocket attacks from Gaza. A so-called “help-us-win.com” blog was also created to mobilize public support in Israel. The website was manned by social media experts and Israeli students, and overseen by a reserve officer.

During the 2006 Second Lebanon War, Hezbollah guerrillas were able to hack into Israeli communications, achieving an  unprecedented intelligence breakthrough that enabled them to thwart tank assaults by emplacing long-range armor-piercing munitions on pre-identified approach routes. Using technology supplied by Iran’s Revolutionary Guards, who were assisting them, Hezbollah teams monitored and deciphered constantly changing radio frequencies that the IDF operated with advanced frequency-hopping communication systems. This gave Hezbollah constant access to a situational picture of Israeli troop movements, casualty reports and supply routes. Although the IDF has refused to comment officially, a former senior officer revealed that Hezbollah’s ability to hack into military transmissions had “disastrous” consequences for the Israeli offensive.

The IDF learned its lesson and took precautions that reportedly made operations more secure during Operation Cast Lead.

Much more has been done since to secure computer and radio communications. With the IDF having fielded its digital army network system, communication security has become a major challenge, as critical operational data is now being transmitted down to junior tactical command levels, which are prone to security lapses.

Among the latest measures planned is an extended high-speed broadband fiber-optic network known as “Gold Avnet,” which will be added to mobile ground, air and naval units by 2012. The plan is to use wide-area point-to-point and point-to-multipoint wireless technology.

To enhance secure communications between tactical command levels, the IDF is considering a new telephone model for use by commanders that would replace the bulky “Mountain Rose” encrypted military cellular network. According to reports, the IDF’s C4I directorate is testing the secure BlackBerry system and planning to expand network bandwidth, enabling the device to receive live video footage from unmanned aerial vehicles and secure video-conference calls among commanders.

The IDF computer network is considered secure, operating with encryption and independent of the Internet. Many military offices, however, use unsecured computers for non-operational open-message traffic, and this raises security issues. Recently, unauthorized copying of sensitive classified information was leaked to the media this way.

While Israel’s military computer network still challenges cyber-attackers, much of the nation’s civilian infrastructure is vulnerable to hackers. Following the recent tension with Turkey over the Gaza flotilla fiasco, Turkish hackers launched denial-of-service attacks on Israel’s public Internet and attempted to plant malware on it. Anonymous hackers deluged more than 100,000 e-mail addresses with spam, circulated passwords and accessed major financial companies, government ministries and even computer security firms.

Israeli hackers are also capable of attacks. One group recently took over the official Hamas website, uploading Israel’s national anthem onto it.

But more serious activities are being reported by foreign sources, in which Mossad or some of its allies have infiltrated secret Iranian computer networks by highly sophisticated means, introduced malware to them and disrupted or contaminated critical networks, allegedly causing unexplained malfunctions in Iran’s nuclear enrichment process.

Cyber-tactics may become as important to Israel as conventional military operations. The ability to destroy the networks of an enemy’s defenses along with infrastructure assets could be one way of achieving a relatively bloodless but decisive victory in a region that is embracing the potential of cyberwar.