The attempted hack attack against the Defense Ministry that was revealed this week is only manifestation of the ongoing cyber-war that Israel faces every day. In an exclusive interview, an IDF major who insisted on anonymity for security reasons said that Israel has been attacked by enemies of all kinds – and in all kinds of ways.
“While we’ve had cyber attacks all along, it really picked up last year, during Operation Protective Edge, when we were faced with new challenges that we have not faced before,” he said. “Attacks were conducted by all the players – Hezbollah, Hamas, Palestinian hacker groups, and Iran, and they displayed strong capabilities that have gotten considerably better over the years.”
Many of the attacks against IDF servers, and Israeli networks in general, are DDOS (denial of service) attacks, where hackers try by sheer quantity of Internet connections to slow or halt operations on systems. But the past year especially has seen some very sophisticated attacks. Some of those attacks, said personnel in the C4i corps, were true zero-day attacks – brand-new viruses or Trojan horses – and were apparently designed specifically with the intent of attacking Israeli defense servers.
How close hackers got to taking down a crucial server is a secret the army would never reveal, but when a usually tight-lipped figure in the IDF’s C4I telecommunications corps admits that Israel faces a cyber-security problem, it stands to reason that the threat is a substantial one. And indeed it is, said the IDF major – but fortunately, the army has been able to defend its systems.
“Israel has become a center of cyber-security, and much of that technology is being developed by graduates of advanced tech units, such as 8200, C4i, etc.,” said the major. “I can tell you that we try to keep the best of the best in the army, developing home-grown tools that are able to fight the next generation of cyber attacks. The technology out there upgrades by the hour, and it is vital that we stay ahead of it.”
Among those upgrades is an organizational one that the major says will make a huge difference in the ability of the IDF to fight hackers.
“In June, Chief of Staff Gadi Eisenkot announced the establishment of a new corps that will be dedicated to dealing with cyber threats,” the major said. “Right now, responsibilities are split between several groups” – C4i, which handles cyber-defense, Military Intelligence, which conducts offensive operations, Hoshen, responsible for operating the army’s communication systems, and others – “and by bringing all the groups into one directorate, with a single command structure, we will be able to better focus on the problems we need to deal with.” The changes, he said, will be fully implemented within two years.
On Monday, Channel 2 reported that the Defense Ministry had thwarted what could have been a major cyber-security breach, when defense systems intercepted a rogue email message with an attachment that, when opened, would have given hackers remote access to sensitive material. The attempt was reminiscent of a 2012 hacking attack against Israel Police, where employees opened up a rogue attachment that enabled hackers to infiltrate police servers. The hack was so bad that police were forced to shut down external connections to servers, isolating each network until servers were scrubbed clean. The process took over a week to complete, with a large team of technicians working 24 hours a day.
But such phishing attacks are not necessarily what the IDF has in mind when it considers cyber-attacks (although, of course, defending against such attacks is important as well) – and certainly not an example of a super-sophisticated IDF-targeted cyber attack.
“The attacks we are talking about go beyond the simple DDOS or phishing attacks,” said the major. “We are defending systems that control everything, from clocks to Iron Dome rockets – all of which communicate with servers, and all of which are therefore potential targets for hackers.
“In essence, we are running a major big data operation which takes information from any and every source and analyzes it to see where, when and how we can expect cyber-attacks. Right now, we are gathering and analyzing this data in disparate systems, but the new cyber-directorate will provide much greater opportunities to enable us to meet these challenges.”
One challenge that the IDF must first overcome before fighting hackers, however, is recruiting the talented personnel to defend the security establishment’s computers – and in some ways, that is an even greater challenge than beating hackers.
“Obviously the IDF cannot compete with the private market, where talented people can earn many times their army salaries,” said the major. “But as hard as it is to believe, I have yet in my 20+ years of service to meet someone who left the army because of money issues. Most of those who leave – or choose to stay – do so because of the opportunities and satisfaction they find on the job. The kids we have coming in are very motivated to defend their country, and are happy to do it. It’s up to us – the army, the state, and society – to provide them with the respect and recognition they deserve for doing this important work.”
If Iran et al have been attacking Israel with advanced, unique cyber-weapons, does that meant that Israel is giving back as good as it is getting? After all, the army generally does not let provocations by Hamas and other terror groups go unanswered; logic would dictate that the IDF gives back at least as good as it gets.
If the major knows anything, he won’t tell. “I can’t tell you about the offensive side of things, because I only deal with defense. But it certainly sounds like a logical conclusion.”