Cyber-attacks perpetrated by Iran, Hamas, and Hezbollah against Israeli government and military bodies have gotten more sophisticated in the past year, an IDF major stated in an interview Thursday with David Shamah, the technology reporter for The Times of Israel. The major insisted on anonymity for security reasons.
“While we’ve had cyber attacks all along, it really picked up last year, during Operation Protective Edge, when we were faced with new challenges that we have not faced before,” he said. “Attacks were conducted by all the players – Hezbollah, Hamas, Palestinian hacker groups, and Iran, and they displayed strong capabilities that have gotten considerably better over the years.”
Many of the attacks against IDF servers, and Israeli networks in general, are DDOS (denial of service) attacks, where hackers try by sheer quantity of Internet connections to slow or halt operations on systems. But the past year especially has seen some very sophisticated attacks. Some of those attacks, said personnel in the C4i corps, were true zero-day attacks – brand-new viruses or Trojan horses – and were apparently designed specifically with the intent of attacking Israeli defense servers. …
“Israel has become a center of cyber-security, and much of that technology is being developed by graduates of advanced tech units, such as 8200, C4i, etc.,” said the major. “I can tell you that we try to keep the best of the best in the army, developing home-grown tools that are able to fight the next generation of cyber attacks. The technology out there upgrades by the hour, and it is vital that we stay ahead of it.”
While the major did not share specifics, he acknowledged that the threat that the IDF faces “is a substantial one.” New IDF Chief of Staff Gadi Eisenkot recently announced the formation of a dedicated unit to defending the army against cyber-attacks.
In Iran Has Built an Army of Cyber-Proxies, which was published in the August 2015 issue of The Tower Magazine, Jordan Brunner documented how Iran has become a force in cyber-warfare and has raised the capabilities of its allies:
Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.
More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.
Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.
The group has carried out its most devastating cyber-attacks against the Syrian opposition, often using the anonymity of online platforms to its advantage. For example, its hackers pose as girls in order to lure opposition fighters into giving up seemingly harmless information that can lead to lethal crackdowns. The SEA’s sophisticated use of cyberspace developed in a very short time, and it is reasonable to infer that this was due to Iranian training. Iran has long supported the ruling Assad regime in Syria and would be happy to support those who support him.
In recent months, a group called the Yemen Cyber Army (YCA) has arisen, hacking into systems that belong to Saudi Arabia. The YCA supports the Houthi militia, which is fighting the Yemenite government and the Saudis; the Houthis are, in turn, supported by Iran. Thus far, the YCA has attacked Saudi Arabia’s Foreign, Interior, and Defense Ministries. They have also hacked the website of the Saudi-owned newspaper Al-Hayat. Messages from the group indicate that they are sponsored by Iran, and might even be entirely composed of Iranians.
[Photo: Global Panorama / Flickr ]