05 August, 2014

Chinese military 'hacked' Israel's Iron Dome

The technology behind Iron Dome, the missile defence system Israel has been using since 2011, was stolen by Chinese military hackers, it has been alleged.

The claims were made by Cyber Engineering Services  to Brian Krebs of security news site Krebs On Security, and identify Elisra Group, Israel Aerospace Industries (IAI) and Rafael Advanced Defence Systems as the three defence companies that were compromised during the cyber assault. The perpetrators, Cyber Engineering Services says, are the same ones behind a spate of attacks that have come to light in the past few years, all attributed to Unit 61398, a Shanghai-based arm of the Chinese army. The five Chinese military offers arrested by the US earlier this year for allegedly hacking energy firms in the country, also belong to the same unit.

The hacks took place from October 2011, some six months after Iron Dome became operational, and continued up until August 2012. Israel Defence Forces (IDF) has said that many hundreds of rockets fired from Gaza, particularly during the current military operation and a series of clashes in 2012, have been scuppered by the system, which is thought to be one of the most effective missile-defence technologies in the world.

Many of the cyber breaches bear the hallmarks of similar attacks on private corporations or media outlets that we have seen in the past. For instance, IAI was scuppered by an email phishing attack, reports Krebs On Security, after which the hackers spent four months installing malicious software (including trojans and keyloggers) to expand their reach. Several different systems were analysed by the hackers as a result of the infiltration, amounting to at least 700 files of 762MB, in total. Cyber Engineering Services estimates that those 700 files, in the form of emails, PFDs, scripts, spreadsheets and more, represent just a small amount of the total intellectual property stolen by hackers.

Although Iron Dome data was targeted and breached, the hackers also focused extensively on Arrow III missiles, drone technology and ballistic rockets. Joseph Drissel, founder of  Cyber Engineering Services, told Krebs On Security that much of this IP does not in fact belong to the Israeli companies. Rather, the firms were obligated to protect it under US government regulations, having been provided with the data from US defence companies, including Boeing. 

This could, potentially have something to do with why the claims have not come to light until now. A representative from IAI told Krebs On Security the report -- still not publicly available -- was "old news" and all the relevant procedures following the revelation were followed. Nevertheless, it's not something a private company responsible for the defence of a nation, either in the US or Israel, would likely want to admit to.

It's not totally clear, however, how Cyber Engineering Services came to point the finger of blame at the Chinese military. Most of the hacks we know Unit 61398 perpetrated have been against the US, but equally they have been directed against private companies, often related to national infrastructure or big industry. The arrests made by the US earlier this year were off the back of a report published by Mandiant, which revealed the secretive unit had been within company networks for years sometimes -- in one case, four years and ten months. 

Iron Dome has a reputation as one of the leading pieces of defence kit in the world, with a number of other countries thought to have either acquired it or engaged in talks with Israel to do so. Further development by Rafael Advanced Defense Systems has led to a teaser for a followup system, Iron Beam. While Iron Dome will only shoot down rockets heading for populated areas (using algorithms to instantly identify these) to conserve on ammunition, Iron Beam would use a high-energy laser that could stand to respond more indiscriminately, using a thermal radar to track and map all projectiles in range.


Post a Comment