Hackers Sought Iron Dome Secrets, U.S. Security Blog Says

Two Israeli defense firms said to be victims of hacking attacks aimed at collecting information on the Iron Dome anti-rocket system have denied or played down the report.

The companies were responding Tuesday to an article in Krebs on Security, a U.S.-based computer-security blog, which alleged that computer networks at three companies – Israel Aerospace Industries, Rafael Advanced Defense Systems and Elisra Group – were penetrated by hackers in 2011 and 2012.

Krebs said the hackers were probably linked to the Chinese military and removed data on the Arrow III missile, unmanned aerial vehicles, ballistic missiles and related documents. Joseph Drissel, CEO of the cyber-intelligence consulting form Cyber Engineering Services, told Krebs the hackers were looking for information on Iron Dome.

But a Rafael spokesman told TheMarker the company was unaware of the hacking attempts. IAI, meanwhile, acknowledged the security breach but denied that it was of any consequence.

“Reports of any information being leaked are incorrect,” an IAI spokesman said about the Krebs article. “The report related to an attempt at penetrating the company’s civilian, unclassified Internet network that occurred several years ago.”

Elisra, a unit of Elbit Systems, declined to comment.

Iron Dome, which was first put into service three years ago, has been credited with bringing down some 90% of rockets launched by Hamas in the current fighting that threatened populated areas or strategic targets.

Krebs quoted Drissel as saying the hackers appeared to be from a group known as Comment Crew, which is associated with the Chinese People’s Liberation Army and has been implicated in multiple incidents of cyber- attacks on U.S. defense contractors and other companies.

Drissel said much of the Arrow III material that was hacked involved technology developed in the United States.

Lior Tabansky, a senior researcher at the Yuval Ne’eman Workshop for Science, Technology and Security at Tel Aviv University, suggested that the hackers may have been lured by decoy computers.

“Defense companies like Rafael and IAI have sophisticated cyber defenses, including honey traps that mislead hackers into trying to break into them,” Tabansky told TheMarker. “They steer them into designated computers and feed them fake documents.”

One strategy is to designate computers by the names of senior personnel, ensure that they're vulnerable and load them with out-of-date documents, Tabansky said, adding that he was not familiar with the case reported by Krebs.

“The most important question is whether they shared information on the attack with the relevant authorities and whether they learned any lessons and improved their defense in other areas,” he said.

Tabansky speculated that the Chinese were seeking technical data on Iron Dome. “But this doesn’t mean it was something that would enable them to copy it and manufacture it …. I don’t believe there’s a single file with all the specs on it needed to build a system,” he said.