Cyber Spies Hacked Israeli Army Networks, Security Researchers Say

The hackers managed to breach IDF networks by sending trick emails to various military addresses, experts say; IDF says it has no knowledge of the alleged hacking.

Gili Cohen
Joseph Menn
Send in e-mailSend in e-mail
An illustrative image of Israeli soldiers using computers.
An illustrative image of Israeli soldiers using computers. Credit: Ilan Wald
Gili Cohen
Joseph Menn

REUTERS - Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to private security researchers.

The Israel Defense Forces said it had no knowledge of the alleged hacking.

According to the researchers, the 4-month-old effort, most likely by Arabic-speaking programmers, shows how the Middle East continues to be a hotbed for cyber espionage and how widely the ability to carry off such an attack has spread.

Waylon Grange, a researcher with security firm Blue Coat Systems Inc who discovered the campaign, said the vast majority of the software was cobbled together from widely available tools, such as the remote-access Trojan called Poison Ivy.

The hackers were likely working on a budget and had no need to spend much on tailored code, Grange said, adding that most of their work appears to have gone into so-called social engineering, or human trickery.

The hackers sent emails to various military addresses that purported to show breaking military news, or, in some cases, a clip featuring "Girls of the Israel Defense Forces." Some of the emails included attachments that established "back doors" for future access by the hackers and modules that could download and run additional programs, according to Blue Coat.

Using standard obfuscation techniques, the software was able to avoid detection by most antivirus engines, Blue Coat said. At least some software lodged inside government computers, because Blue Coat detected it "beaconing," or sending signals to the hackers that it was in place.

Blue Coat provided Reuters with an advance look at its findings and intends to publish a paper later. Private equity firm Bain Capital LLC is set to acquire Blue Coat from Thoma Bravo LLC in a deal to be closed this year.

Citing confidentiality agreements with clients, Blue Coat declined to say exactly where the campaign worked, and Grange said he did not know if any vital data had been stolen.

Blue Coat surmised that the attackers spoke Arabic because some of the data recovered in the investigation showed that was the default language setting in one of the programming tools.

"Not all targeted attackers need advanced tools," Blue Coat wrote in a draft paper. "As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts."

Last month, Israeli security firm Check Point Software Technologies said it had found spying programs in 10 countries that probably originated with a governmental or political group in Lebanon that deployed them over three years.

In February, Kaspersky Lab researchers said they found what they considered the first "advanced" Arabic-speaking hacking group, which they dubbed Desert Falcons. Kaspersky said the group operated from Palestine, Egypt and Turkey and claimed about 3,000 victims in 50 countries, especially targeting military, government, media, and activist computers.

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.

Subscribe today and save 40%

SUBSCRIBE
Already signed up? LOG IN

ICYMI

Trump and Netanyahu at the White House in Washington, in 2020.

Three Years Later, Israelis Find Out What Trump Really Thought of Netanyahu

German soldier.

The Rival Jewish Spies Who Almost Changed the Course of WWII

Rio. Not all Jewish men wear black hats.

What Does a Jew Look Like? The Brits Don't Seem to Know

Galon. “I’m coming to accomplish a specific mission: to increase Meretz’s strength and ensure that the party will not tread water around the electoral threshold. If Meretz will be large enough, it will be the basis for a Jewish-Arab partnership.” Daniel Tchetchik

'I Have No Illusions About Ending the Occupation, but the Government Needs the Left'

Soldiers using warfare devices made by the Israeli defense electronics company Elbit Systems.

Russia-Ukraine War Catapults Israeli Arms Industry to Global Stage

Flame and smoke rise during an Israeli air strike, amid Israel-Gaza fighting, in Gaza City August 6, 2022.

Israel Should End Gaza Operation Now, if It Can