Israel and UAE Shared Intel on Hezbollah Cyberattack

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
A Hezbollah flag and a poster depicting Hassan Nasrallah along a Lebanese street last year.
A Hezbollah flag and a poster depicting Hassan Nasrallah along a Lebanese street last year. Credit: ALI HASHISHO/ REUTERS

As part of the growing cooperation between Israel and the United Arab Emirates, the two countries have shared intelligence and information related to Hezbollah’s cyberactivities, the Gulf state’s head of cybersecurity told Haaretz on Sunday.

“There’s good information-sharing between us – for example, the last attack that happened with Hezbollah,” said Dr. Mohamed al-Kuwaiti, referring to a cyberattack by the Lebanese Cedar group in January. The attack, revealed by an Israeli cyberdefense firm, saw the proxy for the terror organization use software and techniques linked to Iranian state hackers to penetrate servers in the United States, Britain, Egypt, Jordan, Lebanon, Israel and Palestinian-controlled areas of the West Bank.

According to Kuwaiti, the UAE was targeted as well. “In the case of Lebanese Cedar, it was first found by the private sector. And then through our cooperation, its findings were circulated and we searched and found some indications that this happened here, too. There’s more sharing on the side of the Israeli partner, which allows us to share more on these aspects as well.”

In what Kuwaiti says is a sign of the close ties with Israel, Dubai is currently hosting a leading Israeli cyberconference – the first time it has been held outside of the country.

Speaking to Haaretz via Zoom on the sidelines of the Global Cybertech conference, Kuwaiti and his Israeli counterpart, Yigal Unna, described how the ties forged in the Abraham Accords last August have matured into a “brotherly” relationship between the two countries in the digital arena.

Though both the Emerati and Israeli officials refused to confirm that sensitive military intelligence was being shared on Iran, Kuwaiti stressed that “it doesn’t matter who’s attacking us. What we all need is to share information on defense mechanisms, the tactics, techniques and procedures used by attackers, patterns of attack and even the unique signatures that allow attribution.”

While also reluctant to name Iran specifically, Unna stressed that the focus today is on “the attack, not the attacker.”

Unna said that while in the past such defense ties required access to confidential information, that is no longer the case in the world of cybersecurity.

“I don’t need to employ disclosure protocols from the 1970s and ’80s, because the biggest intelligence bodies in the cyberworld are private entities – FireEye and Kaspersky have more information than any state intelligence body,” he said.

“So it’s not about military exchange, but rather about finding leads. The first signal that something bad is happening is something many countries will know at some time, and this is as true for cybercriminals as it is for state actors,” Unna said.

UAE cybersecurity chief Dr. Mohamed al-Kuwaiti speaking at the CyberTech conference in Dubai this week.Credit: סייברטק

Asked about state hackers using criminal practices to conceal their espionage or offensive cyberattacks, both men noted that speed was the key to stopping any such attack.

“When a shell or DDoS hits one country, it will hit another at the speed of light, and we’ve found that the UAE understands this better than many of our other colleagues,” Unna said, using terms to describe different forms of cyberattack.

While last year saw talk of potential cooperation between Israel and its cyberfirms and the UAE around “shared interests” – a term usually taken to mean Iran – both were more candid about the cooperation this year.

“We have an open line of communication – both between me and Yigal [Unna], but also in terms of our computer emergency response teams that hold workshops and share information,” Kuwaiti explained.

Israeli cybersecurity czar Yigal Unna.Credit: Oded Karni

New target, new skills

A few months after the accords were signed last summer, the UAE was hit by a cyberattack that Kuwaiti said at the time was the result of those new ties.

On Sunday, he admitted that “there’s an increased threat because of the upgraded relationship with Israel. There are those who don’t want to see this happen. However, this also created a lot of added-value for us,” he said, explaining that the information-sharing with Israel had boosted the UAE’s capabilities and level of preparedness.

“There are those who would love to bother us, or try to target us, to downgrade the relationship – and many of the incidents reflect this,” Kuwaiti added, explaining how the attacks targeted not just infrastructure but also more public online spaces. These include websites that suffered defacement attacks to alter existing content.

He also cited disinformation and social-influence campaigns as a new form of threat facing his country. “Some of the attacks focused on economic, social and even political sites we have, including news media. Even social media has been an important arena,” Kuwaiti said, noting the spread of “fake news” online in this context.

That was also the term he used to describe a Haaretz report that said a group of Israeli firms, led by Rafael Advanced Defense Systems, had lost a bid to set up the UAE’s cyberdefense center. Haaretz’s Yossi Melman reported in February that the offer by the Israeli firms was too expensive, but that “political considerations” also played a role.

Yigal Unna and Dr. Mohamed al-Kuwaiti in conversation on stage at CyberTech in Dubai this week. Credit: CyberTech

Kuwaiti denied the report and said the UAE had very good ties with Rafael. The bid was not off, but was instead being “restructured,” he said.

“I hosted Rafael during their last visit and everything is going well,” Kuwaiti said. “Some of the bids [for our cyberdefense center] are being rearranged. The first bid was not structured in a way that’s good for us, and we need a different type of relationship, so we’ve changed many of the requirements.”

Pressed on the question of whether Israeli firms would build the country’s main cyberdefense center, he responded: “We aren’t at those decisions yet and the message I want to send is clear: We need a good combination of information-sharing and expertise. That was also the message given to Rafael, so there’s a team leader that knows best – like Israel – but there are also different vendors from different parts of the world and we need to incorporate all of those. This is really important and is something we now understand,” he said.

Haaretz has reported that, at Israel’s encouragement, the UAE has become a major client of the Israeli hacker-for-hire firm NSO, and the company – whose Pegasus software allows its operators to hack into cellphones – even has a special division dedicated to the Gulf. Reports have also said that Cellebrite, which provides physical phone-hacking services, has also been employed by the UAE.

When asked about these cyberfirms and which others the UAE has engaged, the two officials preferred to stress the wider implications of the Israeli-UAE partnership, exemplified by what seem to be genuinely warm ties between the two men.

“I owe you coffee, Mohamed,” Unna laughed after Haaretz asked about the UAE’s deals with controversial Israeli offensive cyber- and spytech firms. “I bet him you would ask about NSO within five minutes – it took you 18!”

Unna concluded by noting how far ties have come between the two countries in such a short space of time. “The fact that less than a year after the accords were signed and in the COVID-19 era Israel’s leading cyberconference is happening in Dubai – a year ago this would have been science fiction,” he said.

Click the alert icon to follow topics:

Comments