Heroes and Zeroes: Israel’s Part in the Hidden Battle for Cyberspace

Fred Kaplan's 'Dark Territory,' on key cyber warfare incidents in the last 30 years, offers some tasty tidbits about Israel, that self-declared cyber powerhouse.

Cyber attack (illustrative).
Dreamstime

“Dark Territory: The Secret History of Cyber War,” by Fred Kaplan, Simon & Schuster, 352 pp., $28

Cyber warfare now ranks as the No. 1 security threat in the United States, ahead of terrorism, espionage and weapons of mass destruction – quite a feat when you consider that “cyberspace” only gained prominence after William Gibson used the term in his 1984 novel “Neuromancer.”

Fred Kaplan’s “Dark Territory: The Secret History of Cyber War” details the 30-odd years in which this threat has emerged from the ether and made software just as dangerous a weapon as military hardware. Although the book recounts key cyber warfare incidents from a mainly U.S. perspective, those interested in Israel’s involvement in this shady world of ones and zeros will also find plenty to keep them entertained – or concerned. (Of course, Israel has neither confirmed nor denied any of the incidents mentioned in this review.)

The book’s title refers to a comment made by former U.S. Secretary of Defense Robert Gates during the dog days of President George W. Bush’s tenure in the White House. “We’re wandering in dark territory,” he would say about cyber war, using the term originally used on U.S. railroads to describe stretches of track uncontrolled by signals.

You’ve only got to hear the terminology that is being used to realize that we are indeed living in shadowy times: “Dark territory,” the “Dark Web” (the part of the Internet that offers all manner of illegal activity), “Going Dark” (the FBI’s term for trying to collect data and information on what FBI director James Comey rather bluntly calls “bad people of all sorts”) – it all recalls John McCain’s famous quote on the presidential campaign trail that it’s “always darkest before it’s totally black.”

What Kaplan’s book makes abundantly clear is that we are all on the frontline. “Cyberspace became a ‘domain’ of warfare, like the air, land, sea, and outer space,” he writes. “And because of the seamless worldwide network, the [data] packets, and the Internet of Things, cyber war would involve not just sailors, soldiers and pilots, but, inexorably, the rest of us. When cyberspace is everywhere, cyber war can seep through every digital pore.”

Kaplan starts his chilling tale in a deceptively light tone, explaining that it was only then-President Ronald Reagan’s viewing of the Matthew Broderick movie “WarGames” in 1983 – about a young kid who almost triggers World War III when he hacks into the main computer at the country's aerospace defense command – that inadvertently brought the subject of cyber war to the attention of the U.S. administration. But while “WarGames” triggered a White House interest in cyberspace, it didn’t generate the same interest in computers: In a book full of them, Kaplan casually mentions the fascinating fact that when the First Gulf War started in 1991, neither President George H. W. Bush nor his Secretary of Defense Dick Cheney had ever used a computer.

With the advent of Internet browsers in the mid-1990s, the threat of cyber warfare grew quickly – so quickly, in fact, that by July 1996, Deputy Attorney General Jamie Gorelick was issuing a grave warning: “We have not yet had a terrorist cyber attack on the infrastructure. But I think that that is just a matter of time. We do not want to wait for the cyber equivalent of Pearl Harbor.”

The irony is that when a cyber attack did hit the United States, two years later, it came from an unlikely source: Israel. The U.S. had originally believed these “first shots of a genuine cyber war” had come from Iraq, but in fact they were partly the responsibility of “the Analyzer,” aka Ehud Tenenbaum, an 18-year-old from Hod Hasharon in central Israel.

Tenenbaum headed a small group (including two other Israelis) who hacked the websites of, among others, NASA, the Pentagon, the U.S. Air Force and the U.S. Navy. He eventually served eight months in an Israeli jail for his crimes, and while it would be nice to report that he later saw the error of his ways, he was actually involved in a credit card fraud after hacking into financial institutions worldwide. He was arrested again in 2008, and again in 2013.

It would be fascinating to learn more about Tenenbaum and his motives when he hacked the U.S. sites, but this flags up the two biggest frustrations of “Dark Territory.” The first is that the book is more interested in chronicling facts – most of which derive from U.S. government committee meetings, and interviews with people at said meetings – than some of the characters involved. Consequently, that makes the story here more mechanical and less “Mr. Robot” (the award-winning TV show about a young hacker tackling his demons and a giant corporation). Indeed, there are times when you find yourself drowning in acronyms for all the government agencies, committees and subcommittees being referenced.

Second, Kaplan misses the clue in “World Wide Web” and is a little too concerned with the U.S.-centric Web. He does tell us that there were more than 20 states with cyber warfare units in 2012 – including Russia, China, Iran, Syria and North Korea – but doesn’t have much information to divulge about them (although the pages on the DarkSeoul group’s alleged attempt to hack the Sony Corporation are about as much fun as you can hope for in a book on weapons of mass disruption).

Members of the Israel Defense Forces intelligence and cyberwarfare Unit 8200, in 2013.
Moti Milrod

Crossing the Rubicon

Luckily, Kaplan does offer up some tasty tidbits about Israel, that self-declared powerhouse of cyberspace. First, there’s a surprisingly small story on how Israel – according to foreign media reports – used cyber offensive warfare to successfully demolish the unfinished Syrian nuclear reactor in Deir al-Zour in 2007. What’s of particular interest is that the book suggests more American involvement than has previously been acknowledged. (President Bush wrote in his 2010 memoir that he turned down then-Prime Minister Ehud Olmert’s request for the United States to bomb the facility and hadn’t given a green light to the eventual attack, either.)

Outlining the success of the mission, Kaplan explains that Syrian President Bashar Assad had been “baffled” by the attack, on September 6. “The previous February, his generals had installed new Russian air-defense batteries; the crews had been training ever since yet they reported seeing no planes on their radar screens [that night].

“The Israelis managed to pull off the attack because, ahead of time, Unit 8200, their secret cyber warfare bureau, had hacked the Syrian air-defense radar system,” Kaplan writes. “They did so with a computer program called Suter, developed by a clandestine U.S. Air Force bureau called Big Safari. Suter didn’t disable the radar; instead, it disrupted the data link connecting the radar with the screens of the radar operators.”

The Israel Defense Forces' Unit 8200 also features in the book’s most fascinating chapter, “Somebody Has Crossed the Rubicon,” which details the U.S. (and Israeli-assisted) cyber attack on the Iranian nuclear facility at Natanz in 2009 and 2010.

Concerned by the thought of a nuclear-armed Iran and looking for a “third option – something in between airstrikes and doing nothing,” in his second term Bush approved a cyber attack on the controls of the Iranian reactor.

One of the key elements in Operation Olympic Games was a multipurpose piece of malware called Flame, a joint effort of the CIA, NSA, Unit 8200 and the Mossad espionage agency. This worm gained “access” to the centrifuges at the reactor by exploiting so-called “zero-day vulnerabilities” – flaws that no one else had yet discovered – in the Windows operation system there, and was installed by physically inserting a thumb drive into any computer on the premises.

Kaplan reports this matter-of-factly, but New York Times correspondent David Sanger went one better: “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand,” one of the brains behind the plan told him in 2012.

Kaplan is on firmer ground when it comes to the minutiae. “The worm could have been designed to destroy every centrifuge, but that would arouse suspicions of sabotage,” he writes. “A better course, its architects figured, would be to damage just enough centrifuges to make the Iranians blame the failures on human error or poor design. They would then fire perfectly good scientists and replace perfectly good equipment, setting back their nuclear program still further.”

Flame went into “battle” in 2009, after President Barack Obama had been elected, and was eventually estimated to have reduced the number of working centrifuges from 8,700 to about 4,000. However, it was uncovered when the malware jumped from Natanz to another network way outside the reactor, and then to another, and another and so on.

In the summer of 2010, the world’s top software security firms detected this strange virus cropping up around the world, and Microsoft christened it “Stuxnet” – based on an anagram from the first few letters of code they found in it. Another U.S. firm, Symantec, then deduced that the worm had been designed for sabotage purposes. The following month a German security researcher called Ralph Langner connected the dots between the Natanz nuclear reactor and Israel.

Although Kaplan doesn’t speculate in the book, “Zero Days” – the latest documentary by American filmmaker Alex Gibney – claims it was reckless behavior on the part of Unit 8200 that caused the worm to spread. As a source in the film says, “Ironically, the secret formula for writing the code for the virus software fell into the hands of Russia and Iran – the country against whom it was developed.”

Which brings us back to the chapter title, spoken by former CIA head Michael Hayden. He called the Natanz operation “the first attack of a major nature in which a cyber attack was used to effect physical destruction Somebody has crossed the Rubicon. We’ve got a legion on the other side of the river now,” he told Sanger, again in The New York Times.

Hayden compared the significance of the attack to the dropping of the nuclear bombs in Japan at the end of World War II. “I don’t want to pretend it’s the same effect, but in one sense at least, it’s August 1945,” he added.

Iran retaliates

But unlike August 1945, the Iranians soon had their own response. In August 2012, the Shamoon virus wiped out 30,000 hard drives at (U.S.-Saudi oil company) Saudi Aramco, and placed the image of a burning U.S. flag on every computer monitor for good measure. It was a telling moment, confirming the message U.S. security agencies had long cited: What we can do to them, they can also do to us.

That point was emphasized in February 2014 when Iranian hackers destroyed 20,000 computers and stole thousands of credit card details at the Las Vegas Sands Corporation – owned by casino magnate and staunch supporter of Israel (and its prime minister) Sheldon Adelson. The act came in response to Adelson’s call the previous year to drop a nuclear bomb on Iran if Tehran didn’t soften its stance in the at-the-time stalled nuclear talks.

The Iranian attack was notable because the hackers didn’t steal a dime from Adelson’s firm (although the replacement cost for the computers was tagged at $40 million), and because they encountered limited resistance – subsequently understandable when it emerged that the entire cyber security staff for this giant U.S. corporation at the time consisted of a mere five people.

That attack was just one of almost 80,000 security breaches in the United States that year, more than 2,000 of which resulted in loss of data, Kaplan writes. When the biggest hack in U.S. history occurred in December 2014, the Office of Personnel Management admitted that hackers had stolen the health and financial details of 21.5 million U.S. citizens. Not for the first time, the culprits were thought to be Chinese. As a senior U.S. intelligence officer wryly notes in the book, “At least the Russians tried to keep their cyber activity secret; the Chinese just did it everywhere.”

While the Americans have always been loath to shout from the virtual rooftop about their cyber prowess for the very fear of encouraging attacks, the Israelis seemingly have no such qualms. In February, Arutz Sheva, the religious-Zionist media organization, quoted a leading Israeli cyber officer as saying Israel is “ahead of the rest of the world in digital capabilities by at least 15 years. We’ve integrated operational Internet capabilities that enable any commander to do anything in any place.” Reassured? Didn’t think so.

Don’t look to Kaplan for reassurance, either. He concludes by telling us that things are only likely to get worse with the growth of the Internet of Things. When you can’t even trust your refrigerator or car, things really are looking totally black.