Perimeter
2/5/2015
05:45 PM
Mike Walls
Mike Walls
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
100%
0%

Why Israel Hacks

Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.

Fifth in a series on the motivations that compel nation-states to hack.

Israel's intelligence corps, Unit 8200, has rapidly grown into one of the world's most formidable cyber counter-terrorism organizations. The elite group employs Israel's best and brightest to combat existential threats to its national security in the cyber domain. The number of nations and terror groups that threaten Israel is considerable, and the significance of the threat varies from political posturing, to a credible threat of harm to Israel as a nation and their people.

To understand how Israel has found itself in an adversarial relationship with most of its neighbors, it is useful to review the evolution of Israel as a nation. Admittedly, the history of modern Israel and its relationship with the Arab world is exceptionally complex. With that, the following is a brief summary intended to provide some historical context; it is not in any way intended to be comprehensive. I don’t usually include disclaimers in my blogs, but given the complexity of the issue, I want to set the right expectations.

A brief history
Beginning with the Zionist movement toward the end of the 19th Century, European Jews began migrating to Palestine in response to a growing tide of anti-Semitism. A number of events occurred in the first half of the 20th Century that would keep the growing Jewish community in Palestine on course toward achieving an independent Jewish State. The carefully crafted language of the Balfour Declaration of 1917 endorsed the creation of a Jewish "Homeland" in Palestine. The British Mandate for Palestine, authorized by the League of Nations in 1922, provided guidance for the establishment of a Jewish "Homeland" in Palestine.

The massive migration of Jews leaving Europe following World War II stemmed from suffering years of brutality at the hands of Nazi Germany and decades of enduring systemic patterns of anti-Semitism across Europe. These events contributed to a growing distrust of Zionists, and the nations that supported them, among Palestinian Arabs. The escalating tension between the two groups reached a tipping point with the end of the British Mandate in May of 1948, followed immediately by the Zionists declaring an independent Jewish State, Israel.

Although Jews and Palestinian Arabs had been actively engaging in hostilities during the period leading up to May 1948, the declaration triggered a broader conflict, with Egypt, Syria, and Jordan joining forces with Palestinian Arabs against the newly formed nation of Israel. The ensuing "War of Independence," or "al-Nakbah" ("the Catastrophe") as it was referred to by Palestinian Arabs, lasted just nine months, ending in armistice and with Israel intact territorially. Interestingly, land originally identified by UN Charter as territory designated for an Arab State, was divided among the three Arab nation signatories of the armistice, but it did not include the Palestinian Arabs.

Enmity between Palestinian Arabs and surrounding Arab nations continued to grow through the decades following the War of Independence, as the two sides fought for territory during the 1967 and 1973 Wars. But the fight was not contested in a geopolitical vacuum. Before the establishment of the State of Israel, the world’s super powers, and their associated allies, began to polarize into pro-Israeli and pro-Palestinian partnerships. The U.S. and its allies were generally allied with Israel. To counter U.S. influence in the region, Russia gravitated toward Arab nations that held anti-Israeli positions.

The U.S.-Israeli alliance, which includes an estimated as $121 billion in military and economic aid since World War II, is the foundation for anti-American sentiment throughout the Middle East and the Muslim world. Animosity toward both countries is still pervasive in region, but some Arab/Muslim nations have at times taken a more conciliatory tone toward Israel, examples of which include the Camp David Peace Accords between Israel and Egypt in 1979, and the Israel-Jordan Peace Treaty in 1994. Not so with Iran.

Enter Iran
Since the Islamic Revolution in 1979, Iran has expanded its sphere of influence in the Middle East. Today, Iran has sent a clear and unambiguous message to the global community that it wants to dominate the geo-political landscape in the region. (See Why Iran Hacks.) To do that, Iran has waged a campaign against Western influences and continues to destabilize pro-U.S. Arab nations either directly or through surrogates. Most alarming is Iran’s clearly stated intent to wipe Israel, the only non-Islamic state and sole democracy in the region, from the face of the Earth.

Israel has demonstrated a willingness to assert its national power against hostile nations or terrorist organizations on a number of occasions. The Israeli military launched incursions into Lebanon in 1982 and 2006 to squelch terrorist activity and most recently launched attacks against terrorist sanctuaries in the Gaza Strip in response to terrorist rocket attacks and kidnapping of Israeli citizens. But more relevant to the current geo-political discussion, Israel has demonstrated a steadfast resolve against nations that threaten its right to exist with nuclear weapons. In 1981, the Israeli Air Force launched a daring attack against Iraq, destroying a nuclear production facility.

Israel's resolve to deny nuclear weapons capability to aggressor nations has since extended into the cyber domain. In 2008, faced with an imminent threat of a nuclear-armed Iran, Israel allegedly participated in a cyber-attack (Stuxnet) against Iran, destroying the programmable logic controllers associated with centrifuges used to produce weapons-grade uranium. The attack was a part of a broader strategy intended to disrupt Iranian nuclear weapons production, started during the most recent Bush Administration and carried on by the Obama Administration. These attacks, coupled with Iranian attacks against Israel have resulted in a sort of a quasi/cyber war between Israel and Iran.

The cyber battleground
Iran is alleged to have launched a number of cyber-attacks against Israel, including attacks against the Tel Aviv Stock Exchange, El Al Airlines, First International Bank of Israel marketing websites, and attacks against the Otzar Hahayal and Massad Banks. In January 2009, Israel's internet infrastructure was attacked by at least 5 million computers in response to its military offensive in the Gaza Strip. The attack is believed to have been launched by hackers in Russia and sponsored by Hamas or Hezbollah, both Islamist terrorist organizations known to be heavily influenced by Iran. In 2012, Hamas called upon Palestinian software developers around the globe to attack websites in Israel. During that time there were reports of 44 million attacks intended to disable Israeli websites. Most recently, Israel encountered roughly 900,000 cyber-attacks per day during the 2014 Gaza campaign, an increase of almost 90 percent when compared to normal cyber activity.

Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries. In September 2014, Prime Minister Benjamin Netanyahu extended the breadth of cyber defense beyond national defense organizations by establishing a national authority for operative cyber defense. This new authority will have all of the responsibility required to defend the civilian sector from cyber threats and will operate alongside the Israel National Cyber Bureau which is charged with national cyber defense. Notably, the U.S. has a similar construct in the US with NSA/US Cyber Command, Department of Homeland Security, the FBI and other government agencies, but our system may be less cohesive based upon the number of agencies involved in the effort.

With Israel Prime Minister Netanyahu's upcoming address to the U.S. Congress, we will likely hear him frame the Iranian nuclear threat to the U.S. through the prism of the Israeli experience. He will make it clear that Israel will not wait until Iran has a nuclear weapon before acting to counter the threat. We can assume that cyber operations will continue to be a fundamental part of any campaign intended to deny Iran with nuclear weapons production capability. It will be interesting to see if the campaign is confined to the cyber domain, or if it will expand to include kinetic operations.

More on this topic:

 

Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
2/17/2015 | 11:07:53 AM
Re: ISIS / ISIL
Totally agree, aws0513. The historical and geopolitical insight Mike shared offers some  a really valuable perspective to the complexities of the middle east and Israel's vulnerabilities therein. The nuclear threat from Iran was also compelling to better understand in this context.
aws0513
50%
50%
aws0513,
User Rank: Ninja
2/9/2015 | 12:53:24 PM
Re: ISIS / ISIL
Based upon all that I have gleaned from open source intelligence data, the ISIS/ISIL cyber threat is more akin to a hacktivism threat than a full-on espionage or resource targeting threat.  This does not mean their leadership do not have intentions or have considered such possibilities.  It is just more likely that their cyber-warfare campaigns may be as disjointed as their normal real-world operations.

The difficult thing about revolutionary entities (organizations) is that it is common to be misled in attribution of an attack, virtual or physical.  Sympathizers of an revolutionary entity will often conduct operations in the name of the entity, but without specific entity authorization or support. 
If the operation has impact, the real leadership of the revolutionary entity may still claim they were behind the operation where in truth they never even had contact with the true actors of the operation.  If an event conveniently supports their cause, and it cost them nothing, that much the better.  Many times, they do not even have to provide evidence to the media reporting their claims.

State actors usually have far more resources to put into any cyber-warfare campaign.  Although even the largest government entities can be disrupted by hacktivist activities, in general the results the hacktivist can achieve are trivial in the face of the broad cyber and physical capabilities of a well funded, well resourced, and determined state actor.

Very good write-up about Isreal Mike.  You are correct that the geopolitical history and situation regarding Isreal is extremely complex to relate in a single article.  Your attempt to do so is very honest and IMHO very respectable.
swreynolds92
50%
50%
swreynolds92,
User Rank: Strategist
2/6/2015 | 10:23:45 PM
ISIS / ISIL
When talking about the Middle East, I think it's appropiate to bring ISIS/ISIL into the equation. With everything that has been going on in recent news, do you think ISIS will join in on the cyber fight? They have already hacked a few US sponosred social media accounts... Should we be fearful of them or is there cyber capabilities limited?
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.