Information Warfare: Iran Hammers Israel

Archives

February 15, 2016: Israel recently revealed that in the last few months it has been subject to a growing number of Internet based attacks from Iran. Some of the attacks were “serious” but Israel would not reveal the extent of the damage done and much about these attacks is still under investigation. While Israel has some of the best Internet defenses on the planet, many of the recent Iranian attacks relied more on psychology than software skill. This method of attack is known as spear fishing (“phishing” as hackers spell it). Spear fishing is a fishing operation where targets are carefully chosen and researched before putting together the attack. Despite the Israeli Defense Ministry having software and user rules in place to block spear fishing attacks there are so many email accounts to attack and you only have to get one victim to respond to a bogus email with a “vital attachment” that must be “opened immediately”. Among the targets for these attacks were over a thousand active duty and retired generals as well as senior civilian officials in the government and the Internet security industry.

Most of these spear fishing attacks sought to quietly get spyware on the receiving PC so that future message traffic would be passed on to the hackers along with details of all over activities on the infected computer. Spear fishing begins with an email purporting to be from someone the recipient would expect to hear from. Unlike older spear fishing efforts that include an attachment the recent ones infect the recipients PC if the email is simply opened. The automated defenses are supposed to block the actions of the hacker software that is triggered when the victim clicks on the email or an attachment, but hackers keep finding exploitable vulnerabilities to these defenses and this creates an opening, as least until that vulnerability is recognized and patched. This is what the Iranians are doing and Israel is hustling to keep up.

Normally the growing number of Internet based attacks on Israel (since early 2014 over million a day) are foiled because Israel has one of the largest (per capita) collections of Internet security products and service companies on the planet. The Defense Ministry has long been a user of many of those products and services. But with that volume of attacks even a miniscule chance of success adds up to a lot of hackers getting in. Israeli networks have some of the best “intrusion detection” software in the world which keeps monitoring inside networks for any unusual activity. This tends to catch any hackers who get in but often only after damage is done.

What apparently did the Israelis in (other than a careless Defense Ministry employee) during the most recent incident was the use of hacking software that employed a new vulnerability. Called "Zero Day Exploits" (ZDEs). These ZDEs are very expensive because in the right hands these vulnerabilities/flaws can enable criminals to pull off a large online heist or simply maintain secret control over thousands of computers. The most successful hackers use high-quality ZDEs. Not surprisingly ZDEs are difficult to find and can be sold on the black (or legitimate) market for over $250,000. A lot of these are sold from black market Internet sites based in Russia and anyone is welcome to buy. Iran has apparently become a major buyer in this marketplace.

Finding ZDEs is still a favorite activity for hackers. A growing number of countries (like Iran) encourage local hackers to find ZDEs. For example, China encourages and helps organize patriotic Internet users in order to obtain hacking services. This enables the government to use (often informally) thousands of hackers to attack targets (foreign or domestic) and find ZDEs or do other mischief. Government sponsored organizations arrange training and mentoring to improve the skills of group members. While many of these Cyber Warriors are rank amateurs, even the least skilled can be given simple tasks. And out of their ranks will emerge more skilled hackers, who can do some real damage. These hacker militias have also led to the use of mercenary hacker groups, who will go looking for specific secrets, for a price. Iran has learned much about this from its Chinese friends and in return China has been assured that Chinese firms will have no problems competing for new business in Iran now that many economic sanctions have been lifted.

Since 2001 a growing number of Moslem software professionals and eager amateurs found out about this black market (for ZDEs and hacking software in general) and have the cash to buy high-end stuff. In the Islamic world successfully hacking into an Israeli network is a big deal that is a whole lot safer than the more traditional terrorism.

All nations with a large Internet user population have these informal groups but not all nations have government guidance, subsidies, immunity from prosecution, and encouragement to make attacks like China does. Another factor is events that cause highly publicized tensions between nations with large number of Internet users. This almost always results in the "hacker militias" of both nations going after each other.

Many "white hat hackers" (as opposed to the evil "black hat hackers") made a very good living selling their attack skills in effort to reveal flaws (that can be fixed) or confirm defenses in security software. But techniques like spear fishing also rely on human weaknesses (like inattention or being distracted) and this is often vital in getting past good security software.

At the moment, the black hats are winning. While some sites (most financial institutions, some government agencies) are largely invulnerable to hacker attack because of onerous (to employees) restrictions to deal with spear fishing, most networks are not so well equipped. The Israelis are discovering this. As the scope of the losses becomes more widely known, that may change. The most successful hackers make use of Russian-based hacker resources. The irony of this is that it has led to sharp increases in sales for Israeli Internet security firms. At the same time Israel has become a favorite target for Moslem and leftist hackers worldwide. Some of this is pure anti-Semitism but a lot of it is the desire to score a victory, any kind of victory, against the most formidable Internet target.