Forgot your password?
typodupeerror
The Military China Security

Hackers Plundered Israeli Defense Firms That Built 'Iron Dome' Missile Defense 184

Posted by Soulskill
from the intercepting-missiles-is-easier-than-learning-not-to-click-on-attachments dept.
An anonymous reader writes: Brian Krebs reports on information from Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. that attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies. The attackers were seeking technical documents related to Iron Dome, Israel's air defense system. "IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. ... Once inside the IAI’s network, [the attackers] spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network. All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI." Most of the stolen material pertained to Arrow III missiles, UAVs, and ballistic rockets.
This discussion has been archived. No new comments can be posted.

Hackers Plundered Israeli Defense Firms That Built 'Iron Dome' Missile Defense

Comments Filter:
  • by TWX (665546) on Wednesday July 30, 2014 @12:29AM (#47563425)
    ...until software and systems security is finally taken seriously. That may mean corporate LANs interconnected between sites by leased private fiber, where ther entire computer system for the company is not able to even reach the public Internet. That may mean that users have separate systems, one for internal communication within the company, and one for external communication to outsiders. That may also mean that companies stop allowing anything sensitive on public-reachable computers, and it might even mean that corporate IT departments have to look at hardware that doesn't allow for secure computers to even plug into regular, public networks, and for those 'regular' networks to be highly monitored and partially locked-down as to what IP ranges (and countries) can even be communicated with.

    I can tell you one thing, if such a system were implemented there'd probably be an uptick in efficiency as now it'd be a lot harder to screw around at work. Sure, a lot of people would be really pissed that they can't do non-work tasks at work without using a system seeing such monitoring too, but given that salaries in the defense sector are generally pretty good, that's a tradeoff that one could probably stomach.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I'd bet most companies in the defense sector don't even have the level of security of a typical gaming company making the AAA titles. By the way, the secure systems can't be allowed to access even to the rest of the internal network of the company for such a separation be effective.

      • by mjwalshe (1680392)
        Really have you ever worked for such a company typically you cant even get inside the main buildings for an interview and have you pass at least SC clearance and probably DV (TS Clearance) . And I suspect that that MOSSAD will have standards and enforce them - do you want to tell a real world version of Ziva (NCIS) that you messed up and cut corners with security.
    • by m00sh (2538182)

      I can tell you one thing, if such a system were implemented there'd probably be an uptick in efficiency as now it'd be a lot harder to screw around at work. Sure, a lot of people would be really pissed that they can't do non-work tasks at work without using a system seeing such monitoring too, but given that salaries in the defense sector are generally pretty good, that's a tradeoff that one could probably stomach.

      Except that efficiency does not work that way.

      People screwing around at work is not the cause of inefficiency but a symptom of a hidden larger problem that is causing inefficiency.

      • by TWX (665546)
        I'm well-aware that keeping employees busy with enough work and having enough oversight to help keep them on-task is important, but reducing distraction is also important. There's more than one contributing factor to inefficiency. I can suggest remedies for this one.
        • by m00sh (2538182)

          I'm well-aware that keeping employees busy with enough work and having enough oversight to help keep them on-task is important, but reducing distraction is also important. There's more than one contributing factor to inefficiency. I can suggest remedies for this one.

          You think enough work and enough oversight creates efficiency? No wonder you have a distraction problem.

      • According to the article, that cause is email.

        • by TWX (665546)
          And if e-mail on the corporate internal LAN/WAN never touches the public Internet then even if someone brings in a USB FOB with an infection, it won't readily spread automatically.

          Hence two separate networks.

          If it's that important, then the employees should be able to handle having two separate systems, one for internal use only, one for external use only.
    • by vux984 (928602)

      I can tell you one thing, if such a system were implemented there'd probably be an uptick in efficiency as now [...]

      As all the SaaS they'd bought into broke completely, half the onsite software that relies on various web services and "phone-home" systems for licensing etc broke, all the B2B tools for everything from tracking/shipping packages to payroll tax tools to JIT supply chain management from their suppliers broke.

      Yeah, there would be a real productivity bump. :)


    • I agree that systems of such sensitive nature need to be isolated but the problem is always how do you do this?
      You could take away so much functionality that you are impeding productivity.

      People bring their own devices, phones are powerful enough to use for many more tasks these days, productivity will not go up. That's a myth.

      If the system in question was on a separate infrastructure, sophisticated and determined attackers will simply infiltrate the new system. Sure, it's an added layer of complexity
      • by gtall (79522)

        So, you are going to deter Chinese hackers by outing them in public. Mao is laughing in his grave...and given the millions he caused to die, that's no small feat.

    • by swb (14022)

      So nobody screwed around at work before computers? No bullshitting around the eponymous water cooler, coffee machine, long lunches, etc?

  • What they need is a ;\'Chesters Mill Dome"

  • Meh. (Score:5, Insightful)

    by Etherwalk (681268) on Wednesday July 30, 2014 @01:00AM (#47563547)

    China is in a state of de facto war with every military R&D project in the world. Any defense contractor not locked down six ways from Sunday should be punished (or they should get a bonus for best practices.)

    • Right. I won't trust a defense contractor whose security gets compromised using phishing emails. If the intrusion is more low level than that (the mythical compromised routers), then they might have a good excuse. If the story is true, and the Israelis aren't just making it up as a cover story or honeypot to attract would-be cyber-attackers from other less technically competent nations (Iran, N Korea, etc), then the defense contractors should be banned from future military contracts.

      • THIS. It's like hiring an off-duty cop to provide security for you, and then finding out that he got his ass handed to him by an old lady in a wheelchair...
  • Apparently the Chinese don't think so. Compared to the American liberal arts community of experts on missile defense, they must be sadly misinformed.

    • by drinkypoo (153816)

      All the target getting hacked proves is that someone thought the target was worth hacking. It doesn't mean that their [primary] goal was even to pilfer technological data, let alone useful technological data.

    • If you can see how it was done, see what the flaw is, and improve on the flaw. A worthless system is a system which was tried and which you can learn from without trying yourself. That means million dollar of R&D spared. Plus not all part of the system will be worthless.
    • Apparently the Chinese don't think so. Compared to the American liberal arts community of experts on missile defense, they must be sadly misinformed.

      It depends on how you look at it. Iron Dome costs something like 20-30.000 dollars per shot. One of those home built Quassam rockets Hamas uses costs 5-800 dollars per shot, the Grad rockets probably a bit more. It's the same economy as dropping PGMs that start at 15-20.000 per unit (the Hellfire missiles used by the RQ-9 drones cost $110.000 per unit) on five man Taleban guerrilla groups carrying a grand total of 3-4000 dollars worth of equipment (tops). It adds up pretty quickly. If Hamas hoses off enough

    • by Sockatume (732728)

      The US government put a lot of time and effort into spying on the USSR's paranormal operations research, and even replicating some of it at home; it was still almost entirely worthless.

    • Don't assume that it is the Chinese that did this hack (if the details are even true). Attribution is very difficult in the world of cyber crime/espionage.

  • by meglon (1001833)
    Helluva lot of trouble just to hide their porn.
  • by Berkyjay (1225604) on Wednesday July 30, 2014 @01:29AM (#47563645)
    How is it that companies dealing with sensitive information can store these sensitive files on a network exposed to the outside world? It would seem to be a fairly cheap and such a small inconvenience to have a separate network of machines that are completely walled off from the outside.
    • Most managers wouldn't want people to have two computers on their desk, since hey, they can save 50% on desk top systems by merging them. As long as system admins do their work, nothing could go wrong, right? I'm a penetration tester by trade and no matter where I go, even thin clients and virtual machine setups aren't properly separated.

      People trust way too much in technical capabilities of devices and underestimate the ingenuity and perseverance of intruders to circumvent or penetrate those devices. Sne

      • by mpe (36238)
        Most managers wouldn't want people to have two computers on their desk, since hey, they can save 50% on desk top systems by merging them. As long as system admins do their work, nothing could go wrong, right?

        The "air gapped" approach may well involve even more system admin work. Since both "secure" and "insecure" networks need to go to the same desks. Even if they have completly different cabling runs and cabinets. Then there's the issue of things like "sneaker net". Even someone plugging cables into the
    • by hey! (33014)

      Air gapping the sensitive information is one of those things that looks easy on paper but runs afoul of the fact that people don't like to work that way. It's inefficient. It's not like people have *two* jobs, one sensitive the other not. They have one job in which sensitive bits are intertwined with regular bits, so in practiced people tend to cheat and do *some* sensitive work on the non-sensitive network.

      Even if the users are unrealistically conscientious about never doing anything sensitive on their

  • If those attacks continue, and if they cause damage, people will start paying attention and will change the way their OS is secured. I think that the Android OS has it right - no user-generated files should be executable in any way, including scripts. You have 2 partitions - one that is executable, but only admins can write to it, and one that the user can write in, but nothing is executable there.

  • So Chinese hackers stole American technology from Israel? You mean Israel didn't just sell it to the Chinese this time?

    • by mpe (36238)
      So Chinese hackers stole American technology from Israel? You mean Israel didn't just sell it to the Chinese this time?

      Alternativly it was a US (or Israeli) competitor covering their tracks by pretending to be from China.
    • by dbIII (701233)
      That time around 2000 with the tank targeting system was a true moment of black comedy when after that US technology was supplied from Israel to China it was mass produced and on-sold to Iran.
      However blaming "Israel" for that one is like blaming the USA for Charles Manson - criminals exist and the thing was apparently stolen.
      • That time around 2000 with the tank targeting system was a true moment of black comedy when after that US technology was supplied from Israel to China it was mass produced and on-sold to Iran.
        However blaming "Israel" for that one is like blaming the USA for Charles Manson - criminals exist and the thing was apparently stolen.

        It's a bit more than that, Israel helped China with air to air missiles (as in license production of the Python-3 which was a quantum leap for the PLAAF) and other guided weapons and is also alleged to have helped the Chinese develop sophisticated fighter and AWACS radars, had a hand in the design of some of the latest generation of Chinese fighters and sold them a whole bunch of other technology to do with miniaturized cooling units, Electro-optics, UAVs, and sophisticate sighting systems. A lot of this te

        • by dbIII (701233)
          Yes there is that one and the French Mirage Jet way back, but that specific one I mentioned ruffled enough feathers to result in the US Senate spending a bit of time on it.
          • Truly, Israel is our greatest ally. Well... the US might be Israel's ally but have they ever been ours?

  • So these were "carefully crafted" phishing attacks, eh? Wow, go figure. This is just another high-profile example of a basic security truism: as long as people with insufficient security awareness (and common sense) have access to data, said data is vulnerable. Once again, the weak link is between the chair and the keyboard. It always will be.

  • "withdraw (troops or spies) surreptitiously, especially from a dangerous position."
    • > withdraw (troops, DATA or spies) surreptitiously, especially from a dangerous position

      The term is commonly used in info sec.

      • > withdraw (troops, DATA or spies) surreptitiously, especially from a dangerous position

        The term is commonly used in info sec.

        OK, but it's an odd neologism.

        All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise.

        I guess you could "exfiltrate" files that you put on there ... though given the nature of files you'd probably just delete them. But you wouldn't "exfiltrate" someone else's files.

        If infiltrating is putting your own stuff in, then exfiltrating would be taking your own stuff out, logically. But la

  • by nospam007 (722110) * on Wednesday July 30, 2014 @06:20AM (#47564399)

    Looks like they could use an irone dome for their network too.

  • If the Japanese can't manage nuclear power, who can? If the Israelis can't defend against Chinese hackers, who can?

    (Definitely blew away my misconception. I had no idea anyone in Israel was dumb enough to use a Microsoft product on their network.)

Money will say more in one moment than the most eloquent lover can in years.

Working...