14 DAY TRIAL // Unknown individuals have breached the computer systems of three defense contractors that built Israel’s missile defense mechanism, Iron Dome. The incidents occurred in 2011 an 2012, but they have not been revealed until now.
The hackers managed to steal large amounts of documents relating to the technology used for building the missile shield, which are of highly sensitive nature.
Security blogger Brian Krebs learned from threat intelligence firm Cyber Engineering Services Inc. (CyberESI) that a group of attackers had accessed without authorization the systems of the three defense companies in Israel: Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems.
The intrusions occurred between October 2011 and August 2012 and it is believed to have originated from China; this does not mean that the hackers are Chinese, though.
It appears that the intruders were after intellectual property connected to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, along with other technical documentation of the same sort.
At the time of the breach, Israel Aerospace Industries (IAI) contacted Israel’s authorities and took the necessary measures to prevent this type of events in the future.
CyberESI’s founder and chief executive officer Joseph Drissel told Krebs that much of the documentation stolen by the hackers contained knowledge about technology that was not developed by Israel only, but by American company Boeing, too, as is the case of the Arrow III missiles.
“Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” Drissel told the security blogger. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well,” he added.
In the case of IAI, the attacks started on April 16, 2012, and were possible by using social engineering tactics in specially crafted phishing emails, which had particularities seen in the activities conducted by “Comment Crew,” a group considered to be part of People's Liberation Army advanced persistent threat unit, PLA Unit 61398.
Krebs learned from CyberESI that, after compromising the targeted networks through phishing, the attackers proceeded to install malicious tools in order to gain access to more areas on the systems. They collected as much information in this sense as possible: credentials, password hashes, as well as system and file details.
Elisra Group might have been compromised in a similar manner, but the malicious activity was initiated in October 2011.