“There’s a saying at the cyber security world: ‘If the Chinese want to hack you IT systems, sooner or later they will’. Information security managers in Organizations have to understand this concept, and prepare themselves accordingly” says Shai Zandani, President of ISACA – information security, assurance, risk management and governance
Zandani, former head officer of information security or the Israeli air force, is also the CEO of the cyber security firm Cytegic, and a co-founder of CyberARM. He commented on the recent reports according to which Chinese hackers breached the IT systems of Refael, the IAI and Elisra – the three companies which jointly planned, developed and executed the Iron Dome system. The reports stated that the hackers stole a large amount of sensitive documents dealing with the system, as well as other missile defense technologies. The breaches were conducted in 2011-2012, but were only reported publicly last week. Zandani commented that “the breaking, if indeed there was one at all, can’t be recent. It seems to be a good timing to publish it during operation Protective Edge, when the whole world is witnessing the Iron Dome’s success”.
“It’s interesting to examine the tactic, the attack vector the hackers used to get to the companies IP”, Zandani explained, “as far as we know, the attackers used Spear Phishing targeting specific employees of the companies to make them trust injected addresses and pages. After they penetrated the walls, they established their presence by using Privileged Credentials to copy sensitive information and smuggle it out through a backdoor. This type of attack is typical to the Chinese hacking group known as ‘Comment Crew’”.
The crew received publicity in a research conducted this February for the New York Times by Mandiant – Which was acquired by FireEye the previous month. The conclusions showed that the Chinese military is connected to many attacks on companies and agencies in the united states. The research was initiated after a 4-week attack on the newspaper’s systems, beginning shortly after the publishing of an unflattering profile piece about the Chinese Prime minister’s wife.
The New York Times checked the sources of multiple attacks on American companies and governmental agencies. Mandiant found that a 12-story buiding in Shanghai is an operation base of the Chinese military unit 61398, responsible for “an astonishing percent of total attacks against systems in the US”. The unit’s nickname is “Comment crew”. Zandani explained that the method seen at the iron Dome breaking is indeed typical to hackers who work in governmental service, who can virtually break into any system due to almost limitless computing and human resources.
Who’s attacking Israel?
According to Zandani, hackers who target Israel vary in their activity volume, capabilities, identities and chosen targets. The highest level of attacks consistes of long-term espionage aimed at information from security and military industries, and has been conducted by states such as China, india and Russia for years.
More recent type of attackers are international crime organizations AKA Cybercrime Syndicates, who are nearly as capable as states in this field. They usually sell the information they acquire to highest bidder in fields such as finance, energy and technology.
Local players are also involved in the attacks regularly, mainly Iran and the Syrian electronic army. They aim to steal from Israel security information while simultaneously prepare the ground for attacking vital infrastructure such as Internet service providers, water and electricity systems and so on. For the time being Hamas and other middle eastern terror organizations are not considered a serious threat at this front.
The lowest level of threat s posed by Anonymous and similar un-hierarchic groups. According to Zandani, these activists work in unorganized methods’ leading to uncoordinated attacks which cause more buzz than actual damage. They aim to mostly embarrass Israeli companies and organizations, and they do so by targeting high-profile websites. They don’t really mind the specific entity they’re attacking.
Zandani concluded that in face of these dangers, The security and IT managers carry a lot of weight on their shoulders. “They are responsible to deal with these threats with ever limited human and fiscal resources, while the attacks grow more and more sophisticated. They have to understand new threats in a short time and immediately develop prioritized workflow to solutions. Our product at Cytegic builds this threat-neutralizing priority plan for the organization on a regular basis, enabling organizations to deal with cyber threats in a pro-active manner and make the best of their IT investments.”