Published On: Tue, Jul 29th, 2014

Report: Chinese Hackers Penetrated Rafael Network, Stole Iron Dome Secrets

iron dome sales image

Three Israeli defense contractors responsible for building the “Iron Dome” missile shield, blocking rocket attacks from the Gaza Strip, were compromised by hackers and robbed of sensitive documents pertaining to the shield technology, KrebsOnSecurity reports.

The report places those hacking incidents between 2011 and 2012.

According to Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. (CyberESI), between Oct. 10, 2011 and August 13, 2012, hackers, presumably operating out of China, penetrated the networks of three top Israeli defense technology companies: Elisra Group, Israel Aerospace Industries,  and Rafael Advanced Defense Systems.

CyberESI, which stated it was able to tap into the secret communications infrastructure set up by the hackers,  determined that the attackers exfiltrated large amounts of data from the three companies. Most of the information was intellectual property pertaining to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), and ballistic rockets.

Joseph Drissel, CyberESI’s founder and chief executive, estimates, based on the nature of the exfiltrated data and the industry these companies are involved, that the Chinese hackers were looking for information related to Israel’s all-weather air defense system Iron Dome.

The only problem with this suggestion is the obvious question of what, exactly will the Chinese need the Iron Dome blueprints for? The problem which this system aims to solve is highly specific, relevant to a country with enclaves of terrorists along its borders, with said terrorists shooting missiles across the border over a considerable period of time.

The Chinese, unlike the Israelis, would never permit such activities on their door front. Neither would most sane countries, which is why Rafael, the system’s main manufacturer, has not been very successful selling Iron Dome to anyone, despite the fantastic reviews of its performance.

To date, only South Korea and India have expressed some interest in acquiring the Iron Dome, and neither has reached a serious discussion. The Chinese could have the system for very little, if they only asked, there’s no need to steal it.

The main problem with the Iron Dome operation is the cost per surface to air missile, between $30 and $60 thousand, depending on whom you ask. This kind of insane expenditure can only be accepted if you have a rich uncle willing to pick up the tab. Even if the Chinese acquired the blueprints as reported, and agreed to spend the half billion dollars it would cost them to build it, they will still need a rich uncle to pay for the missiles.

It’s still not much fun for a security company to be hacked. According to CyberESI, IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. Drissel said the attacks bore all of the hallmarks of the Comment Crew, a state-sponsored hacking group associated with the Chinese People’s Liberation Army (PLA), which stole terabytes of data from defense contractors and US corporations.

The more alarming news in today’s report is that, according to Drissel, the data the hackers stole from IAI included a 900-page document with detailed schematics and specifications for the Arrow 3 missile.

“Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors, ” Drissel said. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.”

Elbit and Rafael declined to comment on the report. An IAI spokesperson, “brushed off CyberESI’s finding, calling it old news. When pressed to provide links to any media coverage of such a breach, IAI was unable to locate or point to specific stories. The company declined to say whether it had alerted any of its US industry partners about the breach, and it refused to answer any direct questions regarding the incident, ” KrebsOnSecurity wrote.

“At the time, the issue was treated as required by the applicable rules and procedures, ” IAI Spokeswoman Eliana Fishler wrote in an email to KrebsOnSecurity. “The information was reported to the appropriate authorities. IAI undertook corrective actions in order to prevent such incidents in the future.”

Read more about: , , , , , , , , , , , , , , , , , , ,

Wordpress site Developed by Fixing WordPress Problems