Arab hackers have penetrated Israeli military computer networks, in a clever campaign that merged popular cyber-attack software with trick emails, according to security researchers at Blue Coat Systems Inc. cited by Israel Hayom.
The attacks took place four months ago, presumably launched by Arabic-speaking programmers.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at office@jewishbusinessnews.com.
Thank you.
Blue Coat reasearcher Waylon Grange said the hackers’ software was put together using available tools, including a remote-access Trojan known as “Poison Ivy.”
The hackers did not work elegantly, and probably didn’t have the kind of funding that would have allowed them to tailor their code, according to Grange, who noted that the bulk of the hackers’ work went into “social engineering, or human trickery.”
To illustrate: the hackers would send emails to military addresses, promising breaking news, or a clip of “Girls of the Israel Defense Forces.” These emails included attachments that set up back doors for the hackers, as well as and applications for downloading and running programs.
The software managed to avoid detection by antivirus programs, according to Blue Coat, which says it detected some of the software inside government computers, after it had sent a signal to the hackers that it was ready.
So far, the IDF has denied the existence of a breach.
Blue Coat told Reuters it believes the attackers spoke Arabic because the data the researchers recovered showed the default language setting in one of the programming tools was Arabic.
“Not all targeted attackers need advanced tools, ” Blue Coat wrote in a draft paper. “As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts.”
In February, Kaspersky Lab researchers announced the discovery of the first “advanced” Arabic-speaking hacking group—which Kaspersky nicknamed “Desert Falcons.”
According to Kaspersky, the Falcons operate in the Palestinian Authority, in Egypt and in Turkey, and claim about 3, 000 victims in 50 countries, mostly military, government, media, and activists.
