Black Friday is Now! Don’t miss out on up to 60% OFF InvestingProCLAIM SALE

Israeli military networks breached by hackers - researchers

Published 17/04/2015, 19:21
© Reuters. A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin
CHKP
-

By Joseph Menn

SAN FRANCISCO (Reuters) - Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc.

The four-month-old effort, most likely by Arabic-speaking programmers, shows how the Middle East continues to be a hotbed for cyber espionage and how widely the ability to carry off such attacks has spread, the researchers said.

Waylon Grange, a researcher with the Blue Coat [PRJCBB.UL who discovered the campaign, said the vast majority of the hackers' software was cobbled together from widely available tools, such as the remote-access Trojan called Poison Ivy.

The hackers were likely working on a budget and had no need to spend much on tailored code, Grange said, adding that most of their work appeared to have gone into so-called social engineering, or human trickery.

The hackers sent emails to various military addresses that purported to show breaking military news, or, in some cases, a clip featuring "Girls of the Israel Defence Forces." Some of the emails included attachments that established "back doors" for future access by the hackers and modules that could download and run additional programs, according to Blue Coat.

Using standard obfuscation techniques, the software was able to avoid detection by most antivirus engines, Blue Coat said. At least some software lodged inside government computers, because Blue Coat detected it "beaconing," or sending signals to the hackers that it was in place.

An Israei defence ministry spokeswoman referred questions to the military. Military officials said they were "not aware of hacking on IDF operational networks."

Blue Coat provided Reuters with an advance look at its findings and intends to publish a paper later. The security firm, based in Sunnyvale, California, is set to be acquired by private equity firm Bain Capital LLC.

Citing confidentiality agreements with clients, Blue Coat declined to say exactly where the campaign worked, and Grange said he did not know if any vital data had been stolen.

Blue Coat surmised that the attackers spoke Arabic because some of the data recovered in the investigation showed that was the default language setting in one of the programming tools.

"Not all targeted attackers need advanced tools," Blue Coat wrote in a draft paper. "As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts."

Last month, Israeli security firm Check Point Software Technologies (NASDAQ:CHKP) said it had found spying programs in 10 countries that probably originated with a governmental or political group in Lebanon that deployed them over three years.

© Reuters. A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin

In February, Kaspersky Lab researchers said they found what they considered the first "advanced" Arabic-speaking hacking group, which they dubbed Desert Falcons. Kaspersky said the group operated from Palestine, Egypt and Turkey and claimed about 3,000 victims in 50 countries, especially targeting military, government, media, and activist computers.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.