CybersecurityGaza-based Palestinian hackers compromise Israeli defense ministry computer

Aviv Raff, chief technology officer at Israeli security company Seculert, said that Hackers broke into a computer at the Israeli Ministry of Defense through an e-mail attachment tainted with malicious software. The attachment looked as if it had been sent by the country’s internal security service, the Shin Bet.

Haaretz reports that Raff said the hackers earlier this month temporarily took over fifteen computers, one of them belonging to Israel’s Civil Administration which is responsible for managing and monitoring those parts of the West Bank where Israel runs civilian affairs (in some parts of the West Bank, the Israeli military is charge of security, but the Palestinian Authority runs civilian affairs).

Raff said it was likely that Palestinians were behind the cyberattack, saying that the more recent attacks were similar to cyberattacks against Israeli computers more than a year ago. Those attacks originated in the Hamas-controlled Gaza Strip.

“The modus operandi was identical to the previous attack,” Raff said, adding that the group behind the previous attack has been active for at least two years.

The recent attack was launched from a server in the United States, but the scripting and composition were similar to the earlier attack, Raff said.

“We are not commenting on it, we don’t respond to such reports,” Guy Inbar, a spokesman for the Civil Administration, said in response to a question from journalists.

Raff added that Securlet’s experts have not yet ascertained what the hackers did after the initial infection with “Xtreme RAT” software. “All we know is at least one computer at the Civil Administration was in control of the attackers; what they did we don’t know.”

Raff refused to identify the other fourteen computers targeted by the hackers. An Israeli source, speaking on condition of anonymity, said these computers included those of companies involved in supplying the Israeli military.

Raff said the fifteen computers were under the hackers’ control for at least several days after the 15 January sending of the e-mail, which included an attachment about ex- Israeli prime minister Ariel Sharon who had just died.

The e-mail that penetrated into the Israeli defense ministry computer appeared as if it had been sent from the Shin Bet, Raff said.

Raff’s firm, Seculert, was able to trick the Xtreme RAT software – or to “sinkhole” it, as cyber expert would describe it — into communicating with servers that Seculert controlled in order to figure out which computers were infected and to put an end to the attack.

Haaretz notes that Xtreme RAT is a remote access trojan, which allows hackers complete control of an infected machine. They can steal information, load additional malicious software onto the network, or use the invaded computer as a base of operations from which to conduct reconnaissance and attempt to gain deeper access into the network, Raff said.

Word of the cyberattack came a day before an international, 3-day Israeli cybertech conference opened in Jerusalem, and on the same day Prime Minister Benjamin Netanyahu, speaking at the World Economic Forum in Davos, described Israel as the world’s first “cyber nation.”

Raff said he did not see any irony here. “Unfortunately there is no such thing as 100 percent safety either when it comes to physical risks or information security,” he said.