Israel top suspect behind new cyber menace

May 31, 2012 at 1:36 PM
share with facebook
share with twitter
| License Photo

BEIRUT, Lebanon, May 31 (UPI) -- Israel is widely seen as the prime suspect in the "most complex" cyberattack by a data-gulping computer worm known as W32.Flame that has hit Iran's oil industry and other targets in the Middle East in recent days.

And Israeli leaders are doing little to discourage speculation that the Jewish state's newly established cyber command is the main culprit behind the attack that some analysts say marks a new era in cyberwarfare.

Israeli Deputy Prime Minister Moshe Yaalon, who's also minister for strategic affairs, hinted Monday that Israel was involved in the Flame attacks that in April targeted Iran's oil industry, already battered by international sanctions, as well as computers in Saudi Arabia, the Israeli-occupied West Bank, Sudan and Egypt.

"Anyone who sees the Iranian nuclear threat as a significant threat," he said in Tel Aviv, will find "it's reasonable to take various steps, including these, to hobble it.

"Israel is blessed as a country rich in high-tech and these tools that we take pride in open up all kinds of opportunities for us."

Israeli Prime Minister Binyamin Netanyahu set up a National Cybernetic Task Force in July 2011 tasked with developing defenses to protect the country's strategic infrastructure from Internet-based attacks.

The following month, Israel's military establishment formed a cyberdefense command within the C4I Directorate -- command, control, communications, computers and intelligence -- under an army colonel who formerly headed Matzov, the Hebrew acronym for the Center for Encryption and Information Security.

At the center of this highly classified network is Unit 8200 of Military Intelligence, a super-secret signals intelligence and codebreaking unit that's understood to have been given responsibility for all the Jewish state's cyberwar capabilities.

The Jerusalem Post reported in May 2011 that Unit 8200 was suspected of playing a key role in developing the Stuxnet worm that Tehran said in September 2010 had disrupted its nuclear program and high-value industrial facilities.

Computer experts generally agreed at the time that the mysterious Stuxnet worm, then the most sophisticated malware system ever detected, could only have been put together by the intelligence services of Israel or the United States or another combination of states.

The German newsmagazine Der Spiegel quoted sources familiar with the Stuxnet operation as insisting it was a "a blue-and-white operation … a purely Israeli operation,' referring to Israel's national colors.

The sources said a secret Israeli unit, most likely Unit 8200, was responsible for programming much of the Stuxnet code.

U.S. sources say Israel's Dimona nuclear complex in the Negev Desert south of Tel Aviv was used as a testbed for the Stuxnet virus by a U.S.-Israeli team before it was unleashed against Iran June 22, 2009.

The Iranians since then have been hit by other worms dubbed Stars and Duqu, and have apparently struck back against Israel with their own cyber weapons. In November, Israel's military and intelligence services Web sites crashed for several hours in what appeared to be cyberattack.

A few days earlier, Anonymous, a shadowy group of global hackers and online activists, had threatened to hit Israel to retaliate against its economic blockade of the Gaza Strip.

But whether or not Anonymous was responsible, the Israelis braced for Iranian cyberattacks.

Yiftach Ron-Tal, a reserve major general and chairman of the state-owned Israel Electric Co., warned: "We need to be prepared for the possibility that critical infrastructure will be paralyzed."

The Iranians are believed to have built up a sizeable cyberwarfare network to counter what they see as a concerted Israeli-U.S. effort to cripple their nuclear project through a multilayered campaign of disruption and assassination.

Kapersky Labs, the Russian Internet security company that discovered W32.Flame, says it's the most complex and sophisticated cyberweapon it's expected have come across.

"The Flame malware looks to be another phase in this war," said the group's co-founder, Eugene Kapersky.

Where the ground-breaking Stuxnet malware damaged industrial controls, the Flame virus is designed to spy and gather intelligence by stealing programs. It can even switch on microphones attached to a computer to record conversations, experts say.

"This is a fully featured spying program that's grabbing anything it can," said Orla Cox of Symantec, a leading computer security company.

We suspect there's some nation state involvement because of the funding you'd need to have behind this."

Related UPI Stories
Latest Headlines
Trending Stories