TSG IntelBrief: Cyber Threats Against Israel
January 14, 2013
As of mid-January 2013, with advanced industrialized countries employing computer networks to manage and control critical infrastructure, information systems have become increasingly vulnerable to an array of cyber threats. Behind this threat is a range of adversaries, from highly sophisticated state actors to less capable — but still dangerous — hacktivists. Their targets are equally wide-ranging: government-managed utilities (to include nuclear power plants), nationwide transport systems, public and private sector websites, and commercial databases.
As one of the world's most advanced information technology economies, Israel regards warfare directed at it through "cyberspace" as a major national security front. This assessment is backed by the reality that the Israeli government's networks and websites are among the most highly attacked in the world. And the perpetrators represent a host of real and potential adversaries, to include enemy states, such as Iran; "cyber jihadis" (including Palestinian terrorist groups), and radical "hacktivists" (such as the international collective known as Anonymous). Every day, tens of thousands of cyber attacks are reportedly launched against Israel by these entities and this rate has increased exponentially during wartime, such as last November's 2012 Gaza War.
A Deepening Threat
The threat of cyberwarfare is so serious that Israeli national security officials are concerned about potential attempts by skilled "cyber warriors" to break into and sabotage the computer systems that manage the country's vital national infrastructure. Demonstrating the seriousness of how Israeli security officials regard this threat, former Israel Security Agency (Shin Bet) Director Ya'akov Perry warned that "just as the events of Sep. 11  caught us by surprise, so could a major cyber assault."
As of mid-January 2013, the vast majority of the cyber attacks against Israel have failed to cripple government networks or control systems. The successful assaults — such as those that generated temporary denial of service or website defacement — were quickly neutralized.
While Israel's government and critical infrastructure networks are considered among the most secure in the world, it is a different story for the country's private sector. According to recent reporting, many Israeli businesses (and consumers) are vulnerable to cyberattacks, which places them — and the overall economy — at increasing risk. What is remarkable about this vulnerability is that Israel has a reputation as a high-tech cyberwarfare powerhouse and is at the forefront of the cyber espionage and disruptive campaign against Iran's nuclear program, having allegedly launched (reportedly with cooperation from the United States) offensive warfare viruses such as Stuxnet and Flame.
So far, the sub-state attacks against Israel have been of the hacktivist variety, and this strategy makes sense on a tactical level. Like the role of terrorism in asymmetric warfare against a more powerful state actor, hacking into high-profile Israeli websites is viewed by hacktivists as an effective tool to temporarily damage or at least embarrass Israel by exposing some of its vulnerabilities.
Examples of recent hacktivist attacks against Israel include the following:
▪ In early September 2011, during the furor between Turkey and Israel over a pro-Palestinian humanitarian aid flotilla to the Gaza Strip, Turkish hacktivists hijacked an estimated 350 Israeli websites.
▪ In January 2012, spurred by calls from Hamas to intensify the hacking of Israeli websites, foreign hacktivists temporarily shut down the websites of the Tel Aviv Stock Exchange and El Al, Israel's national airline.
▪ Also in January 2012, a Saudi hacktivist, codenamed oxOmar, succeeded in infiltrating an online Israeli coupon retailer and exposing the credit card information of thousands of customers. In response, the Bank of Israel ordered the country's banks to block IP addresses from Saudi Arabia, Iran, and Algeria, fearing hackers would attempt to penetrate sensitive financial databases.
▪ During the November 2012 Gaza War, "Anonymous," the international network of hacktivists (which supports the Palestinian cause) launched a hacking spree against thousands of Israeli websites, including the database of the Bank of Jerusalem, Israel's seventh largest financial institution, which was temporarily wiped out (and later restored). Some of its email addresses and passwords, however, were subsequently leaked onto the Internet. Anonymous has also attacked Tel-Aviv's city page, an Israeli government commerce site, and Israel's Ministry of Foreign Affairs website.
To counter these and other cyber threats against its critical infrastructure, the Israeli response has taken several forms. At the governmental level, Israel established the National Cybernetic Directorate in 2011 to create a national "Situation Room" designed to handle attacks on government and private systems, and to promote further research and development in cyber security at Israeli universities. The Israel Defense Force's primary cyber-defensive and offensive force, called Unit 8200, is reportedly comparable to the American National Security Agency in technical expertise if not in size. The other security and intelligence services, such as the Mossad and the General Security Service (Shin Bet), also include counter-cyberwarfare departments.
In response to the Saudi hacktivist oxOmar's publication of the credit card details of thousands of Israelis on the Internet, an Israeli hacker named Hannibal — allegedly operating independent of the government — published information in January 2012 that enabled Web users to break into the accounts of some 20,000 Saudi Internet users, including their email and Facebook passwords. Hannibal claimed (without substantiation) that he held information that would make it possible to break into 10 million Iranian and Saudi bank accounts, and threatened to use that information to inflict billions of dollars in damage.
Other Israeli hacktivists are also reported to be operating on their own. Following the hacktivist attacks against the websites of Israeli banks, stock exchange, and airline cited above, independent Israeli hackers responded by attacking the websites of the Abu Dhabi and Saudi stock exchanges.
With nation-states, terrorist groups, and extremist hacktivists possessing the capability to launch damaging cyberattacks against their adversaries, cyber defense has become a first order national security priority in much of the public sector and, to a lessor degree, the private sector as well. While Israel's government is considered highly effective at defending its critical infrastructure against cyber attacks, the country's private sector is viewed as more vulnerable largely because in Israel, as in a large number of Western countries, many businesses appear reluctant to invest in cyber defense as it is still not considered a sufficiently serious threat to their daily operations. And, as is true elsewhere, the Israeli government lacks the legal authority to compel its businesses to adopt the necessary defensive measures to secure themselves against potential cyberattacks.
Also available: The Soufan Group's world-class network of intelligence analysts produces specialized geopolitical and risk assessment products tailored to the unique needs of our clients in the public and private sectors. We welcome the opportunity to discuss your requirements and explore how our intelligence services can assist you in achieving your strategic objectives. For more information, please contact us at: firstname.lastname@example.org