Editor’s note: The closed-to-the-public aggravated espionage trial of former Israeli Energy/Infrastructure Minister Gonen Segev, accused of spying for Iran in wartime, began July 2 and continues. As a result of his arrest, a sweeping Shin Bet survey of counter-espionage found severe breaches of Israel’s computing networks, not only from Iran. This article is excerpted.
A few months ago, “Ophir,” a senior official with a rich intelligence background turned private cyber-security expert, was called back to duty.
The mission: Ophir and a team of experts were asked to examine the security of some of Israel’s main computer systems. A few systems were defined as “strategic;” others of lesser importance. But since less time and energy is spent on protecting these secondary systems, it can make them even more vulnerable to infiltration. The investigation team was put together by one of Israel’s governmental intelligence and information-protection agencies.
The idea was to have someone from the outside—a fresh pair of eyes—look at these systems and identify “holes” and problems that may have gone unnoticed by the regular cyber-security team.
“The Shin Bet’s counter-espionage unit has never been busier,” Ophir was told.
“We believe Israel is under a multi-frontal attack, a significant threat to our national security. Some of the spying is classic, like it used to be: living agents recruited for personal gain or ideology. We know how to deal with those. But some attacks are being carried out by other means, less visible and clear.”
The immediate suspect in the attack, according to Ophir, was Iran. The international boycott against the Islamic Republic forced Iran to build its own communications and encryption systems. To that end, Iran set up an impressive network of cyber institutions and engineers, and greatly improved its capabilities of stealing technology, hacking into databases and planting viruses.
For years now, Israel’s intelligence community has been seeing many attacks by Iranian intelligence on Israeli computers. The question is, of course, what it doesn’t see: where the breaches in the walls are, and what roles do Hamas and Hezbollah play.
Ophir’s team went to work and began to examine computer infrastructures and servers of some of the main administration bodies in Israel, a large proportion of which are civilian.
When the results came, says a person familiar with the subject, Ophir was dumbfounded; he could not believe his eyes. “He said there must have been a mistake…that something was wrong with the data, so they went and checked again, and it turned out that everything was correct.” Other experts who examined the report reached similar conclusions.
“I’ve been in cyber defense for many years and I’ve never seen such a thing,” Ophir said during a meeting to present the report’s conclusions. “Many computers are infected, including computers in schools, hospitals, the Ministry of Interior, national infrastructures, and more—all infected with malwares (malicious software), including sub-families of malwares—which are the most sophisticated in their operation and form of infection.”
Researchers were surprised to discover that some of the malicious software was found deep inside central computer systems, not just on personal desktops used by the government as expected. The mainframe systems are much more difficult for hackers to penetrate.
“The person behind this activity turned it into a form of art,” says the source. “This entity has no problem investing tremendous resources and manpower. It’s not someone’s hobby, and it’s not two, three or four units that are responsible for these attacks. It is a country investing whatever it has in these attacks.”
Ophir’s team estimated that the manpower required for these cyber attacks against Israel is in the hundreds of people. It’s a lot even for a country.
“To write good malware code, you can use Darknet, where you can find 60-70 percent of what you need,” Ophir explained in his report. “But the rest must be tailored to the computer you want to hack. Writing that 30 percent is a tremendous effort, not to mention the need to receive the vast amounts of information gathered in this effort… Whoever did this wanted to know everything about us, to strip us bare.”
At the end of the discussion, another bomb was dropped: according to Ophir’s team, all these malicious programs were not from Iran, or Hezbollah or Hamas.
Whoever is responsible for what is defined as “the disease that spreads everywhere—to all organs of the Israeli cyberspace” is a completely different, much more powerful player and, according to an Israeli intelligence source, far more dangerous than anything we’ve ever known.
Two months ago, when the arrest of former minister Gonen Segev on suspicion of spying for Iran came to light—an espionage case that preoccupied Israeli intelligence for years and that only few were privy to—it was revealed that one of the most secretive units of the Israeli intelligence community, the Shin Bet’s department for counter-espionage, worked the case.
Shooting in All Directions
Segev, who was accused of espionage and assisting the enemy in its war against Israel, is only the tip of the iceberg in the Iranian efforts to establish secret intelligence infrastructure in Israel.
Tehran sees Israel’s intelligence successes against it and other members of the “radical front” (which includes Syria, Hezbollah, Hamas and Islamic Jihad) and tries to produce its own intelligence collection effort against Israeli targets. In the meantime, in this secret war between Tehran and Jerusalem, the Iranians have mainly managed to recruit people whose access to secrets is limited, including—if indeed the allegations against him are true—Gonen Segev.
Segev was an Israeli minister in the early 1990s and was later convicted of attempting to smuggle 32,000 ecstasy pills into Israel, and was sent to five years in prison. After his release, 3.5 years later, he left Israel and moved to Nigeria.
However, the golden rule of intelligence work is “you only know what you know.” Therefore, the working assumption of the counter-espionage unit is that the Iranians may have succeeded in recruiting and operating assets with high access to sensitive Israeli secrets.
The full article can be found at https://tinyurl.com/ybna8asp.
By Ronen Bergman/Ynetnews