Israeli Cyberwarfare History and Capabilities
05/28/24 • 40 min
Join Hugo Tarrida and John Salomon for the latest part of our Middle East cyberwarfare mini-series.
We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns,
We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation.
If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: https://youtu.be/X3wkTszRlck
Notes and links:Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative.
We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint.
Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary.
02:03 CFR overview of cyberwarfare capabilities: https://www.cfr.org/cyber-operations/ 02:50 Unit 8200: https://en.wikipedia.org/wiki/Unit_8200 03:05 Military Intelligence Directorate, aka Aman: https://www.idf.il/en/mini-sites/directorates/military-intelligence-directorate/military-intelligence-directorate/ 03:57 Unit 81: https://en.wikipedia.org/wiki/Unit_81 05:01 Havatzalot: https://en.wikipedia.org/wiki/Havatzalot_Program - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice. 05:16 Talpiot: https://en.wikipedia.org/wiki/Talpiot_program - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out 06:55 Technion / Israel Institute of technology: https://www.technion.ac.il/ 06:56 Hebrew University of Jerusalem: https://en.huji.ac.il/ 07:30 IDF Information Security Department: https://en.wikipedia.org/wiki/Information_Security_Department - it's unclear whether it's the same as these guys: https://www.mitgaisim.idf.il/%D7%AA%D7%A4%D7%A7%D7%99%D7%93%D7%99%D7%9D/cyber-protection-unit/ 07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems" 09:15 This may be the Israel Innovation Authority - https://innovationisrael.org.il/en/ - we're not 100% sure though 11:14 Stuxnet: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ 11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs). 22:59 TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations 12:16 We're going to assume you're capable of looking up Snowden a...
Join Hugo Tarrida and John Salomon for the latest part of our Middle East cyberwarfare mini-series.
We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns,
We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation.
If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: https://youtu.be/X3wkTszRlck
Notes and links:Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative.
We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint.
Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary.
02:03 CFR overview of cyberwarfare capabilities: https://www.cfr.org/cyber-operations/ 02:50 Unit 8200: https://en.wikipedia.org/wiki/Unit_8200 03:05 Military Intelligence Directorate, aka Aman: https://www.idf.il/en/mini-sites/directorates/military-intelligence-directorate/military-intelligence-directorate/ 03:57 Unit 81: https://en.wikipedia.org/wiki/Unit_81 05:01 Havatzalot: https://en.wikipedia.org/wiki/Havatzalot_Program - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice. 05:16 Talpiot: https://en.wikipedia.org/wiki/Talpiot_program - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out 06:55 Technion / Israel Institute of technology: https://www.technion.ac.il/ 06:56 Hebrew University of Jerusalem: https://en.huji.ac.il/ 07:30 IDF Information Security Department: https://en.wikipedia.org/wiki/Information_Security_Department - it's unclear whether it's the same as these guys: https://www.mitgaisim.idf.il/%D7%AA%D7%A4%D7%A7%D7%99%D7%93%D7%99%D7%9D/cyber-protection-unit/ 07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems" 09:15 This may be the Israel Innovation Authority - https://innovationisrael.org.il/en/ - we're not 100% sure though 11:14 Stuxnet: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ 11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs). 22:59 TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations 12:16 We're going to assume you're capable of looking up Snowden a...
Previous Episode
Linux Malware and Security, with Craig Rowland
In today's conversation, Craig Rowland joins us to talk about the often overlooked significance of Linux as a key part of global communications and computing infrastructure, and discuss various types threats targeting Linux systems.
Malware, attackers, and techniques are often very distinct from those seen on Windows; Craig shares insights all of these from his extensive experience both writing and reverse-engineering Linux malware.
Craig is CEO of Sandfly Security, a New Zealand-based provider of Linux threat behavior scanning tools. Full disclosure: John Salomon is a paid consultant to Sandfly Security.
Notes from the video:
03:48 I can't find a source for the 95% figure, but a 2023 ZDNet article says 90%, which seems to be the most common figure: https://www.zdnet.com/article/linux-has-over-3-of-the-desktop-market-its-more-complicated-than-that/ 03:55 Percentage of top million websites running Linux is another interesting statistic, which seems to be well above 90%. For example: https://gitnux.org/linux-statistics/ 04:08 https://www.linuxinsider.com/story/the-flying-penguin-linux-in-flight-entertainment-systems-65541.html etc. etc. 05:54 France's Gendarmerie Nationale: https://en.wikipedia.org/wiki/GendBuntu 06:40 https://www.zdnet.com/article/linux-not-windows-why-munich-is-shifting-back-from-microsoft-to-open-source-again/ 14:10 A propos, F5 has some interesting ways of using web shells as an attack vector: https://www.f5.com/labs/learning-center/web-shells-understanding-attackers-tools-and-techniques 14:40 "attacks on kubernetes" is a fun web search string. Same for "attacks on S3 buckets". Enjoy. 14:56 https://redis.io/solutions/messaging/ 15:42 https://en.wikipedia.org/wiki/Patch_Tuesday 17:40 To be fair, Bob in Accounting is a pretty powerful entry point to the organization for various types of cyberattackers. 19:35 Mirai botnet: https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/ 19:37 NoaBot: https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 20:35 Chroot (change root directory): https://wiki.archlinux.org/title/chroot 27:42 PuTTY: https://www.putty.org/ 29:45 There are several cryptojackers that try to neutralize competing malware, e.g. ChaosRAT https://www.trendmicro.com/en_th/research/22/l/linux-cryptomining-enhanced-via-chaos-rat-.html or Jenkins https://www.f5.com/labs/articles/threat-intelligence/new-jenkins-campaign-hides-malware--kills-competing-crypto-miner 35:30 For example LockBit: https://www.akamai.com/blog/security/learning-from-the-lockbit-takedown 35:37 My mistake - AvosLocker is also a Linux port of Windows malware: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-avoslocker - HiddenWasp may be a better example: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/hiddenwasp-malware-targets-linux-systems-borrows-code-from-mirai-winnti 35:42 Diamorphine LKM rootkit: https://github.com/m0nad/Diamorphine 36:44 https://core.vmware.com/esxi - an example is ESXiArgs ransomware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a 38:42 Abuse.ch MalwareBazaar: https://bazaar.abuse.ch/ 38:49 Fraunhofer FKIE Malpedia: https://malpedia.caad.fkie.fraunhofer.de 39:35 You could just run a Linux version of the virus aquarium: https://xkcd.com/350/ 39:52 A few examples of VM detection: https://www.cynet.com/attack-techniques-hands-on/malware-anti-vm-techniques/ 41:15 Joe Sandbox: https://www.joesandbox.com/ 42:10 No I won't, because I can't find it. Bit of Baader-Meinhof going on there... 42:59 https://www.youtube.com/@SandflySecurity
Craig on LinkedIn: https://www.linkedin.com/in/craighrowland/ Sandfly Security: https://sandflysecurity.com
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Original video available at https://youtu.be/W-7edx7Le6Y?si=NOoOy1kF3KiVOPUe
Next Episode
Subsea Cables – A Crunchy Target
Welcome to the first of our two-part episode on underwater communications cables. Hugo Tarrida and John Salomon discuss the history and current situation surrounding the world of undersea comms infrastructure, and try to get a grasp of threats to the data links under our oceans that are an integral part of both civilian and military capabilities.
Notes and Links:Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here: https://cybersecurityadvisors.network/2024/09/10/subsea-cables-a-crunchy-target/
Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/ John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Original video at https://youtu.be/frhAL_EY-yw
Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/ Episode artwork via Wikipedia Commons
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cybersecurity-advisors-network-415916/israeli-cyberwarfare-history-and-capabilities-57809620"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to israeli cyberwarfare history and capabilities on goodpods" style="width: 225px" /> </a>
Copy