N.Y. Times: IDF Unit 8200 Cyberattack Disabled Syrian Anti-Aircraft Defense
The N.Y. Times published a report about the Stuxnet virus which takes an interesting and slightly contrarian view of the power and lethality of the virus. But the most interesting part of the article was a list of other previous cyberattacks that were initiated by governments. Among them, John Markoff notes that Israel’s attack on the alleged Syrian nuclear reactor involved disabling that nation’s radar/anti-aircraft defenses. According to the reporter, the IDF’s Unit 8200 devised an ingenious method of shutting the radar off:
Accounts of the event initially indicated that sophisticated jamming technology had been used to blind the radar so Israeli aircraft went unnoticed. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source as raising the possibility that the Israelis had used a built-in kill switch to shut down the radar.
A former member of the United States intelligence community said that the attack had been the work of Israel’s equivalent of America’s National Security Agency, known as Unit 8200.
If I understood Markoff, what would’ve happened is that Israel would’ve infected the computer system operating the Syrian radar with a worm and that worm would’ve turned off the system. We can surely expect the same tactics if/when Israel attacks Iran. One wonders how or whether the Iranians have prepared themselves to face this.
Inside Israel, Unit 8200 is famous for its know-how and derring-do. But almost nothing is known or spoken about its operations. This is a very closely held military secret. Which is why Markoff’s report is so interesting.
Moving to a different issue raised by Markoff, he notes an aspect of the Stuxnet infection which others have not addressed: that the worm was designed rather haphazardly in terms of its target. You might expect an intelligence agency attempting to sabotage a nation’s industrial system to be more particular about directing the infection only to affect computers within that country. The high level of infection outside Iran indicates the perpetrators of Stuxnet didn’t much care where it went as long as it got to Iran. To me, this indicates a rather high level of moral negligence at the toll it would take outside that country. Further, it indicates a sense of hubris that whatever effect it might have on the world such damage could not be inflicted on the computer system of the country which devised it.
Though I’m not a cyber security expert it would seem that Iran’s nuclear program had rather haphazard security standards if an infected USB stick could be the cause of the original infection there. Though many of us have been warning about the fight Israel would have on its hands if it attacked Iran, it makes one wonder whether the high tech aspects of Iran’s defenses might be less than imagined, especially if they share any of the vulnerabilities of the Syrian system. This certainly should be giving Iran’s generals pause as they prepare for precisely such an onslaught.
11 thoughts on “N.Y. Times: IDF Unit 8200 Cyberattack Disabled Syrian Anti-Aircraft Defense – Tikun Olam תיקון עולם إصلاح العالم”
Comments are published at the sole discretion of the owner.
The way around such a system shut down is to have a manual option, which means you have squads of soldiers carrying shoulder-fired anti-aircraft missiles, crewed anti-aircraft weapons, and manned radar sets. In essence this is the sort of system North Vietnam had in the 1960s-70s. Iran makes or imports a lot of the necessary weapons to have a uncomputerized air defense, but I don’t know if they are willing to drop computer control when it is sabotaged and just fire at will. It took the North Vietnamese Air Force years to allow interceptor fighters to fly without ground control.
That bit about the Syrian air defence looks like ex post facto spin to me. Israel wants to profit from the Stuxnet worm to suggest that it has had previous brilliant victories of this kind.
I doubt very much that they blindsided the Syrian air defence – there are lots of other ways to explain why the Syrian air defence did not react – including deliberate decision.
These claims are hardly new. It was speculated back in 2007 that the IAF used computer-to-computer hacking in its attack, and that these efforts explain the Syrian Air Defenses’ embarrassing no-show. See, for example, this report:
By the way, it was also alleged that Israel first learned of the reactor’s existence after Mossad hacked into a Syrian official’s computer.
To have no defences against such cyber attacks might be the corollary of a low degree of computerisation in general. In war this could also be an advantage. How can one hit North Korea for instance ? It seems to have a low degree of computerisation of its banking system, energy provision etc. But this does not prevent North Korean agents from engaging in aggressive cyber warfare, if need be on the terrain of neighbouring states.
I suspect that Israel is highly computerised and thus vulnerable.
And so is the USA that in its tenth fleet (without ships) and twenty fourth airforce (without planes) seems (if Richard Clarke can be believed) to be mainly oriented to cyber attack with correspondingly little concern about defence.
I have long thought it possible — and likely — that any arms sold by US firms to anyone but Israel (e.g., aircraft and radars sold to Saudi Arabia) would contain software to make them inoperable against Israeli targets. Do I know this to be true? Certainly not. But software is complex and can do wondrous things. All this chatter about Stuxnet is (inter alia) a reminder of the complexity of software and the ability of stealthy introduction of unanticipated software components into large s/w systems. Remember when it was suspected that US voting machines might contain (as original s/w) (or later be infected by hackers) with s/w to alter the results of elections? Child’s play next to Stuxnet and next to IFF (Identify friend or Foe) s/w.
I think the new American jet fighter being sold to Saudi Arabia has a built in component that would prevent them from engaging their Israeli counterparts. This was in the NYT story about the $60 billion arms sale to Saudi. Why the Saudis would accept any limitations with $60 billion order is beyond me.
Obviously, neither you nor the NYT reporter have any idea of what you are talking about, you can’t infect a radar system with a warm, these are two different type of systems, they do not mix. Israel has technological superiority over most countries in the world (including the US) and was able to disable Syrian AA systems back in 82, during which Israel destroyed 23 (SAM) networks, and shot down 80 Syrian airplanes without suffering any casualties.
Thanks to your rather annoying nose-thumbing, I know a lot more about this than I did earlier. The IEEE Spectrum article speculates that a “kill switch” was introduced into the software controlling the radar which Israel could activate at will when it was ready to bomb the reactor. So Israel, if this account is correct, somehow introduced an altered chip into the electronics of the radar system in the fabrication stage of it construction. This could’ve happened through an Israeli component in the electronics or the substitution of a component manufactured by any other supplier whose components went into the finished product. It’s not quite the same as a worm, but the principle is roughly the same as you introduce as flaw into a system which destroys it. Still it’s cyberwarfare any way you look at it.
And on doing further research it appears you may want to further condition your claim since it does appear there was some sort of “computer to computer” penetration:
Whether this involved a worm or other form of sabotage in order to gain access to the Syrian system is hard to know. But it looks like you’re wrong again. Too bad for you, after all you’re such an expert aren’t you?
Note that these alleged computer-to-computer penetrations do not target air defense radars, which remain functional (but may be later “conventionally” jammed or indeed bombed). Rather, the command & control networks which coordinate any air-defense campaign are the targets of these efforts.
The only thing accurate in any newspaper is the date. and even that they get wrong on occasions.
if i were you i would provide my findings to the KGB or whatever that organization is called today, after all a kill switch at the hardware level is a breech of security on the
you should read more then an article in aviation week to get some understanding on what you are trying to write.
there are ways to “kill” a radar for the time required by the precision bomb that was launched, none of them involved a kill switch or computer hacking, that’s malarkey.
Gee, somehow I trust the writers of IEEE Spectrum to have more credibility than you. You’re too lazy even to follow the links to discover that the kill switch theory isn’t in Aviation Week. You’re lame. And talk about malarkey, you practically invented it.