Israeli defense minister Ehud Barak confirmed one of the worst-kept Israeli military-intelligence secrets by acknowledging that his nation has a cyber warfare capability. His comments came on the heels of revelations here that the recent attacks by an ambitious cybervirus called Flame, were the product of Israeli military cyber-hackers. The NY Times has also reported extensively in the past few weeks about U.S.-Israeli cooperation in creating and infiltrating the Stuxnet and Duqu viruses into Iranian computer and industrial systems to sabotage their nuclear facilities.
Barak’s comments appear to be an attempt to control and modulate the debate so that Israel is seen in a more flattering light than it otherwise deserves. One of the especially egregious claims he made is that Israel’s cyber war program is essentially defensive in nature:
Barak stressed that in cyber warfare…it is more important to invest in defense than offense, and admitted for the first time that Israel has been developing and working on both tactics.
“Our goal with cyber defense, which is the more important and difficult component, is to prevent damage,” Barak said. “It is more than we can benefit from an offensive action, even though both aspects exist.”
If you believe any of this I have both a bridge and some swampland in Florida to sell you.
All of this is especially ironic in light of the fact that Barak’s chief of staff IDF officer Yoni Koren has been testifying in the long-running Harpaz investigation (Hebrew). You’ll recall that this involved a gargantuan power struggle between then IDF chief of staff Gabi Ashkenazi and Barak over whether Ashkenazi’s term would be extended and who would succeed him. Once Barak made clear he refused to lengthen the IDF chief’s tenure, they began to war over their preferred candidates. The war was so bitter and unrelenting that both Ashkenazi and Barak resorted to tactics like spying, leaks and other sordid behavior.
Koren said this about the level of paranoia and psychic suffering he experienced:
“Paranoia” was how Koren described his frame of mind. He described his feelings that he was being watched [by Ashkenazi’s underlings], that his telephone and office were bugged and his computer hacked. He even once turned on his computer and it rattled.
Koren believes his computer was compromised a number of times. The first time he confirmed this through the IT department of the defense ministry. The second time, he reported it to the Shin Bet and they attempted to identify the method of the hack. The Shin Bet at first refused to get involved saying there was no external intrusion it could find. Then it said the problem wasn’t “aggressive” and that he therefore shouldn’t worry. But he was certain that a Trojan virus had hacked his computer and could extract data from it.
You’ll recall that when I first posted about Flame, I mentioned that my Israeli source confirmed this was the first time an Israeli cyberweapon was used against a domestic target. Now he has further confirmed that when Ashkenazi complained to the Shin Bet that he suspected that the Koren was spying on him, it hacked into Koren’s computer using Flame. Though Koren didn’t know it, he became one of the first known Israeli victims of Israel’s latest cyberweapon, Flame.
Of course, the reason the security service told Koren first that there was no external intrusion and then that the virus wasn’t “aggressive” was that it was the Shin Bet itself which had hacked his computer. Naturally, they couldn’t find a virus they themselves had implanted! This means as well that the Shin Bet was taking the IDF/Ashkenazi’s side in its confrontation with Barak’s defense ministry, as it has as well in fighting against Barak’s putative attack on Iran.
Ehud Barak knows first-hand that Flame is an offensive, not a defensive weapon. His own chief of staff was one of Flame’s first domestic victims. He’s lying to say otherwise.
I’m not sure why this article tries to connect the Flame virus and hacking that might or might not have gone on inside the IDF.
The Flame virus is designed to collect information from computers in external networks and pass that information over the Internet. Why would you think such a virus is necessary when Koren’s computer/office/phone was sitting in the IDF network? If this was the case no sophisticated virus is needed to collect information. And in fact it could be that the IDF as an employer can legally collect info from employee emails etc.
There isn’t even a tenuous connection between Flame and the Ashkenazi/Barak standoff. Pure imagination…
He was an employee of the defense ministry on loan from the IDF.
There certainly is a link–from my source who is in close contact with his own sources within the Israeli intelligence community. And your sources are whom?
Hi Richard, I have to agree with Rain’s comments if his computer claimed to be compromised was his work PC. Most IntraNets (verses the Internet) run by Government Organizations or Corporations have Employee Network usage monitoring software. In fact the spying on Employees has become a real privacy issue, but work for an Intelligence agency and it would be expected. When they Bug your house and Monitor your personal computer usage, then you can be sure they are after you.
Israel has nothing to do with the Flame virus, and nothing in this post indicates otherwise.
There have been numerous articles published where Israel has officially denied responsibility for the virus.
Are all these Israeli officials lying?
Is this tongue-in-cheek? Who infected the 98 Israel/Palestine Israeli computers then? The US? Iran?
“Are all these Israeli officials lying?”
Dear Mr. Mann: yes.
You, Bob Mann don’t know what you’re talking about (not the phrase I originally wrote here!). I don’t care who’s denied what about Flame. They don’t know what they’re talking about either. And unless you offer credible evidence, that is someone proving there is no connection by offering real evidence, I will not permit future comments on this subject by you. Remember, stating something is true is not the same as doing so using credible evidence. A government PR flack denying something is worth nothing unless that person offers tangible evidence.
I’ve offered a credible source whose word has been proven true numerous times in this blog. His military, security & political background are his bona fides. What are yours? Zero, efes, zilch, that’s what.
Well, I only go by what I read. How can Israeli government officials go on the record denying any connection to this virus if that is not true? Can they get away with blatantly lying like that? Maybe I am just too trusting of what I see in print. Obviously you know far more about this topic than I do – I have no inside sources – I can only go by what I read, as I mentioned. You quoted an Israeli official in an earlier post on the subject and used that quote to support the idea that Israel was involved. And now I will respect your dictum not to comment on this subject further – I just wanted to explain why I wrote what I did.
You’ve been reading this blog how long and you trust the word of Israeli officials? Remember, a diplomat is a gentleman sent abroad to lie on behalf of his country. In Israel’s case they’re often not even gentlemen.
The Flame Virus basically is a trojan that allows for remote system administration and monitoring. It’s nothing novel beside that it’s a more complex version of what has already come out. First, to prevent detection. And second, to ensure efficacy.
My son, when he was seven, used to turn the office secretary’s screen output upside down using a remote administration tool popular to the “hacking” underground of the era. It was otherwise used as a real remote system administration utility, mostly for network and systems technicians.
Turning on a peripheral without a webcam LED also turning on to indicate live recording is not severely complex. Recording all of the video output and diverting it – not complex. Logging keystrokes – ancient; not complex. Manifesting control over the target computer without the user knowing it: not complex or novel.
Looks like the only ones fanning the flame here are the Israelis. But why? Look to the real reason they have created a false Iranian nuclear threat. The threat they see is strategic: Iran is a natural rising hegemon in the region and Israel’s supremacy is artificially upheld by the unwilling welfare of the common American taxpayer.
I’m pretty well satisfied with multiple computer security experts around the world calling this the most capable computer cyberwar tool ever created. They’ve seen the code, know what it does & have seen actual hardware infected with it. That’s a whole lot more than you can say. So while you’re entitled to yr opinion, it’s not based on nearly the level of evidence their opinion is.
It’s complicated insofar as its two pillars as described: “First, to prevent detection. And second, to ensure efficacy.”
Agreed, no one ever will twist your wrist to accept one analysis over the other (and shouldn’t!)
We’d like to know who your ‘top experts’ are, however. Or better yet, we’d like to know how their points contradict ours. Ours, to summarize, is that this virus is simply complicated as to two logistical delivery facets, but not novel in terms of type and function (whatsoever).
We will see who is more right depending on the fallout of said virus, both of our points really moot as the virus has happened already without recall! 🙂
Detected instances are not damaging and because the main function is surveillance, it will be hard to calculate any metrics as to the extent of intrusion consequences. But, we don’t have Kapersky consultants on staff (or forensic data experts). Since it doesn’t appear that you do either, we will all have to wait. Iran’s government can only hide the effects and Israel similarly can only make covert use of such stolen information for so long before making it obvious that the information was transferred.
We will leave you with one caution, however: many experts would have similarly told you that Y2K required billions in USD spend to prevent not so long ago. The media has not been straightforward with the American people insofar as Israel and Iran are concerned. Please do excuse us if we refuse to take the bait again.