Two weeks ago, Israel’s Technion announced that hackers had penetrated its computer system and demanded a ransom to return access to the university. At the time, Israeli reports would only say that the attack was “nationalist” (meaning political) rather than criminal. At the time, an Israeli security source told me that intelligence services suspected Iranians were responsible. An Israeli report said that the hackers had penetrated not just into the faculty/student personnel records, but that they had accessed all of the research and development materials, including the most sensitive weapons research performed on behalf of the military-industrial complex. Technion is also a center of cyber-research including cyber-weapons capabilities. All of this would be a critical achievement for the Iranians, who already have significant cyber capabilities.
Israel considers Iran its most dangerous enemy. Lately, Bibi Netanyahu has threatened to directly attack its nuclear installations. For the first time, a US official (Ambassador Tom Nides, speaking to the hawkish, Conference of Presidents of Major Jewish Organizations) has tacitly given Israel a green light to do so:
As President [Joe] Biden has said, we will not stand by and watch Iran get a nuclear weapon, number one. Number two, he said, all options are on the table. Number three, Israel can and should do whatever they need to deal with and we’ve got their back,” [Ambassador Tom] Nides adds.
Thus, cyber-attacks like these take on even greater significance than they normally would.
The hackers demanded a ransom and claimed their motivations were political, in opposing Israeli apartheid. That clearly was not the goal. as Mako confirmed in an article published two weeks ago, when the incident was first reported :
As a result of the attack, it’s suspected that the they gained access to research collaborations with the defense industries. According to sources involved in the investigating the incident, the atttack stole a great deal of academic research…
The hacker group apparently succeeded in accessing a great deal of research material about the services of the Technion and encrypted it [holding it for ransom]. This raises a concern that they penetrated the databases which contained patents in advanced stages of development. Thus, there is a danger that they accessed collaborations between the Technion and defense industries [i.e. weapons research].
One of Israel’s leading cyber-researcher added this note concerning the materials that were likely stolen:
While the Technion is one of the highest level academic institutions in the world, it is also a research institution…You must take into account that beyond the subjects of students, protocols and the like, the Technion houses a great deal of patent research and other related matters which would be of great interest to various sources globally.
How far did they [the hackers] go? That we’ll learn gradually. I only hope that they didn’t damage the backup systems as happened once, when it took them a month to completely rebuild them.
Both Iran and Israel have attacked each other’s infrastructure. But this is the most damaging attack the former has mounted, and likely the most valuable intelligence it has ever stolen from an Israeli source. It also attests to severe weaknesses in the Technion’s cyber-security, considering how sensitive its research was.
One must now assume that almost all Israeli advanced weapons systems on which the institution worked, have been fully exposed to Iranian sources. This, in turn, will be a boon to the Iranian weapons industry which has, in the past, retrieved US and Israeli drones and reverse-engineered them for its own use. A similar phenomenon may have occurred here. Though the scope of the data stolen will be much broader and damaging to Israel’s defense industries.
This is also not the first hack of the Technion. In 2021, the private data of hundreds of thousands of Israeli students was exposed including e-mail, password, and telephone numbers. Among them were students of the Technion…
If Iran had access to sensitive research material, than why would she publicise the hack by shutting down the Technion’s computer system and demanding ransom? Why not just quietly steal data while studing the computer’s infrastructure. Makes no sense. Maybe your source has an explanation.
DarkBit said: “A kindly advice to the hight-tech (sic) companies: From now on, be more careful when you decide to fire your employees, specially the geek ones [sic],”
Depending on how one interprets the wording, the attack seems to be DarkBit’s way of taking revenge for layoffs that may have involved its members.
@ Jay:
Generally the way these hacks go is that the intruder enters a system and lurks there for weeks, months or even years. They navigate through the system looking for sensitive data, harvesting it. They examine the cyber defenses and vulnerabilities. When they’ve done all that they steal whatever isn’t nailed down. All of that is a long process. It’s not a smash and grab robbery.
Once they’ve gotten what they wanted, they announce what they’ve done as the coup de grace. Iran wants Israel to know what it did. That’s part of cyber-war. You want to steal from the enemy, but then you want to humiliate him/her as well. And the Israelis have done exactly the same thing to Iran.
As for the DarkBit msg.: I wouldn’t attribute any value or credibility to anything it says. It’s just noise.