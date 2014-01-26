JERUSALEM/BOSTON Jan 26 Hackers broke into an
Israeli defence ministry computer via an email attachment
tainted with malicious software that looked like it had been
sent by the country's Shin Bet secret security service, an
Israeli cyber security firm said on Sunday.
Aviv Raff, chief technology officer at Seculert, said the
hackers earlier this month temporarily took over 15 computers,
one of them belonging to Israel's Civil Administration that
monitors Palestinians in Israeli-occupied territory.
Raff told Reuters that Palestinians were suspected to be
behind the cyber attack, citing similarities to a cyber assault
on Israeli computers waged more than a year ago from a server in
the Hamas-ruled Gaza Strip.
While the latest attack was conducted from a server in the
United States, experts noticed writing and composition
similarities with the earlier attack, he said.
Israeli officials declined to comment on Raff's findings.
"We are not commenting on it, we don't respond to such reports,"
said one of the officials, Guy Inbar, a spokesman for the Civil
Administration.
There was no immediate Palestinian comment on the report.
Securlet had not determined what the hackers did after the
initial infection with "Xtreme RAT" software, Raff said. "All we
know is at least one computer at the Civil Administration was in
control of the attackers; what they did we don't know."
The Civil Administration is a unit of Israel's defence
ministry that oversees the passage of goods between Israel and
the West Bank and Gaza Strip, territories Israel captured in a
1967 war and which Palestinians want for a state.
The administration also issues entry permits to Palestinians
who work in Israel.
DEFENCE CONTRACTORS ALSO HACKED?
Raff declined to identify the other 14 computers targeted by
the hackers. An Israeli source who spoke on condition of
anonymity said these included companies involved in supplying
Israeli defence infrastructure.
Based on Raff's analysis the 15 computers were in the
hackers' grip for at least several days after the Jan. 15
dispatch of the email, which included an attachment about ex-
Israeli prime minister Ariel Sharon who had just died.
Hacking activity has surged in the Middle East over the past
three years as both governments and activist groups have
targeted the military, other state agencies, critical
infrastructure, businesses as well as dissidents and criminal
groups in order to gain information about their operations and
also disrupt them.
The email that burrowed into the Israeli defence ministry
computer looked like it had been sent from the Shin Bet security
service, Raff said.
Raff's firm was able to "sinkhole" the operation, tricking
the Xtreme RAT software into communicating with servers that
Seculert controlled in order to figure out which computers were
infected and to deactivate the attack.
Xtreme RAT is a remote access trojan, which gives hackers
complete control of an infected machine. They can steal
information, load additional malicious software onto the network
or use the compromised computer as a beachhead from which to
conduct reconnaissance and attempt to gain deeper access into
the network, Raff said.
Word of the cyber attack came a day before a three-day
Israeli cybertech conference being held in Jerusalem, and just
after Prime Minister Benjamin Netanyahu plugged Israeli
technological advances at the World Economic Forum in Davos.
Raff denied there was any irony in the timing of his warning
so soon after Netanyahu's remarks. "Unfortunately there is no
such thing as 100 percent safety either when it comes to
physical risks or information security," he said.
(Writing by Allyn Fisher-Ilan and Jim Finkle, editing by Mark
Heinrich)