
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense - PaulSec
http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/
======
SEJeff
You can argue that "Iron Dome is XXX%" effective all day, but it is a layer.
Just like infosec, security is best in layers.

That is why there are also things like the TROPHY system for Israel's Merkava
tanks or lighter APC like vehicles:

[http://www.youtube.com/watch?v=4eCUCBS1SVk](http://www.youtube.com/watch?v=4eCUCBS1SVk)

[http://en.wikipedia.org/wiki/Trophy_(countermeasure)](http://en.wikipedia.org/wiki/Trophy_\(countermeasure\))

Israel is no stranger when it comes to rocket threats and has multiple
countermeasures. So far, it seems to work pretty well overall when you look at
the number of Israeli casualties due to incoming rocket fire. For the number
of shots fired into the country, it is remarkably low even with the horrible
accuracy of the rockets being fired.

------
jokoon
I don't really know what use they have of such documents.

I mean there aren't that many places in the world where you could sell that. I
still wonder if any tech developed by iron dome is really useful at all for
terrorits, Russia or china.

I mean if hamas really has enough resource to build stealth rockets, or
rockets than would be able to dodge iron dome, but I don't think they really
have the resources to develop such thing.

~~~
bediger4000
I always wondered the same thing, when I worked at aerospace companies. I
mean, how much use can stolen blueprints be in inches and pounds to countries
on the metric system? And that's just for starters. A lot of the time, the
engineers barely understood what kept a vehicle together and functioning. How
would a bunch of engineers from a completely different culture understand
them?

Also, just copying is going to lead you down strange alleys. I can recall one
proposed engineering change to a drawing so that the drawing had the actual
bolt hole size on it, not some smaller size. Yes, that's right, the 15 year
old drawing had smaller bolt holes specified than actually were on the real,
physical hatches. Stuff like that happens all the time. A simple copy might
not be flightworthy, much less fit to assemble.

~~~
jonknee
Units are quite easy to convert, but I think there are lots of obvious reasons
this information was sought. First off it was really cheap to steal and had
nearly zero risk (Israel has no way to prosecute anyone in China). Simply the
psychological factor of knowing that your secrets could be known to anyone who
wants them is justification for such a hack. Finding solutions to problems or
weak points in the system are a nice cherry on top.

~~~
bediger4000
Units are indeed easy to convert: getting an equivalent bolt or rivet or hi-
shear or what have you is not. ISO or DIN thread on a bolt isn't the same as
ANSI thread, either, they have different strength and fatigue characteristics.
Fasteners are a big deal in airframes - in order to be light enough to fly,
they have to have stressed skin construction. That means correct size,
materials, number and fatigue properties of fasteners are key.

You're grossly underestimating the amount of work that goes into fasteners and
how hard it would be to choose ISO, or Russian or Chinese equivalents.

As for the psychology of your secrets being out there, we used to wonder who
in the company was leaking info to "Aviation Week". Every project I worked on
that had a feature in "Aviation Week" had no general secrets. It was all
there, in detail.

~~~
jonknee
I guess I was under the impression that it wasn't so much that China intended
to completely copy whatever they steal the plans for. Simply knowing the plans
would seemingly make it easier to know its true capabilities (and cost, weak
points, etc).

It's similar to why there's a market for complete tear downs of electronics--
competitors are interested in the guts and components even if they never
intend to rip it off. Knowing how someone else solved the same problem you're
working on is always valuable.

~~~
etrevino
For systems as complex and interrelated as airplanes they sometimes do build a
direct copy. That reveals for them the failures in their own techniques and
materials. Also, it serves as a general prototype for the next iteration.

~~~
bediger4000
Do you have any idea what kind of copy? I mean, McDonnel Aircraft used to
build what they called "iron birds", dimensionally accurate, but maybe not
made of exactly the right stuff, as an iron bird was used to see if wiring
harnesses and tubes fit through various runs. Using titanium parts for the
iron bird would have been a gross misuse of money. There were also
dimensionally correct copies made of the right materials, but usually without
piping and wiring, for dynamic testing. I forget what they called those.

I suppose CAD has eliminated a lot of the need for iron bird-style copies, but
maybe not.

------
bhouston
Chinese hackers have been incredibly good at infiltrating defense contractors
around the world. This is just the latest in a very long list. These types of
intrusions really do reduce any technical military advantages the "West" has
over China.

~~~
atmosx
Yes. Apparently Chinese are awesome at getting caught too. Especially in cases
where you can't prove anything. Weird that Americans never get caught, who
knows. Maybe US doesn't do that sort of things.

~~~
nitrogen
The US/Israel did get caught with Stuxnet, so either they wanted to be found
or they aren't perfect at hiding either. Note that I'm not making any comment
on the ethics; I'm just mentioning evidence of the other side's activity.

~~~
jsolson
Were they actually "caught", or was it simply determined that the level of
sophistication was something that could only have come from state-sponsored
malware (a claim I find dubious at best, but whatever)?

~~~
resu_nimda
I'm curious, why do you find that claim dubious? That is the conclusion of
numerous top security experts, not just some pundits with an agenda.

It seems like you're scoffing at the idea that only a national government
could produce software that is "that good," or maybe even that they could at
all, but mere code quality is not the whole basis for the claim. It's also the
(initially) extremely precise target, the intelligence needed to affect the
physical results they were after (disruption of uranium enrichment
centrifuges), and the unprecedented effort to cover all tracks of the worm.

Ralph Langner, whose team did a lot of the primary technical investigation
into the worm, has said "the leading force behind Stuxnet is the cyber
superpower – there is only one; and that's the United States."

Here's his hour-long technical breakdown (with code):
[http://www.digitalbond.com/blog/2012/01/31/langners-
stuxnet-...](http://www.digitalbond.com/blog/2012/01/31/langners-stuxnet-deep-
dive-s4-video/)

His TED talk on Stuxnet:
[http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21...](http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon#t-11945)

A less technical article, which Schneier reposted as "the definitive analysis
of Stuxnet [short version]":
[http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_se...](http://www.foreignpolicy.com/articles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_attack?page=full)

There are also numerous bits of circumstantial evidence detailed on Wikipedia.
A former Vice Chairman of the Joint Chiefs of Staff was put under
investigation by the DoJ last year for allegedly leaking info on Stuxnet and
"Operation Olympic Games." At this point it's all but certain, I think one
would need a pretty good reason to be doubtful.

~~~
jsolson
> I'm curious, why do you find that claim dubious? That is the conclusion of
> numerous top security experts, not just some pundits with an agenda.

It's entirely the notion that it _could only have been_ state sponsored that I
have trouble with. While there may be no organization with resources
comparable to the US government to throw at cyber security in general, there
are certainly organizations which can throw large resources at any given
particular problem.

Of course, other organizations that might have had the resources to create
Stuxnet wouldn't have had the motive or the relevant context (knowledge of
details of Iran's nuclear enrichment program) to do so. In that regard I don't
doubt in the slightest that it _was_ state sponsored malware, but I think it's
dangerous to claim that anything _could only have been_ state sponsored, as it
accords a level of resourcing to the state that likely also applies to, e.g.,
organized crime or exceptionally large corporations who might not have our
best interests at heart (not that I think the state always does either, mind
you).

That said, my original question was genuine. I didn't follow Stuxnet after the
initial speculation that it looked like a state sponsored project, and thus I
didn't know whether we'd been officially caught or whether it was still
(extremely well founded) speculation.

------
trothamel
One way of dealing with intrusions like this is to leak documents with subtle
design flaws in them, rather than correct designs. If enough of the stolen
material requires checks by skilled engineers before use, it dramatically
reduces the value of the stolen material.

(Of course, this requires the intrusion to be detected before it is over.)

EDIT: See
[https://en.wikipedia.org/wiki/Siberian_pipeline_sabotage](https://en.wikipedia.org/wiki/Siberian_pipeline_sabotage)
, with the caveat that it's not clear how real the story is.

~~~
mortov
It is standard practice in classified material communities to have carefully
controlled variants of documents and a log of where and when the subtle
variations go in order to detect and source leaks of information. When any
particular area is detected as suspect, misinformation dressed up to look more
valuable is then carefully spread in that direction to see who takes the bait.
They are then either used to send misinformation or, if they have served their
purpose or have nothing to offer, removed (fired/imprisoned or whatever is
appropriate).

The Americans (TV Series) had a couple of themes based around this - it's not
exactly a secret strategy and receivers of information know to verify what
they get before getting too excited.

Since we're talking about government actors here, nowadays they would not be
easily fooled and would have skilled engineers checking stuff no matter what,
so that is not going to add any 'cost' to the operation. People in the
espionage game learn pretty quickly or they don't get to play for very long.

------
caruana
If defense firms are constantly under attack then maybe a good counter attack
would be to embed exploits in documents that would "phone home" when opened
outside the firms networks.

~~~
tomp
I can't imagine hackers being as stupid as to allow scripts run in the
documents. Actually, most modern software prevents such "phoning home" AFAIK
(e.g. your mail client, Word, Excel, ... all ask you before loading remote
images and executing scripts).

~~~
chillacy
Maybe an encrypted document which phones home for the keys? And to force the
user to run the script, make it so that the encrypted blob is generated by
running the script (and it's painfully obfuscated to prevent reverse
engineering)

~~~
bhouston
Or that no one has local files, it is all served via virtual desktops to
client machines.

------
atmosx
I love this: _Five Chinese Military Hackers Charged with Cyber Espionage
Against the US_. Just 5? On the other side there's an entire entity known to
spy/hack/attack virtually everyone.

------
brandonmenc
In light of all these "iron dome doesn't work" articles, this is some great
propaganda (intentional or not) that the system is effective enough to be
stolen and copied.

~~~
BuildTheRobots
> "In light of all these "iron dome doesn't work" articles"

I've not seen them; if you have links handy I'd like to go read some more.

My understanding was that they were managing between 80-90% success rate for
the targets they aimed for (which is pretty good) but also that they were
deliberately leaving any rockets that were obviously not going to hit anything
important.

~~~
brandonmenc
Yeah, that's my understanding too.

[https://www.google.com/search?q=postol+iron+dome](https://www.google.com/search?q=postol+iron+dome)

"all these articles" = commentary on that one article by Postol.

------
salimmadjd
If the hackers were after the Iron Dome, it looks like it doesn't work [1]
based on analysis by Theodore Postol of MIT [2]

1: [http://thebulletin.org/evidence-shows-iron-dome-not-
working7...](http://thebulletin.org/evidence-shows-iron-dome-not-working7318)

2:
[http://web.mit.edu/sts/people/postol.html](http://web.mit.edu/sts/people/postol.html)

~~~
wmil
His analysis is flawed.

For example, imagine if several rockets are fired at a hospital. Iron Dome
intercepts the rockets, throwing them off course. The rockets then land in
parks and parking lots, killing no one.

Under Postol's standards, that's a complete failure. Because the warheads
weren't destroyed.

But most people would judge that as a major success.

Assuming the rockets are reasonably accurate and targeted to do the most
damage possible, simply damaging the rockets and changing their path is a
success.

~~~
danielweber
_Assuming the rockets are reasonably accurate and targeted to do the most
damage possible,_

I'm saying this hesitantly, because it has the potential for things to go off
the rails into a flame war, but the rockets are very inaccurate -- literally
hitting the side of a barn would be a good strike. Damaging them _probably_
reduces the chances of them hitting a high-value target by a few percentage
points, but they have no targeting systems on board. They are flung in a
general area, and landing in place X or place Y in that general area isn't too
much different.

There are also significant psychological factors at play.

~~~
spingsprong
Iron Dome calculates the probable impact point of rockets fired at Israel, and
only intercepts rockets that are going towards inhabited areas.

~~~
ranran876
Which means somewhere the Israelis have a priority map with which areas are
more or less important to defend.

Can you imagine the shitstorm that would come out of something like that
leaking?

~~~
danielweber
Nah; if something is projected to land in a bunch of, say, farmland, then
trying to intercept it could make it land someplace worse.

A necessary prerequisite to a missile defense system is a way of telling where
rockets are going. Even if they don't have the first, they probably have the
second.

