HSNW - 5 June 2012

Unit 8200 is Israel’s equivalent of the U.S. National Security Agency (NSA) or GCHQ in Britain; what sets the unit apart from its SIGINT counterparts in the United States and Europe is that it does almost all its research and development in-house; this means that, aside from interpreters and analysts, the unit is home to a huge cadre of engineers, technicians, and programmers; one result is that veterans of Unit 8200 have founded many of Israel’s successful high-tech start-ups

The waves of cyber attacks on Iran’s nuclear facilities and critical infrastructure – the attacks we know of: Stuxnet, Duqu, Flame – have drawn attention to the secretive Unit 8200, the cyberwarfare unit within the Israel Defense Force (IDF) Military Intelligence (MI) branch (these cyberattacks have also drawn attention to the U.S. efforts in this regard: see David Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” New York Times, 1 June 2012). The Financial Times notes that Unit 8200 is Israel’s equivalent of the U.S. National Security Agency (NSA) or GCHQ in Britain. These three organizations belong to a branch of the military called signals intelligence, or SIGINT. Unit 8200’s task is to intercept, monitor, and analyze enemy communications and data traffic — from mobile phone chatter and e-mails to flight paths and electronic signals. The unit’s goal is to “fish out from an ocean of data the piece of information that will help the Israeli security forces identify and thwart a potential attack,” the FT writes.

Full story

‘Groundbreaking’ worm points to a state-backed effort, say experts

Gregg Keizer - September 16, 2010

The Stuxnet worm is a “groundbreaking” piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multi-pronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.

“It’s amazing, really, the resources that went into this worm,” said Liam O Murchu, manager of operations with Symantec’s security response team.

“I’d call it groundbreaking,” said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. By comparison, other notable attacks, like the one dubbed “Aurora” that hacked Google’s network, and those of dozens of other major companies, was child’s play.

O Murchu and Schouwenberg should know: They work for the two security companies that discovered Stuxnet exploited not just one zero-day Windows bug, but four, an unprecedented number for a single piece of malware.

Full story

—–

See also: “Stuxnet code hints at possible Israeli origin, researchers say“

Richard Silverstein - September 22nd, 2010

Though the Stuxnet cyber-attack which likely targeted Iran’s nuclear facilities may’ve begun as early as 2009, computer security experts have only this month published their full analysis of one of the most sophisticated and powerful computers worms ever developed, and what industrial damage it may’ve done.

Stuxnet is malware likely designed to infiltrate Iranian (60% of computers infected were in Iran) industrial computers which controlled numerous automated processes in factory production cycles. The most likely target according to most experts consulted would be Iran’s Bushehr nuclear reactor complex, which last year was reported by Israeli media to have been sabotaged and faced extensive production delays. Since Bushehr is using Russian-supplied fuel not related to centrifuges or uranium enrichment, it seems unlikely they were the goal. But there clearly is some key industrial process likely targeted at Bushehr and the worm may’ve either destroyed equipment or corrupted a production cycle central to the reactor’s function.

By all accounts. the worm is so advanced, performs so many functions, and operates in such a complex fashion that it can only have been produced by the intelligence agency of a sovereign nation. We can imagine which nations would have the capacity to mount such an operation and the motivation to sabotage Iran’s nuclear program. The CIA and Mossad (or IDF military intelligence) spring to mind. My money is either on Israel and a shared operation mounted in some way by both countries.

Full story

————

See also: Cyber-Attack Turns Physical

————-

Chertoff Group: Israel Cyber-Attacks Iranian Nuke Plant With Stuxnet Computer Virus