Hackers impersonated a retired IDF general who heads a prestigious defense think tank.
Iranian hackers faked emails from the director of Israel’s top defense studies think tank in order to get an Israeli military expert to give his opinion on sensitive defense issues, Channel 13 reported over the weekend.
About three weeks ago an email was sent saying it was from the account of the personal assistant to (Reserve) General Amos Yadlin, head of the prestigious Institute for National Security Studies (INSS).
Yadlin is also a former Israeli Air Force general and head of military intelligence.
The target of the e-mail was Lt. Col. (Reserve) Sarit Zehavi, the head of Alma, an independent research center specializing in Israel’s security challenges on its northern border where the Iran-backed Hezbollah terror group is the main threat.
“We received an e-mail, ostensibly from Amos Yadlin’s secretary, that said Amos Yadlin wants to talk to one of our investigators,” Zehavi said. “We do not know what it is about, but when someone of this magnitude turns to us, we answer straight away, and actually sent them a phone number.”
The next day Zahavi received a line of WhatsApp messages from Yadlin’s alleged cell phone.
“There is a request on WhatsApp, right with a picture of Yadlin,” Zehavi said, saying the hackers had faked the WhatsApp ID to look like it came from Yadlin himself.
The hackers then asked Zehavi to read over and give her opinion on a new study by four INSS researchers, entitled “On the anniversary of the ‘revolution in Lebanon’ – the internal situation has only worsened hopelessly on the horizon.”
Zehavi noted that at the time the study had not yet been published, and could only he passed on to her if it was stolen.
An Alma researcher read the study, wrote up a detailed critique with his conclusions and sent it to the “Yadlin” account, but because he had suspicions he turned to a cyber security cyber company that revealed the whole affair was the result of a break-in by the Iranians.
When the researcher called the number that was supposed to be the INSS, somebody totally unconnected answered, said cyber security expert Ram Levy.
Sophisticated Iranian Hack
It turns out the affair was a sophisticated Iranian hack designed to extract sensitive information from those who are connected, even as academic researchers, with up-to-date and quality military sources.
“This is a great means to understand what the community of military-academic researchers thinks about all kinds of developments in the Middle East,” another expert explained. “That way they can get their opinion, [things] they don’t really write in the academic papers, in an informal way.”
Ohad Zeidenberg, a cyber researcher, added, “The [Iranian hacker] group operates in Israel on a very high scale,” he explained, with almost weekly attacks on Israeli investigators.
“Attempts are being made to trap them using a multitude of methods. This is an intelligence body funded by the Iranian regime,” Zaidenberg said.
“There are a lot of methods to psychologically bait on the assailants,” Zeidenberg explained, “to make them believe that it really is the same entity from the Institute for National Security Studies or another research institute.”
“Sometimes these are people you know personally, but they impersonate, they speak Hebrew, write signatures. Many times we have seen them break into emails and learn the correspondence method. I mean actually copy an email that already existed in the box, and use it as a basis for writing another email.”
“This is a pattern of action that we are familiar with in the past, that the Iranians have used,” Levy said.
“This is not the first time that they have attacked Israeli academics who are connected to the defense establishment in some way. There is a whole set here, both of prior knowledge and of technological capability, that allows this to happen.”
Hezbollah and the Iranians see the Alma research institute, which is run Zehavi, as having tremendous intelligence potential.
“We have stepped on some toes for Hezbollah, and they identify us as a research institute of the ‘Zionist entity,’” Zehavi said.
The INSS, is also an internationally linked institute that also serves as a destination for Iranians.
The INSS issued the following official responded to the incident: “In the case described, there was an attempt to impersonate [using a fictitious private e-mail, and not the organizational e-mail at the institute. The Institute for National Security Studies is a significant factor in the strategic research field and is prepared for such incidents] and even more sophisticated attempts. The institute is equipped with powerful cyber protection systems.”