Palestinians suspected in hacking of Israeli defence ministry computer
Cybersecurity expert reveals trojan attack and points the finger of blame at Palestinians
Hackers broke into an Israeli defence ministry computer via an e-mail attachment tainted with malicious software that looked like it had been sent by the country's Shin Bet secret security service, an Israeli cybersecurity firm said.
Seculert chief technology officer Aviv Raff said that the hackers earlier this month temporarily took over 15 computers, one of them belonging to Israel's Civil Administration that monitors Palestinians in Israeli-occupied territory.
Raff said Palestinians were suspected to be behind the attack, citing similarities to an assault on Israeli computers waged more than a year ago from a server in the Hamas-ruled Gaza Strip.
While the latest attack was conducted from a server in the US, experts noticed writing and composition similarities with the earlier attack, he said.
Israeli officials declined to comment on Raff's findings. There was no immediate Palestinian comment on the report.
Seculert had not determined what the hackers did after the initial infection with Xtreme RAT software, Raff said. "All we know is at least one computer at the Civil Administration was in control of the attackers; what they did we don't know," he said.
The Civil Administration is a defence ministry unit that oversees the passage of goods between Israel and the West Bank and Gaza Strip, territories Israel captured in a 1967 war and which Palestinians want for a state. It also issues entry permits to Palestinians who work in Israel.
Raff declined to identify the other 14 computers targeted by the hackers. An Israeli source who spoke on condition of anonymity said these included companies involved in supplying Israeli defence infrastructure.
Based on Raff's analysis the 15 computers were in the hackers' grip for at least several days after the January 15 e-mail, which included an attachment about ex-Israeli prime minister Ariel Sharon who had just died.
The e-mail looked like it had been sent from the Shin Bet security service, Raff said.
His firm was able to "sinkhole" the operation, tricking the Xtreme RAT software into communicating with servers that Seculert controlled in order to figure out which computers were infected and to deactivate the attack.
Xtreme RAT is a remote access trojan, which gives hackers complete control of an infected machine. They can steal information, load additional malicious software onto the network or use the compromised computer as a beachhead from which to conduct reconnaissance and attempt to gain deeper access into the network, Raff said.