Secret Shin Bet Unit at The Front Lines of Israel's Cyber-War
Several weeks ago, a vigilante by the name of "Buddhax" made waves when he exposed the true faces - and names and passwords - of several anti-Israel hackers who participated in the #OpIsrael project to launch a cyber-attack against Israel.
Now, nearly one month later, Channel 2 revealed Friday the existence of another party responsible for keeping Israel's cyberspace safe: a secret unit of the Israeli Security Agency (ISA), or Shin Bet.
Tens of hackers work in S-74, the codename for the Shin Bet unit which protects Israeli cyberspace. For days, they will cluster around their computers, tracking the suspicious movements of "Anonymous" hacktivists around the world. Then, just moments before a hack will disrupt a system, they will strike - without anyone even knowing the Shin Bet was involved.
"We have prepared well in advance, we follow networks around the world closely and collect intelligence through HUMINT and SIGINT [human intelligence and signals intelligence, respectively - ed.]," Alon, an S-74 member, revealed to the daily Friday.
Alon, 39, has been a member of the unit for eight years and is responsible for for teaching institutions who use critical servers how to prevent cyber-attacks. "We approached internet providers, conducted [a simulation of] the attack with safeguards, and then analyzed the seriousness of the threat. We here in the Shin Bet then opened an operations room and our people ran through a number of simulations of the event before operating against [a cyber-attack] in real-time."
"Timing is critical," he continued. "Your opponent is sitting in advance to make sure a cyber-attack succeeds; all he has to do is press a button and the system begins to fail."
Timing was also crucial before #OpIsrael. Several weeks before, the Shin Bet opened an operations room to explore advanced, unique, and intensive solutions to prevent the lives of Israeli citizens from being disrupted. #OpIsrael had released a list of government sites, including websites in the security sector, and distributed a list of targets which included some 1,300 Israeli websites for its hackers to breach - including the sites for government agencies, banks, defense industries, academic institutions and media organizations.
Following that, S-74 raised the alert level. Employees met with mentors and the unit's best computer experts conducted a series of counter-terrorism simulations repeatedly until they could say, for certain, that "Anonymous" could not succeed.
"The unique thing about Anonymous is their motivation to act openly," Alon noted. "They put out a call to action and recruit thousands [of hackers] to help them [execute] a cyber-attack. The more participants there are, the greater likelihood that someone will force his way into a critical website and cause it to fail."
Research, research, research
Yuval, now 29, began working for the Shin Bet 12 years ago. He works in intelligence and is the co-founder of the SIGINT unit to gather intelligence ahead of a cyber-attack. He rarely speaks about the unit and its abilities to protect Israel.
"In the event of an 'Anonymous' attack, we need to know context about the world of our target," he revealed. "I study and research it, get a report on whether this is an organization or a real terror threat, and as I gather intelligence we begin to manage the process of preventing the future attack."
"This means combining the abilities of [cyber-attack units] SIGINT and HUMINT and attacking the opponent's 'home' - using information about the attacker or his environment to our advantage."
"The cyber-world constantly features glitches - incidents which could either be technical problems or a real cyber-attack," he continued. "It can be very difficult to tell how many people are hacking us at once."
Luckily, Yuval stated, there are ways of reducing the likelihood of a real attack.
"There are a lot of incidents that we can classify as an attack or disruption in the system, and we can test and analyze them to see if they're targeted specifically toward Israel," he said. "For example, Israel's biometric database can be a common target. In the meantime, we have secured the database, [. . .] [but] we do not know who is attempting to look at it."
Intelligence at Large
S-74 was established several years ago and has changed rapidly with the fast-paced changes in technological development, according to the report.
In addition to protecting Israel, the unit collects intelligence to launch its own attacks against Israel's enemies, according to Yuval.
"This is a classified area, normally, but we received special permission to give you a small glimpse into the world of intelligence," Yuval stated.
"In order to make critical decisions about Israel's security, we perform operations across the globe to hack into computers, databases, and networks - including personal computers," he explained. "We collect data from everywhere in every area."
"There are many institutions that work strategically against the State of Israel; we work quietly against them. Then, an intelligence officer will call me and ask me for that information and that can drastically change the character of an operation."
Another dimension is collecting intelligence before physical operations against terrorists. For example, S-74 was involved in collecting much of the relevant information to kill senior Hamas terrorist Hamza Abu Alheja last month in Jenin.
Yet another approach to cyber-intelligence includes education on cyber-safety.
"We have developed tools to identify anomalous networks, abnormal movements, and to isolate and contain them," Alon explained. He stated that he often presents CEOs of major institutions with information on real cyber-attacks to "scare" them into increasing their cyber-security.
"After Israeli entities are defined as being at risk, they should protect their critical systems immediately," he explained. "Cyber-attacks on certain institutions could cause serious damage."
"For example, Israel Railways transports tens of thousands of people per day," he explained. "The monitoring process thus begins right from the control room of the Israel Railways office. Vulnerable computer systems, if damaged, could 'black out' Israel's cell towers, its electricity, and other vital resources."
S-74's work may be extensive, but not everyone is impressed with Israel's cyber-security.
Dr. Michael Orlov, head of the cyber-engineering department of Shamoon College Engineering in Be'er Sheva, explained to Arutz Sheva earlier this month that Israel needs to step up its efforts to train more hackers to keep up with the attacks, which are becoming more and more organized.
As Orlov explained, the hacking projects against Israel by Anonymous - a loosely organized group of hackers worldwide, but for #OpIsrael mostly localized to Middle-Eastern Muslim countries - is a childish attempt to "feel important," and nothing more. Currently, cyber-attacks against Israel largely focus on replacing a site's content with propaganda, and leaving a site alone after it is fixed. This, he said, "is not a serious problem."
Future attacks may be, however. Orlov emphasizes that if a major country - e.g. Iran - were to set aside the "relatively small amount" of $50 million dollars to establish a professional hacking team, Israel could be in trouble.
"We have seen Iran do this in the past to other countries, like Saudi Arabia," Orlov stated, "Hackers attacked, broke into [websites] and deleted information. If this happens, we cannot dismiss the impact of attacks."