Ex-Shin Bet official: Iran may use Chinese cyber tech to attack Israel, US

Alleged Russian cyber attack on Ukraine hard to block

Hacker in a hood (photo credit: INGIMAGE)
Hacker in a hood
(photo credit: INGIMAGE)
Following the killing of Iran IRGC Quds Force chief  Qasem Soleimani, Iran may use advanced Chinese cybertools against Israel or the US, a former top Shin Bet (Israel Security Agency) official told The Jerusalem Post on Tuesday.The official, Dr. Harel Menashri, was a founder of the Shin Bet’s cyber department and is currently the Head of Cyber at the Holon Institute of Technology.
The Post also spoke with former Shin Bet cyber chief Eric Harris Berbing about key cyber issues confronting Israel, with both officials due to appear at the Cybertech conference in Tel Aviv between January 28 and 30.
Menashri explained that even the Islamic Republic’s homegrown cyber capabilities have gotten much stronger in recent years, but that it likely has acquired Chinese capabilities, which are even more threatening.“
I assume they received new capabilities from China in cyber defense... and China is the strongest in cyber defense. China probably did not give them offensive cyber capabilities [directly]. But when you carry out defensive cyber, you also learn about offensive cyber,” said Menashri.
Essentially, Menashri’s point was that Iran could reverse-engineer some of the advanced cyber defense capabilities it likely received from China, which it might not have acquired on its own. Then it could turn them into new, advanced attack capabilities against Israel and the US.
That could be particularly worrying in this time period – so soon after Soleimani was killed on January 3 – in which Tehran is still deciding how to retaliate, and against whom.
One benefit of cyber attacks for Iran is that they could give it plausible deniability, which a direct use of military force would not provide.
“We need to take their [Iranian leaders] statements seriously... about taking revenge... and with foreign media reports, that maybe Israel was involved in collecting intelligence against Soleimani,” Menashri said, expressing that Iran may want to vent its anger against Israel.
Even before the Soleimani issue, Menashri said he understood that Israel was already fending off approximately eight million cyber attacks per day, many of which came from Iran. In other words, Israel is and must continue to be ready to defend against Iranian cyber attacks, whether there is additional danger after the Soleimani hit or not.
Cyber is also an area where Iran can invest very little in terms of funds – at a time when its economy is shaky – while achieving a large upside in causing potential damage.
Menashri warned of Iranian cyber attacks on critical infrastructure, such as electricity, water, hospitals and banks.
Meanwhile, former Shin Bet cyber chief Berbing focused on Tuesday’s reports, which said that Russian hackers targeted a Ukrainian gas company at the center of the Trump impeachment query, in an attempt to recover details regarding former vice president and 2020 presidential hopeful Joe Biden.
The attack is being compared to Russia’s influence operation, to tamper with the 2016 US presidential election through leaking damaging hacked emails from Hilary Clinton’s campaign.
First, Berbing qualified that it was possible that “the report itself is part of an influence operation someone wants to carry out against the Russians.”
Despite this, Berbing said, “There is hard evidence that Russia was involved in the US 2016 presidential election, involved in encouraging BREXIT and [in] other elections.”
Cyber attacks like those revealed on Tuesday, if part of a broader influence operation, are still a way that Russia can tip elections in the direction it wishes, or generally promote chaos among its Western adversaries, he said.
Berbing described the methods used by cyber powers like Russia to cover their tracks as being extremely advanced.
Besides Russia often having the cyber attacks carried out from a different geographic area in order to throw forensic cyber investigators off their scent, Moscow is likely to pay outside cyber criminals to promote the offensive cyber operations.
The former Shin Bet official - who also headed its counter-terror division for Jerusalem, Judea and Samaria - said that Russia has learned even more techniques for erasing any hint of its involvement in recent years.
While top cyber officials have previously told the Post that even Russia once left behind traces of Russian language at deep levels of its coding, Berbing said that Moscow now has cut out even such minor errors.
In addition, he said that Russian and other major powers’ cyber operations have intelligence analysts intimately woven into their operations, so that they know everything about their targets and what makes them tick, before they engage.
Reports even indicate that the latest Russian attempt to hack the Biden-connected Ukraine company, included the creation of mirror versions of the company’s suppliers. This meant that company employees could have received communications from what looked like trusted, long-time business associates, making it nearly impossible to realize they were being hacked.
Berbing said that sometimes, the only way that he and other experts discovered Russian or other top cyber-power involvement, was comparing the use of similar cyber moves and tactics which were previously used by specific countries.
Moreover, he said sometimes errors could be found in complex cultural references which would be harder for even intelligence analysts to help fake.
Berbing said the key to combating these highly complex cyber attacks was redundant barriers, to get permission to access sensitive information, or even splitting sensitive information into entirely separate databases.
He also said that any organization with sensitive information must constantly update its employees to keep them aware of the morphing methods that hackers may try to use to target them.