Jerusalem Post hack part of pro-Iranian Israeli influence op - ex-cyber chief

The value of the attacks on the Post and Maariv “is quite low” as opposed to a cyber attack on critical infrastructure like transportation and energy.

VISUAL DEPICTION OF A HACKER (photo credit: VIA WIKIMEDIA COMMONS)
VISUAL DEPICTION OF A HACKER
(photo credit: VIA WIKIMEDIA COMMONS)

The hacking of The Jerusalem Post website by pro-Iranian hackers was part of an influence operation timed to impact the ongoing nuclear talks in Vienna, former IDF cyber chief Brig.-Gen. (res.) Yaron Rosen said Monday.

The Post’s website was hacked at about 2 a.m. Monday morning (Israel time), and the homepage was replaced with a photo of a model Dimona nuclear facility being blown up and the text: “We are close to you where you do not think about it” in English and Hebrew.

Although much of the imagery used to deface the websites and the Maariv newspaper’s Twitter account related to the second anniversary of the targeted killing of Islamic Revolutionary Guards Corps Quds Force commander Qasem Soleimani, Rosen said this was a sideshow to Iran’s nuclear and regional ambitions.

“Any part of Israel’s media, whether it be print, Internet or TV, is part of the media megaphone speaking to the Israeli public... We are in the midst of nuclear discussions,” he said. “Both sides are probably doing the best they can with whoever they can to influence things. This is part of influence operations.”

Rosen, who is president of cyber intelligence company Toka, said these types of hackings will continue since the “use of cyberspace as the preferred battle space is still below the threshold of war.”

 The Iranian threat used in the hacking of JPost.com in the early hours of Monday morning, January 3, 2022 (credit: screenshot) The Iranian threat used in the hacking of JPost.com in the early hours of Monday morning, January 3, 2022 (credit: screenshot)

“No one has openly declared war,” he said. “Missiles are not fired. It is mostly between nation-states. They are fired in Syria, Lebanon and many other places, but all of them are under the threshold of war. One of the weapons of choice in the arsenal for both sides is in cyberspace.”

“They [the Iranians] are doing it; we are probably using it,” Rosen said. “We will see more in the near future.”

Asked if there was anything specific about targeting the Post and its sister publication Maariv, he said: “I do not think there is any real meaning. You are part of the Israeli media landscape, which itself is not very big. [Hacking any of] the few players that are here will be effective... You need to be ready for it. Everybody will be attacked.”

It appeared that the current cyberattack was “perception oriented,” Rosen said. “This was a defacing attack… you lost a few hours” of website access, so it was “just psychological and nothing more than that. This was a very shallow attack, but we should expect more.”

The value of the attacks on the Post and Maariv are in some ways “quite low,” as opposed to a cyberattack on critical infrastructure such as transportation and energy, “which are areas we need to be very careful with,” he said. “Both sides, I think, understand their value as targets and are very keen” to exploit this.

Citing a cyberattack on an Israeli hospital in late 2021, he said: “The floodgates are open. Critical infrastructure is sadly a target of choice. We need to focus on that, and the state bodies – the INCD [Israel National Cyber Directorate], the IDC [Interdisciplinary Center Herzliya, now Reichman University], the other agencies – need to continue to defend critical infrastructure very strongly.”

Hackers, on the other hand, will scan the widening target of critical infrastructure in the digital realm to “always find the weakest link,” Rosen said.

Moreover, whenever there is a successful, publicized infrastructure attack, it creates momentum for “more copycat attacks,” he said, citing the cyberattack on Colonial Pipeline in the US as having “inspired groups around the world, including state actors or those supported by state actors, to execute these types of attacks… There is a snowball effect… This fuels, energizes and motivates them to pursue such targets.”

Besides those attack vectors, Rosen said he expected ransomware attacks to “continue to grow and threaten organizations, especially businesses and banks, where financial damage can be very easily felt.”

“They will continue to be the target of choice for hackers and adversaries such as Iran,” he said.

Another growing vector of cyberattacks is criminal organizations “moving into the cyberspace, seeing the potential and value they can harvest,” he added.

These cyber trends mean that both “the private and public sector all need to focus on building [cyber] security and defenses, incident response and recovery operations and business continuity,” Rosen said. “These are things that are going to continue to need to be the focus” for everyone.

“The private sector needs to understand the value of collaborative defense,” he concluded. “There is no way any private company can defend itself without collaboration with its own sector, the government and the INCD.”

Tzvi Joffre contributed to this report.