The cyber battlefield

Israel was among the first nations to realize the significance of cyber warfare.

Former director of the US National Security Agency (NSA) Keith Alexander addresses Tel Aviv University’s 4th International Cybersecurity Conference in mid-September. (photo credit: CHEN GALILI)
Former director of the US National Security Agency (NSA) Keith Alexander addresses Tel Aviv University’s 4th International Cybersecurity Conference in mid-September.
(photo credit: CHEN GALILI)
THE MEDIA spotlight at Tel Aviv University’s 4th International Cybersecurity Conference in mid-September was on Prime Minister Benjamin Netanyahu and Defense Minister Moshe Ya’alon, who took advantage of the fo - rum to praise Israel’s capabilities in the field.
But unnoticed by journalists, a more signif - icant development was taking place. Sitting next to each other in the first row of the au - dience were two senior military men – one American, the other Israeli. Chatting and smiling, it was clear they were old buddies glad to have been given an opportunity to hook up again.
Retired four-star general Keith Alexander was until a year ago the Director of the US National Security Agency (NSA) and concur - rently headed the US Cyber Command. Brig - adier-General Nadav Zafrir was until recently the commander of Unit 8200 of Israel’s Mili - tary Intelligence.
Both espionage agencies are involved in similar work though on different scales. They are also partners – documents leaked by NSA defector-whistleblower Edward Snowden show that NSA and 8200 signed a secret agreement to cooperate and share information ncluding raw materials.
NSA, as a US spy agency, is vastly larger and focuses on almost the entire world. Unit 8200 reflecting Israeli interests is more Mid - dle East oriented. But both deal with what is known in intelligence jargon as Signal Intel - ligence or SIGINT. Until a decade and a half ago this meant mainly bugging phone and fax lines, intercepting all sorts of communi - cations, and breaking and deciphering coded messages. But as the technology improved, so the focus in the SIGINT field has changed.
Nowadays it is more and more about break - ing into computers, planting Trojan horses – namely viruses and worms, which are meant either to steal or destroy data, and even to cause machines to malfunction.
This is a concept borrowed of course from Greek mythology, where during the Trojan War the Greeks hid soldiers inside a seeming - ly innocent wooden horse placed outside the walls of the city of Troy. The Greeks sailed away and the Trojans took the wooden horse as a victory trophy allowing the Greek sol - diers inside the city. As the Greeks returned under cover of darkness the soldiers emerged from the horse to open the city gates.
THE US think tank Rand Corporation defines cyber warfare as “involving the actions by a nation-state or international organization to attack and attempt to damage another na - tion’s computers or information networks through, for example, computer viruses or denial-of-service attacks.
An example of this kind of warfare, accord - ing to American reports, is mutual efforts by Israel and the US to attack Iran’s nuclear pro - gram. The height of these efforts was the use of the destructive computer worm known as Stuxnet, which infiltrated Iranian computer systems at the Natanz uranium enrichment nuclear facility.
The plan and the operation were, according to The New York Times, a joint initiative and execution of American and Israeli intelli - gence communities. The first report about the operation was published in July 2010, though the virus was said to have infiltrated the Na - tanz computer system a year earlier.
On the American side, executing the oper - ation was the work of NSA, and, according to the reports, Mossad infiltrated the Iranian computers and planted the virus. Attribution to Mossad resulted from the fact that Mossad chief Meir Dagan, who headed the organiza - tion for eight years, had been tasked by prime ministers Ariel Sharon and Ehud Olmert to coordinate Israeli efforts to thwart, disrupt and slow down Tehran’s nuclear program.
In 2013, the Snowden documents revealed more details about the operation. They point - ed to Unit 8200 as the central Israeli organi - zation behind Stuxnet.
Israel was among the first nations to real - ize the significance of cyber warfare. Back in September 2007, nearly two years before Stuxnet infiltrated Natanz, Israel made use of cyber warfare in its air strike against Syria’s nuclear reactor. As reported by CBS News reporter Dan Raviv in the book I co-authored with him, “Spies Against Armageddon,” Israel blinded Syrian radars, thus paving the way for Israeli airplanes to destroy the facility – which was supposed to produce plutonium – without being detected.
Incidentally, the book revealed that in the cabinet deliberations, which led to the deci - sion, defense minister Ehud Barak opposed the decision but was overruled by prime minister Ehud Olmert and chief of staff Gabi Ashkenazi.
According to the Snowden documents, the NSA-8200 secret collaboration deepened and increased during the tenures of Alexander and Zafrir.
Practically, cyber warfare with its defensive and offensive aspects is a form of espionage and intelligence gathering like any other measure aimed at harming the other side and protecting your own secrets and assets. But being a new domain it seems to be very sen - sitive issue. Until recently, Israeli censorship forbade any reporting that suggested it is in - volved in offensive cyber operations.
It was thus particularly interesting to be briefed recently on the topic of cyber war - fare by a senior military source. He told me about the changes, or to be more pre - cise, about the revolution that has taken place in the last few years in Military Intel - ligence, particularly with regard to cyber operations.
Cyber warfare as a new intelligence method was not born yesterday. It is an on - going process that began under the wing of Amos Yadlin, who entered the position of MI chief in 2006, and was given an ex - tra and significant boost when Maj. Gen.
Aviv Kochavi took the reins at MI in 2011.
(Kochavi meanwhile left MI in Sep - tember to take over as head of Northern Command.) The idea of “empowering the cyber dimension,” according to the senior IDF officer I spoke to, is evident in the fact that this was the only MI unit to receive an increase in manpower during the last three years.
One of the central tools used in cyber war - fare are the “Trojan horse” programs that undetectably infiltrate the enemy’s computer systems, as was the case with Stuxnet, and is capable of causing damage or pulling out data. Sometimes, the Trojan horse infiltrates like a single sniper bullet, and other times it attacks with a barrage and disseminates into the system.
In intelligence terms, the Trojan horse is like a drone, hovering in the skies without being seen and without the enemy’s awareness, craftily gathering the desired information.
The senior military source revealed that nearly 70 percent of all information gathered by Israeli intelligence originates from cyber warfare. It is no secret that Iran has been the central target, followed by Hezbollah, Hamas and Syria. In 2006, the intelligence commu - nity was able to secure only 10 percent of its information from these enemies via cyber means, while the rest was collected by the other traditional means – by eavesdropping and from human sources.
The extent of this information varies from sphere to sphere, state to state, one terrorist organization to the other. It is obviously eas - ier to glean information this way from an enemy well invested in technological means.
This, however, is a two-edged sword. The same enemy well-endowed in technological capabilities can defend itself using cyber de - fensive means, and can secure its computers and digital systems. Nevertheless, a 70 percent success rate is highly impressive.
Alongside cyber warfare, Military Intelli - gence has experienced other important tech - nological and organizational changes. The goal of these changes, according to the senior officer, was to “fit MI to changing realities, to enable it to provide a relevant and extensive strategic response, operative and tactical, for the political and military echelons.”
AS SURPRISING as it may sound, MI units did not “communicate” with one another in a mutual computer language until very re - cently. The larger MI units, such as 8200 or the Research Department had their own re - spective computer systems, and did not even operate on the same network. Now, thanks to new applications, they do. It was bound to happen, as MI receives daily tens of millions of items of information – from eavesdropping on telephones to cyber attacks, to email in - terceptions, to aerial photos taken by planes, drones and satellites.
The visual and practical expression of this unification can be seen in the internal net - work of the organization, dubbed iNet, which operates like an Internet web and looks some - thing like a news website. Members of the MI who have the highest security clearance can type the password and access the unified sys - tem. On the screen they will see icons very similar to those you see on your own personal computer.
Those with the required clearance will click on one of the icons, type into the search engine what they are looking for – for example, “Muhammad Deif “ (the military commander of Hamas who is believed to have been killed in an IAF air strike in the last Gaza war) – and receive immediate information, much as if he were searching for pertinent information on Google from his own private laptop. But with one big differ - ence – in this case it is secret information collected from a variety of sources not avail - able to the public.
An 8200 intelligence officer/analyst can link up online with his counterpart from say the Northern Command, both of them looking at the same screen with the same in - formation. Once, it would have taken hours or days for the material to transfer from one computer to the other. Another example of how powerful and swift this technological transfer of information has become can be seen in what is called in the field “Visual Intelligence” – intelligence produced from aerial imagery. A double click on the screen can enable the seeker of information to see his desired target in panoramic view. For instance a home in the Gaza Strip can be viewed from four different angles.
The problem with this otherwise impres - sive display, according to the senior officer, is that it is disproportionately reliant on breakthrough technologies requiring talent, innovation and creative imagination. In his briefing the officer, however, did not mention what has always been considered as the jewel in the intelligence crown – the human factor. Human Intelligence (HUMINT) – information collected by case officers from their agents.
Perhaps this stems from the fact that MI has only a small unit involved in HUMINT.
This is Unit 504, which focuses on locating, recruiting and operating agents in limited areas near Israel’s borders for the purpose of tactical military intelligence.
The Mossad and Shin Bet, however, which have also undertaken remarkable technological improvements, have continued to focus on HUMINT. They still believe that there will never be an alternative to the information a human agent is able to garner from sitting in proximity to a decision maker or a general, or even better, a decision maker or general re - cruited as an agent.
 Yossi Melman is an Israeli security commen - tator and co-author of ‘Spies Against Ar - mageddon.’ He blogs at and tweets at yossi_melman