Protocols of the Hackers of Zion?

by Marsha B. Cohen

When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.'”

Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.

Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and  Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.

The original Duqu shared coding with — and was written on the same platform as — Stuxnet, the computer worm  that partially disabled enrichment centrifuges in Iranian nuclear power plants, according to a 2012 report in The New York Times. Intelligence and military experts said that Stuxnet was first tested at Dimona, a nuclear-reactor complex in the Negev desert that houses Israel’s own clandestine nuclear weapons program. While Stuxnet is widely believed to have been a joint Israeli-U.S. operation, Israel seems to have developed and implemented Duqu on its own.

Coding of the spyware that targeted two Swiss hotels and one in Vienna—both sites where talks were held between the P5+1 and Iran—so closely resembled that of Duqu that Kaspersky has dubbed it “Duqu 2.” A Kaspersky report contends that the new and improved Duqu would have been almost impossible to create without access to the original Duqu code. Duqu 2’s one hundred “modules” enabled the cyber attackers to commandeer infected computers, compress video feeds  (including those from hotel surveillance cameras), monitor and disrupt telephone service and Wi-Fi, and steal electronic files. The hackers’ penetration of computers used by the front desk would have allowed them to determine the room numbers of negotiators and delegation members. Duqu 2 also gave the hackers the ability to operate two-way microphones in the hotels’ elevators and control their alarm systems.

Israel’s Online Warriors

Israel considers cyber warfare to be the wave of the future, with the best and brightest young students in Israeli schools identified, tracked, and then recruited to become “online warriors.” Although paratroopers were once the elite within the Israeli military, cyber warriors appear to have replaced them in status.

In the 1990s, Israel built up its cyber-security forces by drafting young hackers — many of whom had emigrated from Russia after the dissolution of the Soviet Union — who were given the choice of putting their skills to use on behalf of the Israeli military or going to jail. The latest target of IDF recruitment efforts for cyber warfare, however, are orthodox and even ultra-orthodox (haredi) Jewish men, who are  encouraged to combine their studying at religious academies (yeshivot) while they fulfill their military service as hi-tech cyber-warriors in the Israel Defense Forces. Ninety percent of haredim in the Israeli Air Force, for example, serve in hi-tech positions. Kaspersky researchers observed that Duqu’s programmers didn’t work between sundown on Fridays and Saturday night, the Jewish Sabbath. Religiously observant Israelis increasingly serve in the Israel Defense Forces (IDF) cyber-security units because it allows them to fully engage in their religious studies while completing their military service.

A new yeshiva, Derekh Chaim (Path of Life),  combines Torah study and military service, as do all hesder yeshivot, but also technological studies that emphasize cyber warfare. Fully integrated into the IDF’s intelligence and cyber divisions,  these student-soldiers are trained not only to protect Israel’s highly sensitive computer networks, but also to carry out cyber-attacks.

The penetration of the Iran negotiations by “Duqu 2” reveals the advances in the malware used by Israel against its friends and allies as well as its enemies. On March 23, The Wall Street Journal reported that the White House knew last year that Israel had been spying on the negotiations with Iran, loudly leaking details about the proceedings of the closed-door discussions in hopes of undermining the prospects for their success and maximizing congressional opposition to any deal. The same report referred to Israeli “eavesdropping” and efforts to debrief participants who were not authorized to speak about the proceedings.

Israel challenged the report’s veracity. “The state of Israel does not conduct espionage against the United States or Israel’s other allies,” a senior official told the Journal, adding that, “The false allegations are clearly intended to undermine the strong ties between the United States and Israel and the security and intelligence relationship we share.” Other Israeli commentators suggested sardonically that President  Obama was far more displeased with Bibi Netanyahu supplying his Republican critics in Congress with ammunition with which to thwart a deal with than he was about any danger to the US posed by Israeli espionage.

Israeli Responses

On Wednesday, Israeli Deputy Defense Minister Eli Ben-Dahan responded to the Journal’s latest disclosures by calling them “nonsense.” He assured an Israel Radio interviewer that Israel had abundant sources of intelligence that made hacking unnecessary. He then admitted that if Israel’s intelligence services had actually carried out a covert cyber operation, he himself probably would not have been told about it.

Most mainstream Israeli news sources Thursday seemed to regard the latest suspicions of Israeli involvement in the Duqu 2 hack of the Iran nuclear talks as plausible, although Israel Today, owned by Sheldon Adelson, dismissed them as “baseless.” In Maariv, however, security reporter Yossi Melman, who has written extensively about Israeli intelligence and espionage, asserted that various forms of malware were the spies of the future, and “the future is already here.”

Haaretz, meanwhile, quoted a dire prediction by Eugene Kaspersky himself:

“Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario.”

Marsha B. Cohen

Marsha B. Cohen is an analyst specializing in Israeli-Iranian relations and US foreign policy towards Iran and Israel. Her articles have been published by PBS/Frontline's Tehran Bureau. IPS, Alternet, Payvand and Global Dialogue. She earned her PhD in International Relations from Florida International University, and her BA in Political Philosophy from Hebrew University in Jerusalem.



  1. The so called ” malwares” are double edged swords. They can be used by all sides and by everyone, even by criminally minded individuals. This is an inevitable consequence of the invention and employment of electronic devices and it is not of so importance.
    The important point that deserves special attention is utilisation of malwares to spy on your friends’ secrets and even more importantly,to arm the opponents of a cetain policy of national interest to use the information to sabotage the on going negotiations which is hoped will lead to an agreement of national interest . This is not a “friendly” information gathering or frienly tickling or joking. It is hard core spying and those who use the information supplied by a foreign power openly active to sabotage a negotiation of national importance are accessories and partners in the sabotage ,undoubtedly collaborators of a freign spying organisation and should be encountered with as traitors.
    Unfortunately president Obama and his administration are dealing with any insult, humiliation ,sabotage in US internal affairs and interference with foreign policies in matters of US national interest… Israel, timidly and even cowardly.They do their best to dodge and by pass the insulting ,humiliating and seriously damaging attacks by Israel and go through without any action that might be interpreted as encounter or reaction. WHY SO MUCH FEAR OF ISRAEL BY THE GOVERNMENT AND THE ADMINISTRATION OF THE MOST POWERFUL NATION ON EARTH ? SURELY ,SOME KNOW THE REASON AND SOME INDEPENDENT PATRIOTS SHOULD ATTEND THE MATTER UNROMANTICALLY AND PITILESSLY .

  2. Mr. Mostafa, if you know the history of the Jewish people you will understand why Israel has reason to fear…………………

  3. I can see why Israel wants the US and other foreign wars to fight its wars. Israelis are too busy playing video games.

  4. Mr. Ronmac: Apparently 9/11 wasn’t enough to convince some Americans like you to the threat of radical global Islam.
    And apparently you are not aware that Iran terms the USA as the “Big Satan”, Israel is only the Little Satan”. It may take a Pearl Harbor or bigger for America to wake up.
    If America believes Iran to be trustworthy, deal with them as you like, but just as the Iranian’s proclaim “the destruction of Israel is non negotiable” so we proclaim that Israel’s security is paramount and will act according to the Biblical advice: “Get up first to kill those that come to kill you”.
    Israel has not only survived but grown stronger after the wars of 48′,57′,67′,73′, the War of Attrition, two Lebanon Wars and two mini wars in Gaza. Not one single American soldier has ever fought for Israel. We will do what it takes to eliminate the Iranian threat, and if this benefits the USA so be it.
    No war with Iran is needed. Only a limited air action to cripple their nuclear sites. An arsenal of American bunker buster bombs will be of great advantage. If the POTUS, Israel’s great friend will allow Israel to defend itself
    The USAF trains to bomb from high altitudes as opposed to Israeli pilots who fly low and achieve much greater accuracy.
    Maybe because Israelis practice first with video games.

  5. Mr ruven golan. Obviously you haven’t heard the latest. 9/11 is all water under the bridge now. We’ve kissed and made up with al Qaeda. In fact, along with Israel we’re supporting them in the efforts to overthrow Assad in Syria.

    Speaking of pals Israel and Saudi Arabia have been chumming around for quite some time now. We already know the Saudis supported the 9/11 hijackers. But there are lots of stories on how Israeli intelligence formed a protective bubble around the hijackers, knew their intentions, but yet never passed that info along.

    There are still 28 classified pages from a 2002 House Senate report on the attack that touches on this subject has yet to be made public. What’s up with that?

Comments are closed.