Protocols of the Hackers of Zion?

by Marsha B. Cohen

When Israeli Prime Minister Benjamin Netanyahu met with Google chairman Eric Schmidt on Tuesday afternoon, he boasted about Israel’s “robust hi-tech and cyber industries.” According to The Jerusalem Post, “Netanyahu also noted that ‘Israel was making great efforts to diversify the markets with which it is trading in the technological field.'”

Just how diversified and developed Israeli hi-tech innovation has become was revealed the very next morning, when the Russian cyber-security firm Kaspersky Labs, which claims more than 400 million users internationally, announced that sophisticated spyware with the hallmarks of Israeli origin (although no country was explicitly identified) had targeted three European hotels that had been venues for negotiations over Iran’s nuclear program.

Wednesday’s Wall Street Journal, one of the first news sources to break the story, reported that Kaspersky itself had been hacked by malware whose code was remarkably similar to that of a virus attributed to Israel. Code-named “Duqu” because it used the letters DQ in the names of the files it created, the malware had first been detected in 2011. On Thursday, Symantec, another cyber-security firm, announced it too had discovered Duqu 2 on its global network, striking undisclosed telecommunication sites in Europe, North Africa, Hong Kong, and  Southeast Asia. It said that Duqu 2 is much more difficult to detect that its predecessor because it lives exclusively in the memory of the computers it infects, rather than writing files to a drive or disk.

The original Duqu shared coding with — and was written on the same platform as — Stuxnet, the computer worm  that partially disabled enrichment centrifuges in Iranian nuclear power plants, according to a 2012 report in The New York Times. Intelligence and military experts said that Stuxnet was first tested at Dimona, a nuclear-reactor complex in the Negev desert that houses Israel’s own clandestine nuclear weapons program. While Stuxnet is widely believed to have been a joint Israeli-U.S. operation, Israel seems to have developed and implemented Duqu on its own.

Coding of the spyware that targeted two Swiss hotels and one in Vienna—both sites where talks were held between the P5+1 and Iran—so closely resembled that of Duqu that Kaspersky has dubbed it “Duqu 2.” A Kaspersky report contends that the new and improved Duqu would have been almost impossible to create without access to the original Duqu code. Duqu 2’s one hundred “modules” enabled the cyber attackers to commandeer infected computers, compress video feeds  (including those from hotel surveillance cameras), monitor and disrupt telephone service and Wi-Fi, and steal electronic files. The hackers’ penetration of computers used by the front desk would have allowed them to determine the room numbers of negotiators and delegation members. Duqu 2 also gave the hackers the ability to operate two-way microphones in the hotels’ elevators and control their alarm systems.

Israel’s Online Warriors

Israel considers cyber warfare to be the wave of the future, with the best and brightest young students in Israeli schools identified, tracked, and then recruited to become “online warriors.” Although paratroopers were once the elite within the Israeli military, cyber warriors appear to have replaced them in status.

In the 1990s, Israel built up its cyber-security forces by drafting young hackers — many of whom had emigrated from Russia after the dissolution of the Soviet Union — who were given the choice of putting their skills to use on behalf of the Israeli military or going to jail. The latest target of IDF recruitment efforts for cyber warfare, however, are orthodox and even ultra-orthodox (haredi) Jewish men, who are  encouraged to combine their studying at religious academies (yeshivot) while they fulfill their military service as hi-tech cyber-warriors in the Israel Defense Forces. Ninety percent of haredim in the Israeli Air Force, for example, serve in hi-tech positions. Kaspersky researchers observed that Duqu’s programmers didn’t work between sundown on Fridays and Saturday night, the Jewish Sabbath. Religiously observant Israelis increasingly serve in the Israel Defense Forces (IDF) cyber-security units because it allows them to fully engage in their religious studies while completing their military service.

A new yeshiva, Derekh Chaim (Path of Life),  combines Torah study and military service, as do all hesder yeshivot, but also technological studies that emphasize cyber warfare. Fully integrated into the IDF’s intelligence and cyber divisions,  these student-soldiers are trained not only to protect Israel’s highly sensitive computer networks, but also to carry out cyber-attacks.

The penetration of the Iran negotiations by “Duqu 2” reveals the advances in the malware used by Israel against its friends and allies as well as its enemies. On March 23, The Wall Street Journal reported that the White House knew last year that Israel had been spying on the negotiations with Iran, loudly leaking details about the proceedings of the closed-door discussions in hopes of undermining the prospects for their success and maximizing congressional opposition to any deal. The same report referred to Israeli “eavesdropping” and efforts to debrief participants who were not authorized to speak about the proceedings.

Israel challenged the report’s veracity. “The state of Israel does not conduct espionage against the United States or Israel’s other allies,” a senior official told the Journal, adding that, “The false allegations are clearly intended to undermine the strong ties between the United States and Israel and the security and intelligence relationship we share.” Other Israeli commentators suggested sardonically that President  Obama was far more displeased with Bibi Netanyahu supplying his Republican critics in Congress with ammunition with which to thwart a deal with than he was about any danger to the US posed by Israeli espionage.

Israeli Responses

On Wednesday, Israeli Deputy Defense Minister Eli Ben-Dahan responded to the Journal’s latest disclosures by calling them “nonsense.” He assured an Israel Radio interviewer that Israel had abundant sources of intelligence that made hacking unnecessary. He then admitted that if Israel’s intelligence services had actually carried out a covert cyber operation, he himself probably would not have been told about it.

Most mainstream Israeli news sources Thursday seemed to regard the latest suspicions of Israeli involvement in the Duqu 2 hack of the Iran nuclear talks as plausible, although Israel Today, owned by Sheldon Adelson, dismissed them as “baseless.” In Maariv, however, security reporter Yossi Melman, who has written extensively about Israeli intelligence and espionage, asserted that various forms of malware were the spies of the future, and “the future is already here.”

Haaretz, meanwhile, quoted a dire prediction by Eugene Kaspersky himself:

“Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilized by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario.”