Israel cyber-spying on US with immunity: Jim W. Dean
Thu Mar 14, 2013 7:52AM
There are many people in the IT security business that are enraged with what the Israelis are allowed to get away with here, virtually a free pass in terms of prosecution. There is a simmering rage about it, and the endless questioning of 'why don't we just roll up all of their operations and be done with them?' They really know why, though... political corruption.”The US budget sequestration cuts have now been triggered. When the dust settled, we found the big cyber war scare was copied in all the other major Western countries. That showed us it was closely coordinated to create what is called an echo chamber effect in the Intel trade, actually psychological operation of sorts. The usuals were listed at the “bad guys”, China, Russia, and Iran... but Israel, as usual, was left off the list despite its being one of the real bad boys and on the cutting edge of the technology along with the US. The others have actually been playing catch up to a Pandora's box that we opened. Why the big scare routine, why now? Well, with budget cuts looming in the militaries of all Western countries, being exempted from cuts required some public support. Fear has always been the weapon of choice for creating that because it has worked so well in the past. My earlier article, Israel's cyber war operations against the US, still has 84,000 Google hits and generated a lot of calls and email with readers happy to see someone was finally bringing this 'oversight' out into the sunlight. Israel's cyber attacks against Iran have of course gotten Western media attention, but there remains a black out on its 'friendly country' attacks. The biggest questions and tips we received have generally involved the ease with which Israel has penetrated not only business IT for industrial espionage, but also Homeland Security. The huge number of contractors is an additional big target. I still remember by first shock when reading about our Zionist DHS head Michael Chertoff flying an entire briefing crew over to Israel to put on 'fast track' seminars for Israel companies. He was showing them how to get in on the gold rush as America shoveled out huge sums of post-9/11 deficit budget funding. They had to move fast to grab some of the communication contracts which were a gold mine in themselves for secretly tapping into security communications for many years.
We all still remember from the Clinton/Monica Lewinsky scandal, one of the transcripts of a White House phone call where Bill told her they had to be careful what they said because the Israelis were listening. What a great moment in American intelligence history!The complaints and concerns that came were not hard to get as there are many people in the IT security business that are enraged with what the Israelis are allowed to get away with here, virtually a free pass in terms of prosecution. There is a simmering rage about it, and the endless questioning of “why don't we just roll up all of their operations and be done with them?” They really know why, though... political corruption. But we had what I felt was a perfect example sent in to us this week of a classic cyber spying operation, compliments of the Israelis. One of the first things you need in this game is a fishing pole and some bait. In the IT world, that would be a website where you would obviously feel very protected. And from the spy side, one that would pull in targeted people and companies where you wanted to penetrate their computers for an extended period. The smokescreen was provided by a private Israeli University, the Interdisciplinary Center (IDC) Herzliya. They had a double hook website set up with the key one being the International Institute for Counter-Terrorism. Its a perfect hook site because it would draw a lot of international Intel and security people notice if for nothing other than going there, on their computers, to see what they had. But an infecting 'back door' code was waiting for them. You can guess for yourselves whether the Israelis got nailed here or they set this all up. I have already placed my bet. If any of you think that some outside hackers put a 'backdoor' code on an Israeli counter-intelligence website, I can promise you that did not happen. They put it there. It's what they do. They suck you in with the “we are hear to help you,” and then stick the knife in and give it a twist. I have abridged the technical explanation to cover just the key points for simplification. “That file is then written to the Windows local machine’s temporary folder and executed to infect the computer with a persistent backdoor...The backdoor service is actually installed under a registry key called “RAT”, which is not very discreet, to say the least, and the backdoor connects to a C2 that is recognized by our service as suspicious hxxp://interfacet.oicp.net:88. It appears that oicp.net is a web host that is located in China. Custom hosts on the site have been found to be involved in targeted attacks in the past (1 2); however, the specific host actually points to an IP address of 65.19.141.XXX located in Fremont, California, United States.” Okay... installing back doors on people's computers so you can steal information is an old game in the cyberwar business. You can steal all you can right away, monitor the work done on the computer and take small bits at a time, or hide unnoticed until something very important happens and then go to work. The latter would be like for planting something in a power system network to use potentially at a future date or event. And unless you are a dummy, if your back door code was found, you would want to lay a wild goose chase bread crumb trail to someone else's door. The best way to do this is to tie your operation into a host site in a country that has been getting a lot of bad publicity for cyber spying, like China. The above Fremont, Ca. location is a big international web hosting data center. So the trail came back to the US computer address where the stolen data could be coming, only to be bounced around through ten other hosts before its final destination.
Would the Israelis want it actually going to Israel in a traceable way? Of course not. Why not have it go to a place where Israeli espionage is virtually never prosecuted, like the US, or Canada, or Australia? Computer dead drops can be set up to receive info, then closed and abandoned in an ongoing process.Israeli IT security contractors and defense people actually work tours of duty in US Homeland Security where they can learn where the holes are in the system to exploit. We make it easy for them, so even more money has to be spent on cyber security. If you are getting the feeling that a lot of his is a big ongoing shakedown game, you are on your way to becoming an Intel analyst. And if you think this is all a big huge waste of money and that it might be better for all involved to have a peace convention where they might be able to work out a truce, you get a peace activist gold star. But who do you think would show up to such a cyber war peace convention? Who would even propose such a thing, even though they have been trying to scare us with cyber war mass destruction? We need to knock some sense into their heads that we are getting tired of it, really tired. JD/HJL