by

Amateur hackers are poking holes in Israel’s image as a cyber superpower

Personal details of one of the country’s leading cyber professionals were exposed in the latest Iranian-linked breach of IAI’s Elta Systems

Raphael Kahan 16:2321.12.20

The personal details of one of Israel’s leading cybersecurity figures, Esti Peshin, the General Manager of Israel Aerospace Industries’ Cyber Division, have been exposed in files uploaded to the web by Iranian-linked hackers who managed to breach the servers of defense company Elta Systems.

Peshin is considered a leader in the Israeli cyber sector who has overseen the export of IAI’s cybersecurity products all over the world, led the company’s collaboration project with the Singaporean national cyber agency, and assisted in the establishment of cybersecurity divisions in many Israeli companies.

Esti Peshin. Photo: IAIצילום באדיבות: התעשייה האווירית

The exposure of Peshin’s details is mostly the result of mismanagement by IAI’s network administrators. According to information obtained by Calcalist, Peshin’s user account was leaked as part of the data breach carried out by the hackers. The stolen file includes records of IAI’s Active Directory. Analysis carried out by cyber experts found that user accounts were set up in such a way as to allow users to change their own passwords, meaning that theoretically the hackers having accessed her account, or that of anyone else with similar clearance and privileges, could have blocked their access to the system. The very fact that they could do so, highlights a severe security vulnerability.

Elta is one of Israel’s leading defense electronics companies, developing and manufacturing radars, early warning systems, communication and intelligence technologies, electronic warfare technologies, and cybersecurity products. If the hackers were able to get their hands on only a small portion of the company’s data, it would constitute a risk to national security. Iranians are known for possessing reverse engineering capabilities and making found or captured equipment operational. Such was the case when an American fighter drone was shot down over their territory. The Iranians re-built it and a model of it even attempted to infiltrate Israeli airspace two years ago.

The hack, which according to various cybersecurity professionals was not particularly sophisticated, is an embarrassment. Israel is considered a global cybersecurity powerhouse, but its vulnerabilities are often found in its service providers, such as companies that provide products and services to the military or Ministry of Defense. That was the case in the cyberattack on insurance company Shirbit, which has many clients in the various branches of the defense sector. That was also the case in the SolarWinds attack on the U.S. Government’s network by Russian intelligence agencies. Needless to say, SolarWinds also provides services to the Israeli government.

Cybersecurity depends on all levels of data protection. Photo: Pixabayצילום: pixabay

Ohad Zaidenberg, cyber intelligence researcher for ClearSky explained to Calcalist that “a strong connection has been found linking the Pay2key hacker group to another Iranian group called Fox Kitten.” According to ClearSky analysis, Fox Kitten is a criminal group, but that doesn’t mean they won’t take advantage of the situation to embarrass Israel as a type of political hacktivism.

There have been many responses on Twitter to the group’s boasts of successfully hacking into the sensitive Israeli company, among them by Iranians, Syrians, and Palestinians all congratulating on the success.

Lior Frenkel, the CEO and co-founder of Waterfall Security Solutions, agrees with the evaluation that it was a case of cybercriminals who simply took advantage of Israel’s cyber weaknesses.

Meanwhile, on Twitter, an account going under the name of 0x972DC has been boasting that it had managed to counter-hack the Iranians’ systems and expose their personal details. The user uploaded several photos of people he or she claimed belonged to the Pay2Key group. According to what is written there, it is indeed a relatively amateur hacking group that was able to utilize a known security vulnerability in Windows. Apparently, IAI’s systems were not updated to patch the breach point and the hackers simply took advantage of it.

The clock is also ticking for those who's helped #pay2key. pic.twitter.com/jR2EVIG4Wo
— 0x972DC (@EmbeddedOle) December 20, 2020

A number of computer experts Calcalist spoke to raised concerns about the management of IAI’s internal network. Among other things, they pointed out the fact that all of the company’s various divisions and daughter companies were all linked on the same network, putting the entire company at risk in the case of a breach. That said, it is not clear whether the hackers were sophisticated enough to take such widespread action and access places with classified or sensitive information. If not, it is only due to dumb luck.