Amateur hackers are poking holes in Israel’s image as a cyber superpower

Personal details of one of the country’s leading cyber professionals were exposed in the latest Iranian-linked breach of IAI’s Elta Systems

Raphael Kahan 16:2321.12.20
The personal details of one of Israel’s leading cybersecurity figures, Esti Peshin, the General Manager of Israel Aerospace Industries’ Cyber Division, have been exposed in files uploaded to the web by Iranian-linked hackers who managed to breach the servers of defense company Elta Systems.


Peshin is considered a leader in the Israeli cyber sector who has overseen the export of IAI’s cybersecurity products all over the world, led the company’s collaboration project with the Singaporean national cyber agency, and assisted in the establishment of cybersecurity divisions in many Israeli companies.


Esti Peshin. Photo: IAI Esti Peshin. Photo: IAI
The exposure of Peshin’s details is mostly the result of mismanagement by IAI’s network administrators. According to information obtained by Calcalist, Peshin’s user account was leaked as part of the data breach carried out by the hackers. The stolen file includes records of IAI’s Active Directory. Analysis carried out by cyber experts found that user accounts were set up in such a way as to allow users to change their own passwords, meaning that theoretically the hackers having accessed her account, or that of anyone else with similar clearance and privileges, could have blocked their access to the system. The very fact that they could do so, highlights a severe security vulnerability.


Elta is one of Israel’s leading defense electronics companies, developing and manufacturing radars, early warning systems, communication and intelligence technologies, electronic warfare technologies, and cybersecurity products. If the hackers were able to get their hands on only a small portion of the company’s data, it would constitute a risk to national security. Iranians are known for possessing reverse engineering capabilities and making found or captured equipment operational. Such was the case when an American fighter drone was shot down over their territory. The Iranians re-built it and a model of it even attempted to infiltrate Israeli airspace two years ago.


The hack, which according to various cybersecurity professionals was not particularly sophisticated, is an embarrassment. Israel is considered a global cybersecurity powerhouse, but its vulnerabilities are often found in its service providers, such as companies that provide products and services to the military or Ministry of Defense. That was the case in the cyberattack on insurance company Shirbit, which has many clients in the various branches of the defense sector. That was also the case in the SolarWinds attack on the U.S. Government’s network by Russian intelligence agencies. Needless to say, SolarWinds also provides services to the Israeli government.


Cybersecurity depends on all levels of data protection. Photo: Pixabay Cybersecurity depends on all levels of data protection. Photo: Pixabay
Ohad Zaidenberg, cyber intelligence researcher for ClearSky explained to Calcalist that “a strong connection has been found linking the Pay2key hacker group to another Iranian group called Fox Kitten.” According to ClearSky analysis, Fox Kitten is a criminal group, but that doesn’t mean they won’t take advantage of the situation to embarrass Israel as a type of political hacktivism.


There have been many responses on Twitter to the group’s boasts of successfully hacking into the sensitive Israeli company, among them by Iranians, Syrians, and Palestinians all congratulating on the success.


Lior Frenkel, the CEO and co-founder of Waterfall Security Solutions, agrees with the evaluation that it was a case of cybercriminals who simply took advantage of Israel’s cyber weaknesses.


Meanwhile, on Twitter, an account going under the name of 0x972DC has been boasting that it had managed to counter-hack the Iranians’ systems and expose their personal details. The user uploaded several photos of people he or she claimed belonged to the Pay2Key group. According to what is written there, it is indeed a relatively amateur hacking group that was able to utilize a known security vulnerability in Windows. Apparently, IAI’s systems were not updated to patch the breach point and the hackers simply took advantage of it.


A number of computer experts Calcalist spoke to raised concerns about the management of IAI’s internal network. Among other things, they pointed out the fact that all of the company’s various divisions and daughter companies were all linked on the same network, putting the entire company at risk in the case of a breach. That said, it is not clear whether the hackers were sophisticated enough to take such widespread action and access places with classified or sensitive information. If not, it is only due to dumb luck.


The breach is not yet over and it is still difficult to assess the magnitude of data the hackers were able to steal. What is certain is that it is a move that can be utilized by the Iranian authorities too. The fact that IT teams often aren’t skilled or well trained enough in data protection is repeatedly being used for breaches that don’t require much in the way of sophistication.


If in the past Israel could rest assured that it was not at the top of hackers’ target lists, at least not of those who are criminally motivated, that is no longer the case. The more Israel boasts of being a cyber superpower, the more it will attract attackers who want to meet the challenge.


A cyberattack on Israeli organizations. Photo: Shutterstock A cyberattack on Israeli organizations. Photo: Shutterstock
For the moment, it appears that the hackers are managing to embarrass quite a few companies that arent’ prepared enough for cyberattacks. With companies facing the Covid-19 crisis tending to cut their cyber budgets, it seems like we’re in for more attacks in the days to come.


IAI responded to Calcalist’s request for comment saying the matter was under investigation.