Chinese military hackers have reportedly stolen “huge quantities of sensitive data” regarding Iron Dome, Israel’s US-funded, billion-dollar missile shield.
Documents from three Israeli defence contractors were reportedly stolen in a series of attacks between 2011 and 2012 by a group known as the “Comment Crew”, a hacker organization funded by the Chinese People’s Liberation Army (PLA).
Accusations of the attacks were made by cybersecurity group Cyber Engineering Services (CyberESI) on the blog of independent security analyst Brian Krebs.
According to the report, Israeli contractors Israel Aerospace Industries (IAI), Rafael Advanced Defence Systems, and the Elisra Group were all targeted, with the stolen data including technical documents covering everything from ballistic rockets to drones.
Joseph Drissel of CyberESI said that the nature of the attacks suggested the hackers were looking for information about Iron Dome, the missile intercept system that is widely credited with the low number of Israeli citizen casualties in the ongoing Gaza conflict.
The hackers also stole a 900-page document providing detailed schematics of the Arrow III missile, a technology that Cyber ESI founder Joseph Drissel said “wasn’t designed by Israel, but by Boeing and other US defence contractors.”
“We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well,” Drissel told Krebs.
This American connection might suggest why the hacks have not been reported by Israeli contractors. Two of those companies contacted by Krebs did not reply while a third, IAI, said that the information was “old news”.
“At the time, the issue was treated as required by the applicable rules and procedures,” IAI’s Eliana Fishler told Krebs. “The information was reported to the appropriate authorities. IAI undertook corrective actions in order to prevent such incidents in the future.”
When pressed however, IAI were not able to provide links to any media coverage of the hacks.
The group that CyberESI blame for the attacks, Comment Crew, were identified by security firm Mandiant as Unit 61398 of the PLA in February 2013. This report led to the arrest in May of five members of the group by the United States Department of Justice for attacks against private firms.
However, CyberESI have not published any direct evidence of the Chinese military’s involvement other commenting that the attack “bore all the hallmarks” of the Comment Crew.
The attacks included installing various tools and Trojan horse programs on the internal systems of the Israeli contractors, with the hackers reportedly gaining access to the email accounts of top executives.
Speaking to Business Insider, research scientist Jon Lindsay of the University of California's Global Institute on Conflict and Cooperation said the hacks might suggest the Chinese were interested in developing their own missile shields, a notoriously difficult technology to create, but that they might also have been more speculative.
"The Chinese style of espionage is more like a vacuum cleaner than a closely-directed telescope," Lindsay said. "They go after a lot of different kinds of targets — the leaders in any particular industry."