Feeds

Israel's Iron Dome missile tech stolen by Chinese hackers

Corporate raiders Comment Crew fingered for attacks

Internet Security Threat Report 2014

A Chinese hacking team previously accused of being behind raids against US defence contractors has been accused of a new data heist: plundering the tech behind Israel's Iron Dome missile defence system.

Beijing's infamous Comment Crew hacking group is thought to have executed the intrusions into the corporate networks of top Israeli defense technology companies linked to the Iron Dome, including Elisra Group, Israel Aerospace Industries and Rafael Advanced Defense Systems, between 10 October 2011 and 13 August 2012, according to Cyber Engineering Services (CyberESI).

The Iron Dome has stopped a barrage of rockets launched into Israel from Gaza and has been hailed the world's most effective missile shield. US investment in Iron Dome could soon top US$1 billion over five years.

In February 2013, Mandiant identified Comment Crew as People's Liberation Army Unit 61398. The United States Justice Department in May charged five members of the unit with various hacking and espionage offenses.

The explosive allegations were detailed by Krebs on Security and contained within a CyberESI report which the company said it was not yet prepared to release publicly.

Of the three targeted organisations only Israel Aerospace Industries confirmed the breach, downplaying the attacks as "old news".

Information accessed included intellectual property on the Iron Dome Arrow 3 rockets built by Israel, the US, IAI and Boeing, and included a 900 page document of detailed schematics and specifications, along with information on Unmanned Aerial Vehicles and ballistic rockets.

Some 700 files were pillaged from IAI, amounting to 763MBs, including Word documents and spreadsheets, PDFs, emails, and executable binaries, Krebs reported.

Comment Crew maintained hooks inside IAI for four months during the 2012 raid, pivoting laterally across the network to plunder more information. They stole administrator credentials, planted trojans and keyloggers, and dumped Active Directory data from at least two domains.

The hacker outfit broke into the network of IAI subsidiary Elisra in October 2011 and remained there for a year where they copied emails from top executives including the chief executive officer, chief technology officer and vice presidents.

Elisra had contracts to supply electronic warfare systems to Seoul for its fleet of Airbus CN-235 transports and other unnamed countries for land vehicles. It is not suggested files relating to these contracts were compromised.

CyberESI reported the attacks to the companies but did not receive a response, Krebs reported.

This story will be updated if and when The Register receives a copy of the CyberESI report. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.