Feeds

Israel's Iron Dome missile tech stolen by Chinese hackers

Corporate raiders Comment Crew fingered for attacks

Choosing a cloud hosting partner with confidence

A Chinese hacking team previously accused of being behind raids against US defence contractors has been accused of a new data heist: plundering the tech behind Israel's Iron Dome missile defence system.

Beijing's infamous Comment Crew hacking group is thought to have executed the intrusions into the corporate networks of top Israeli defense technology companies linked to the Iron Dome, including Elisra Group, Israel Aerospace Industries and Rafael Advanced Defense Systems, between 10 October 2011 and 13 August 2012, according to Cyber Engineering Services (CyberESI).

The Iron Dome has stopped a barrage of rockets launched into Israel from Gaza and has been hailed the world's most effective missile shield. US investment in Iron Dome could soon top US$1 billion over five years.

In February 2013, Mandiant identified Comment Crew as People's Liberation Army Unit 61398. The United States Justice Department in May charged five members of the unit with various hacking and espionage offenses.

The explosive allegations were detailed by Krebs on Security and contained within a CyberESI report which the company said it was not yet prepared to release publicly.

Of the three targeted organisations only Israel Aerospace Industries confirmed the breach, downplaying the attacks as "old news".

Information accessed included intellectual property on the Iron Dome Arrow 3 rockets built by Israel, the US, IAI and Boeing, and included a 900 page document of detailed schematics and specifications, along with information on Unmanned Aerial Vehicles and ballistic rockets.

Some 700 files were pillaged from IAI, amounting to 763MBs, including Word documents and spreadsheets, PDFs, emails, and executable binaries, Krebs reported.

Comment Crew maintained hooks inside IAI for four months during the 2012 raid, pivoting laterally across the network to plunder more information. They stole administrator credentials, planted trojans and keyloggers, and dumped Active Directory data from at least two domains.

The hacker outfit broke into the network of IAI subsidiary Elisra in October 2011 and remained there for a year where they copied emails from top executives including the chief executive officer, chief technology officer and vice presidents.

Elisra had contracts to supply electronic warfare systems to Seoul for its fleet of Airbus CN-235 transports and other unnamed countries for land vehicles. It is not suggested files relating to these contracts were compromised.

CyberESI reported the attacks to the companies but did not receive a response, Krebs reported.

This story will be updated if and when The Register receives a copy of the CyberESI report. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.