Chinese Hackers Target Israel’s Iron Dome

A PLA cyber unit targeted Israeli defense companies involved in developing the coveted Iron Dome missile defense system.

Chinese Hackers Target Israel’s Iron Dome
Credit: Nehemia Gershuni CC-BY-SA 4.0

Chinese military hackers stole information relating to Israel’s much-touted Iron Dome missile defense system, according to a recent report by the cyber security website, Krebs on Security.

“Three Israeli defense contractors responsible for building the ‘Iron Dome’ missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology,” the report says, citing analysis by the Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. (CyberESI).

The hackers penetrated the systems of three top Israeli defense firms — Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems — between October 2011 and August 2012, according to CyberESI (although the initial phishing emails went out in April 2011). CyberESI says that most of the information the Chinese hackers targeted was “intellectual property pertaining to Arrow III missiles, Unmanned Aerial Vehicles (UAVs), ballistic rockets, and other technical documents in the same fields of study.” This and other information led CyberESI to conclude that the hackers were interested in Israel’s “Iron Dome” missile defense system.

The timing of the cyber intrusions is also consistent with this conclusion. The Iron Dome was first deployed in March 2011 and intercepted its first missile from Gaza a month later. That same month is when the first phishing emails were sent to the firms.

According to CyberESI, the attacks against the Israeli firms “bore all of the hallmarks of the ‘Comment Crew,’” a now-infamous cyber unit in the People’s Liberation Army. The Comment Crew, which is officially designated PLA Unit 61398, first rose to public prominence when the Virginia-based cyber security firm Mandiant profiled it in a report it released in February of last year. The five PLA hackers whom the U.S. officially charged with crimes this spring were also members of Unit 61398, which is based out of Shanghai.

Israel’s mobile, all-weather Iron Dome missile defense system targets missiles with ranges between 4-70 kilometers, although Israel is currently trying to expand that range. The batteries all have sophisticated radars that allow them to determine the destination of the intended target. The system is therefore able to ignore missiles that are headed towards open fields or unimportant sites. Among the missiles it does target, however, it reportedly has an astonishing interception rate of as high as 90 percent. During the current Gaza War, the Iron Dome missile systems had an interception rate of 86 percent as of July 20, according to the Israeli military. This is why one military analyst has said that “Iron Dome is [possibly] the most-effective, most-tested missile shield the world has ever seen.”

Although the Iron Dome system was mostly developed by Israeli defense firms — first and foremost Rafael — it has largely been funded the United States. If the FY2015 U.S. defense budgets are approved, the U.S. will have given Israel nearly $1 billion in funding for the Iron Dome system over the last five years. By contrast, Israel has invested nearly $600 million. According to Yair Ramati, the head of Israel’s Missile Defense Organization, the U.S. has paid for seven of the eight Iron Dome batteries Israel currently deploys.

In contrast to the Iron Dome Missile System itself, the U.S. and Israel jointly developed the Arrow 3 missile that was also targeted by the PLA hackers. The head of CyberESI told Krebs on Security, “Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors. We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well.”