Group linked to PLA accused of stealing documents on Iron Dome shield
PUBLISHED : Wednesday, 30 July, 2014, 9:50pm
Reuters in Vienna
Three Israeli defence contractors behind the Iron Dome missile shield and related systems were robbed of hundreds of documents by hackers linked to the Chinese government starting in 2011, a US-based computer forensics expert said.
Comment Crew, as the hacking group is known, stole designs for Israeli rocket systems in a spree of attacks during 2011 and 2012, Joseph Drissel, chief executive of Cyber Engineering Services, said.
The targets of the online attacks were top military contractors Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defence Systems. The companies built the system that now partially insulates Israel from rocket barrages from Gaza.
Drissel’s company traced the intrusions into Israeli contractors and identified more than 700 stolen emails, documents and manuals pertaining to development of the Iron Dome project and other missile projects.
“Comment Crew is so named for a very specific reason – they insert malware with hidden comments on various public webpages they control and use those sites as command and control centres to download stolen documents,” Drissel said.
Cyber Engineering Services identified these sites and grabbed evidence of the stolen documents before Comment Crew could cover their tracks, he said.
Drissel said he was disclosing the attacks only now, after years of seeking unsuccessfully to persuade the affected companies and US and Israeli government authorities to address both the security issues that led to the breaches and to take stock of what specific weapon systems may have been compromised.
In May, the US Justice Department indicted five Chinese military officers who allegedly belonged to Comment Crew, also known as Unit 61398 and based in Shanghai. They were accused of hacking into the networks of US Steel Corporation, Westinghouse Electric and four other US companies to steal trade secrets.
A cybersecurity expert in Beijing said the allegations against China needed clarification.
“They said the hackers were operating out of China, but the five PLA officers indicted by the US were in China. Are they talking about the same people? The fact is, they may not have a clue where the attacks were launched from, and by whom,” he said, declining to be named due to the sensitivity of the issue.
Additional reporting by Stephen Chen