State of (CyberWar) Episode 6.1 Join Hugo Tarrida and John Salomon for the latest part of our Middle East cyberwarfare mini-series. We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns, We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation. If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: https://youtu.be/X3wkTszRlck Notes and links: Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative. We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint. Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary. 02:03 CFR overview of cyberwarfare capabilities: https://www.cfr.org/cyber-operations/ 02:50 Unit 8200: https://en.wikipedia.org/wiki/Unit_8200 03:05 Military Intelligence Directorate, aka Aman: https://www.idf.il/en/mini-sites/directorates/military-intelligence-directorate/military-intelligence-directorate/ 03:57 Unit 81: https://en.wikipedia.org/wiki/Unit_81 05:01 Havatzalot: https://en.wikipedia.org/wiki/Havatzalot_Program - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice. 05:16 Talpiot: https://en.wikipedia.org/wiki/Talpiot_program - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out 06:55 Technion / Israel Institute of technology: https://www.technion.ac.il/ 06:56 Hebrew University of Jerusalem: https://en.huji.ac.il/ 07:30 IDF Information Security Department: https://en.wikipedia.org/wiki/Information_Security_Department - it's unclear whether it's the same as these guys: https://www.mitgaisim.idf.il/%D7%AA%D7%A4%D7%A7%D7%99%D7%93%D7%99%D7%9D/cyber-protection-unit/ 07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems" 09:15 This may be the Israel Innovation Authority - https://innovationisrael.org.il/en/ - we're not 100% sure though 11:14 Stuxnet: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/ 11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs). 22:59 TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations 12:16 We're going to assume you're capable of looking up Snowden and his revelations on your own 12:30 Stuxnet 2.0: https://cyware.com/news/stuxnet-20-iran-hit-by-new-more-aggressive-variant-of-powerful-industrial-control-malware-9d9c9a73 15:37 Duqu: https://www.enisa.europa.eu/media/news-items/duqu-analysis 15:38 Flame: https://www.bbc.com/news/technology-18238326 15:39 Duqu 2.0: https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks - the Guardian is one of the outlets that linked Duqu 2.0 to Israel 16:21 Kaspersky's Equation Group overview: https://www.kaspersky.com/about/press-releases/2015_equation-group-the-crown-creator-of-cyber-espionage 17:13 Some info on those particular negotiations: https://www.cfr.org/backgrounder/what-iran-nuclear-deal 17:45 The NY Times article: https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html 18:38 Correction: Iranian officials disconnected oil terminals themselves as a reactive measure. BBC reporting about initial attack - https://www.bbc.com/news/technology-17811565 - and followup: https://www.bbc.com/news/technology-18253331 19:44 Pegasus (NSO Group): https://en.wikipedia.org/wiki/Pegasus_(spyware) - interestingly, just after we finished this recording, there were reports of "fake" Pegasus variants for sale: https://www.infosecurity-magazine.com/news/fake-pegasus-spyware-dark-web/ 20:16 Kaspersky on Flame: https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-experts-provide-in-depth-analysis-of-flame-s-c-c-infrastructure 20:51 NSO Group: https://www.nsogroup.com/ 21:18 Chrysaor: https://www.independent.co.uk/tech/chrysaor-android-spyware-app-smartphone-cameras-hack-photos-pegasus-google-a7666306.html 21:34 https://www.calcalistech.com/...
