MESOPOTAMIA NEWS : WHILE THE BRUSSELS EU IS SITTUNG & TALKING – Ex-Shin Bet official: Iran may use Chinese cyber tech to attack Israel, US

By YONAH JEREMY BOB   JANUARY 14, 2020 20:25 – JERUSALEM POST

Following the killing of Iran IRGC Quds Force chief Qasem Soleimani, Iran may use advanced Chinese cyber tools against Israel or the US, a former top Shin Bet (Israel Security Agency) official warned The Jerusalem Post on Tuesday.The official, Dr. Harel Menashri was a founder of the Shin Bet’s cyber department and is currently the Head of Cyber at the Holon Institute of Technology.

The Post also spoke with former Shin Bet cyber chief Eric Harris Berbing about key cyber issues confronting Israel, with both officials due to appear at the Cybertech conference in Tel Aviv between January 28-30.

Menashri explained that even the Islamic Republic’s homegrown cyber capabilities had gotten much stronger in recent years, but that it likely has acquired Chinese capabilities, which are even more threatening.

“I assume they received new capabilities from China in cyber defense… and China is the strongest in cyber defense. China probably did not give them offensive cyber capabilities [directly]. But when you carry out defensive cyber, you also learn about offensive cyber,” said Menashri.

Essentially, Menashri’s point was that Iran could reverse engineer some of the advanced cyber defense capabilities it likely received from China, which it might not have acquired on its own. Then it could turn them into new advanced attack capabilities against Israel and the US.

This could be particularly worrying in this time period soon after Soleimani was killed on January 3 in which Tehran is still deciding how to retaliate and against whom.

One benefit of cyber attacks for Iran is that it could give it plausible deniability that a direct use of military force would not afford it.

“We need to take their [Iranian leaders] statements seriously… about taking revenge… and with foreign media reports that maybe Israel was involved in collecting intelligence against Soleimani,” he said that Iran may want to vent its anger against Israel.

Even before the Soleimani issue, Menashri said that he understood that Israel was already fending off approximately eight million cyberattacks per day, many of which came from Iran.

In other words, Israel is and must continue to be ready to defend against Iranian cyberattacks whether there is additional danger after the Soleimani hit or not.

Cyber is also an area where Iran can invest very little in terms of funds – at a time when its economy is shaky – while achieving a large upside in causing potential damage.

Menashri warned of Iranian cyberattacks on critical infrastructure, such as relating to electricity, water, hospitals and banks.

Meanwhile, former Shin Bet cyber chief Berbing focused on Tuesday’s reports that Russian hackers targeted a Ukrainian gas company at the center of the Trump impeachment query in an attempt to recover details regarding former vice president and 2020 presidential hopeful Joe Biden. The attack is being compared to Russia’s influence operation to tamper with the 2016 US presidential election through leaking damaging hacked emails from Hilary Clinton’s campaign.

First, Berbing qualified that it was possible that “the report itself is part of an influence operation someone wants to carry out against the Russians.”

Despite that qualifier, Berbing said, “There is hard evidence that Russia was involved in the US 2016 presidential election, involved in encouraging BREXIT and other elections.”

Cyber attacks like those revealed on Tuesday, if part of a broad influence operation, are still a way that Russia can tip elections in the direction it wishes or generally promote chaos among its Western adversaries, he said.

Berbing described the methods used by cyber powers like Russia to cover their tracks as extremely advanced.

Besides Russia often having the cyberattacks carried out from a different geographic area to throw forensic cyber investigators off their scent, Moscow is likely to pay outside cyber criminals to promote the offensive cyber operations.

The former Shin Bet official, who also headed its counter-terrorism division for Jerusalem, Judea and Samaria, said that Russia has learned even more techniques for erasing any hint of its involvement in recent years.

If top cyber officials have previously told the Post that even Russia once left behind traces of Russian language at deep levels of its coding, Berbing said that Moscow now has cut out even such minor errors.

In addition, he said that Russian and other major powers’ cyber operations have intelligence analysts intimately woven into their operations so that they know everything about their targets and what makes them tick, before they engage.

Reports even indicate that the latest Russian attempt to hack the Biden-connected Ukraine company included Moscow creating mirror versions of the company’s suppliers. This meant that company employees could have received communications from what looked like trusted long-time business associated, making it nearly impossible to realize they were being hacked.

Berbing said that sometimes the only way that he and other experts discovered Russian or other top cyber power involvement was comparing the use of similar cyber moves and tactics which were previously used by specific countries.

Moreover, he said that sometimes, errors could be found in complex cultural references, which would be harder for even intelligence analysts to help fake.

Berbing said they key to combating these highly complex cyberattacks was redundant barriers to get permission to access sensitive information or even splitting sensitive information into entirely separate databases.

He also said that any organization with sensitive information must constantly update its employees to keep them aware of the morphing methods that hackers may try to use to target them.