Information Warfare: Iran Receives A Warning Shot

Archives

June 26, 2020: Iran has confirmed that Israel has a formidable Internet defense capability. Iran knew that Israel has established a separate CDU (Cyber Defense Unit) within its C4I Corps back in 2016 but was not yet aware of how effective that new operation was. Now Iran has a better idea. This all began earlier in 2020 when Israeli network security monitors discovered someone trying to hack their way into municipal water supply networks. This soon involved the C41 Corps, which is responsible for protecting the civilian Internet connections that enable the civilian economy to supply what the IDF (Israel Defense Forces) needs to operate, especially in wartime.

CDU spends most of its time assigning its Red Teams to try and hack this infrastructure as well as the purely military networks. CDU has learned a lot about network vulnerabilities and how to fix them. CDU was involved when Israel got into a dispute with the U.S. over access to the source code to the extensive software that makes the F-35 stealth fighter so effective. Details were never released but it is known that CDU red teams go over software provided with any foreign military equipment Israel buys. This has always been the case with submarines purchased from Germany and various smart bombs and other gear purchased from American defense firms. The F-35 was a special case because the aircraft was so dependent on its unique software. Apparently, CDU found some interesting vulnerabilities and a solution was quietly worked out.

The Iranian probe did not do any damage but CDU identified it as the kind of probe that is done in preparation for developing a major attack plan. For that strategy to work these probes are not supposed to be detected. Having your probes detected puts the target on alert and removes any Iranian hope of carrying out a surprise attack. C4I Corps had its offensive team deliver a message to Iran. This response was not announced and was apparently the cause of the subsequent collapse of the network that ran one of Iran’s major container ship ports. Traffic in and out of that port were stalled for days. Iran denied it happened but commercial satellite photos, and complaints from crews of foreign ships caught in the aftermath, as well as local truck drivers, confirmed the halt in port operations was because of a “computer problem.”

Once Iran had received their warning, CDU double-checked network security throughout the civilian supply chain the military depends on for timely delivery of supplies in war and peace. Iran was suitably warned to back off but C4I knows they won’t. Iran is still seeking revenge for the damage STUXNET did to their nuclear weapons program a decade ago and subsequent, often very similar, Israeli attacks, both known and unknown.

Iran has become somewhat paranoid about and obsessed with Israeli Internet based attacks. For example, STUXNET was espionage and sabotage software developed specifically to damage Iran’s uranium enrichment equipment. High-end cyber weapons like STUXNET are designed to keep their activities hidden, and they did that for longer than initially believed. By 2013 Internet security researchers believed that a beta version of STUXNET was at work as early as 2005. It also appears that STUXNET got into the Iranian enrichment facilities at least twice.

After the 2005 beta version, there were several more improved versions released. Iran still believes that more recent versions of STUXNET are still trying to gain access to its uranium enrichment equipment. By 2012 the more prudent (or paranoid) Iranian software experts believe that a new (3.0?) version of STUXNET was already inside the enrichment control systems, waiting for the right time to do more major damage.

It was first believed that STUXNET was released in late 2009, and thousands of computers were infected as the worm sought out its Iranian target. Initial dissection of STUXNET indicated that it was designed to interrupt the operation of the control software used in various types of industrial and utility (power, water, sanitation) plants. Eventually, further analysis revealed that STUXNET was programmed to subtly disrupt the operation of gas centrifuges used to turn uranium ore into nuclear plant fuel or, after more refining, into nuclear weapons-grade material. It is now believed that the first attack was made before 2009, and another attack after that.

The STUXNET "malware" was designed to hide in the control software of an industrial plant, making it very difficult to be sure you have cleaned all the malware out. This is the scariest aspect of STUXNET and is still making Iranian officials nervous about other STUXNET-type attacks. Although Iran eventually admitted that STUXNET did damage, they would not reveal details of when STUXNET got to the centrifuges or how long the malware was doing its thing before it was discovered and removed. But all this accounts for the unexplained slowdown with Iran getting new centrifuges working. Whoever created STUXNET probably knows the extent of the damage because STUXNET also had a "call home" capability.

Iran didn’t figure out that STUXNET was the reason why some of their nuclear material processing equipment failed until after the damage was done and even then the American-Israeli software weapon was discovered by Western researchers who figured out the target was Iran. Since then Iran has been desperate for a win in the Cyber War department and has so far been disappointed. The Iranians keep trying and they keep developing new skills and tools, so C41 and CDU have to be even more alert.

Israel developed world-class Internet defenses and offensive capabilities over the last two decades, as the Internet became more of a key factor in the global economy and military operations. This was done quietly and details did not become known unless someone attacked Israel. An example of this was the July-August 2014 war in Gaza, which created some very unpleasant surprises for Hamas, which thought it could risk another war with Israel and come out the winner, to the Arab world at least. Hamas knew that Israel had been working at discovering and countering Hamas tactics, but Hamas was confident they had enough new tricks to stay ahead of the Israelis. Hamas quickly discovered that the Israelis were a lot quicker and better coordinated than in the past. This time around the Israelis learned more from their earlier clashes with Hamas and Hezbollah, the Iranian subsidiary in Lebanon.

This has happened before, to both the Israelis but mainly to the Arabs. It was only after that war ended that Hamas learned details of what they were up against. It turned out that Israel had managed to create an effective and reliable “Battlefield Internet”. This has been the goal of military communications experts for over a decade. The United States was long the leader, but in mid-2014 Israel was the first to demonstrate a Battlefield Internet that consistently worked under combat conditions. This breakthrough development was largely ignored by the media but military leaders worldwide are paying attention.

One of the first uses of the Battlefield Internet came early in the war when Hamas attempted to use their scuba equipped “naval commandos” to make an underwater assault on an Israeli seaside base just north of Gaza. The Hamas commandos were quickly spotted by Israeli sensors monitoring offshore waters, which automatically sent the contact information to the new Israeli Battlefield Internet. This automatically sent the alert (along with location and other data) to land, naval and air vehicles within range. That meant that before the Hamas men hit the beach they were being tracked by an Israeli tank gunner, an armed UAV overhead and a nearby warship. The closest infantry unit sent troops to the beach the Hamas men appeared to be moving towards. The five Hamas men refused to surrender to the Israeli troops waiting for them on the beach and, in a brief gun battle, all five were killed. One Israeli soldier was wounded and this, and the fact that the Hamas men made it onto the beach was, by Arab standards a victory. A week later Israel released details of what had happened to the Hamas frogmen.

What the Israelis have done with the Battlefield Internet is link everyone involved; pilots, UAV operators, tank commanders and infantry unit commander, plus people at C4i Corps that managed the flow of data, so all can all see was what each other was seeing of the Hamas commandos. These multiple views eliminated the uncertainty often present when only one view was available. It made all the Israelis involved more confident and that led to speedier interpretation of the situation and decisive action to deal with it. This capability also reduces the risk of friendly fire.

Hamas soon discovered that many of their other new tactics, like dozens of deep tunnels into Israel and numerous new ideas for hiding and launching rockets from residential areas and public buildings (schools, hospitals and mosques) were not only known to the Israelis but were captured by Israeli aerial video cameras and quickly destroyed by other Israeli forces who instantly had that information and were able to take action. This was happening much faster than Hamas expected and it caused a bit of panic among Hamas leaders and their subordinates. Hamas also discovered that the Israelis had better information on where the Hamas leaders were hiding out and a lot more of these fellows were getting killed than during past conflicts. It was the Battlefield Internet that gave the Israelis an extra, unexpected, edge. Hamas also found that their attempts to force Israel to kill a lot more Palestinians during efforts to halt the rocket attacks were compromised by Israeli warnings to civilians (often via telephone) to get out when the rockets hidden in their building were about to be destroyed by smart bombs or missiles. The Israelis also proved more adept at avoiding civilian casualties in general. The saddest aspect of all this was that Hamas had been warned that Israel had these new capabilities and ignored it.

The Battlefield Internet comes out of more than a decade of research into the subject, and the C4I Corps (before 2003 the Teleprocessing Branch) is another post-2006 reform that merged communications and computer operations into one organization that provided both those services throughout the armed forces. With that merger is was easier to implement the Battlefield Internet, which needed close and instantaneous transfer of data (voice and data) wirelessly over a network all combat forces had access to.

The existence of the Israeli Battlefield Internet was not really a secret, but details of how it operated and how effective it was in action were. Months before the July war began Israel revealed that, because of new technology and weapons, the air force could now hit more targets in 24 hours than it did in 33 days during the 34-day war with Hezbollah in 2006. For Hamas, Israel pointed out that it would now hit in less than 12 hours the number of targets it took seven days to find and attack during the week-long 2008 war with Hamas. This was all part of a technological revolution the Israeli armed forces had been undergoing since the 1990s. Since the 2006 war with Hezbollah those changes have been accelerating. This statement did not disturb Hezbollah or Hamas because they knew the Israelis were always improving their technology. What was underestimated was the extent of this particular improvement.

Another surprise was how the Battlefield Internet improved Israeli intelligence efforts. Israel always had some formidable intelligence collection capabilities. Israel satellites, UAVs and manned recon aircraft collect data that leads to the identification of enemy bases and weapons storage sites. This, for example, enabled the Israeli Air Force to quickly destroy most of the long-range rockets in Lebanon in 2006 and in Gaza in 2008. The Israeli Air Force demonstrated a lot of changes less than two years after the 2006 war when, in Gaza, dozens of targets taken out within three minutes by Israeli warplanes. The new automated systems included everyone (air, ground and naval). In addition to using more sensors (ground, air and naval) all these were linked together electronically so that when a potential threat was detected every tank, infantry unit, artillery, aircraft or ship within range was alerted and provided access to video or other sensor data. Israel has long been the leading developer and supplier (for their own forces as well as export) sensor and computerized command and control systems. All this enabled more targets to be found and attacked more quickly.

The objective of all this was to increase the speed and accuracy of smart bombs and missiles hitting targets the army wanted taken out. In the last few years, this also meant new display technology and software that enables a commander to identify and designate a target with a few taps on a touch screen. Israel was also using cell phone size devices for this and constantly upgrading the crypto (that keeps the enemy from making sense of these communications) used. The goal now is to further streamline and speed up so ten times as many targets can be hit as was the case in 2006. Since 2008 the standardization and communications have been further improved so that you no longer need air force officers with ground units to get air support quickly.

After the 2006 war, Israel realized two things; its military was still superior to Arab forces and its military was not as superior as Israel believed it was. The major Israeli deficiency was communications. What the Arabs, or at least Iran-backed Hezbollah, had done was learned to move faster and more resourcefully than the Israelis expected. What really shocked the Israelis was that although they could spot and track these Hezbollah moves, they could not get artillery, aircraft or ground troops moved quickly enough to take out a lot of identified targets before the enemy managed to change position. All the different levels of Israeli headquarters and combat units could actually communicate with each other, but not fast enough to hit a target that had been identified and located, but was not staying put long enough for the completion of all the procedures and paperwork required to get the strike order sent to the unit best able to carry it out.

The solution was new technology and procedures. Since 2006 Israel has built a new communications system that is faster and able, according to Israeli claims, to hit a lot more targets than the 2006 era forces could manage. Much of the solution had nothing to do with radical new hardware but to simply standardizing the procedures everyone had long used to call for fire or to deliver it. Now commanders at all levels can see the same data and call for and receive fire support quickly in addition to everyone seeing the same information. When a target is identified the bombs, shells or ground attack follow quickly. Everyone was shown how easy and damaging it was to underestimate the enemy. In training exercises, the “enemy” is controlled by Israeli troops with ordered to be imaginative and try real hard to not get spotted and hit. It’s been amazing what these “enemy” troops come up with, and necessary to keep this secret so that the real enemy does not find out.

In 2014 the Israelis suffered more military deaths (over 66) than earlier wars with Hamas but only six Israeli civilians died, one of them a foreign worker from Thailand. Hamas won’t admit what damage was done to its military resources but it was far greater than in the past and that included nearly a thousand Hamas personnel and an extensive network of tunnels under Gaza that was supposed to limit Hamas casualties. The Hamas leadership took much heavier losses than Hamas expected and the losses to key Hamas people (leaders, technical experts) were also much higher. Hamas could declare victory all they want, but compared to past battles with Israel, Hamas got the worst of it in 2014. To make the defeat even more painful, many former Arab supporters (like Egypt) cheered the damage done to Hamas.