Israeli General Claims Iran’s Hacking Ability Improving

The Israeli military faces thousands of cyber attacks a day and many are orchestrated by Iran whose hacking capabilities are improving, the Israeli general in charge of network security said.

Major General Nadav Padan, who heads the military’s command, control, computer, communications and intelligence (C4I) plus cyber division, told a Reuters Summit that Iran has mounted attacks on Israel with the help of proxies like Lebanese Shi’ite group Hezbollah.

“They are not the state of the art, they are not the strongest superpower in the cyber dimension, but they are getting better and better,” Padan said.

Israel and Iran, enemies in the open, have taken to the cyber world to engage in secretive battles. Israel for its part is widely believed to have collaborated with U.S. intelligence in creating the Stuxnet malware that disrupted Iranian networks in 2010.

Padan said his responsibilities did not include offensive cyber tactics. Iran has been carrying out thousands of daily cyber attacks on Israel, Padan said.

“As far as we know, nobody has been able to penetrate our operational systems,” he said at the Summit, held at the Reuters office in Tel Aviv.

Iran rarely responds to accusations from Israel and in the past has not commented on recent Western allegations about its cyber-hacking.

A report published last month by security firm FireEye said that hackers likely linked to Iran’s government are behind attacks on Saudi and other Western aerospace and petrochemical firms, signaling a rise in Iranian cyber-spying prowess.

And earlier this month, President Donald Trump accused Iran of cyber attacks against U.S. “critical infrastructure, financial system, and military”, according to an NPR-provided transcript of his speech.

The Trump administration sanctioned in September seven Iranian nationals and an Iran-based computer security company for their role in cyber attacks targeting the U.S. financial system.

The Treasury Department announced sanctions on 11 entities and individuals for supporting Iran’s elite Islamic Revolutionary Guards Corps (IRGC) and networks responsible for cyber attacks targeting the U.S. financial system.

Those sanctioned include a private Iranian computer security company called ITSec Team, which allegedly conducted distributed denial of service (DDoS) attacks against at least nine large U.S. financial organizations, including banks and stock exchanges, between 2011 and 2012. The security company also did work on behalf of the Iranian government during the same period, according to the Treasury.

The administration also sanctioned three Iranian nationals for acting in connection with ITSec Team and sanctioned four Iranian nationals for their work on behalf of an Iran-based computer security company called Mersad Co., which has been affiliated with the IRGC

In October, The Independent ran a story that a brute force cyber attack on the British Parliament that compromised MPs’ email accounts was carried out by Iran.

Israel’s goal, Padan said, was to maintain “superiority” in the field, which provides flexibility.

“Sometimes when I see an Iranian tool, for example, I can just observe it, control it and try to figure out its meaning. And other times I act very aggressively to block it,” he said.