Israeli Cyberwarfare History and Capabilities
Cybersecurity Advisors Network
Release Date: 05/28/2024
Nigel Phair - Nigel Phair - Cybercrime, Cybersecurity, Cyber-Certification, and More
Cybersecurity Advisors Network
We are honoured to welcome Nigel Phair, founding force behind Australia’s first High-Tech Crime Centre, Director for CREST Asia Pacific and Cybersecurity Professor at Monash university, to the Secure-in-Mind podcast. In this episode, we trace his shift from AFP investigations to shaping global infosec certification, we touch on Australia’s evolving cyber-professionalisation debate, and explore how AI and low-/no-code tools are rewriting secure development. We cross a lot of territory, so whether you're on a board or on a development team, there'll be something for you. Blog post with...
info_outline
Philipp Amann - Policy, Patching, Programming
Cybersecurity Advisors Network
Nick Kelly is pleased to welcome Philip Amann, the current Head of Digital Security at the and veteran strategist from , The , the , and beyond, for our latest podcast episode. We cut straight to how real-world security gets built: nailing secure coding and patching before chasing zero-days, turning and mandates into everyday habits, and even gamifying developer training to tackle legacy tech. Whether you’re drafting policy or shipping production code, this conversation offers practical takeaways on making cybersecurity everyone’s business. Tune in for some incredible...
info_outline
Artificial Intelligence, Cybersecurity, and Society - With Vilija Vainaite
Cybersecurity Advisors Network
Vilija Vainaite is co-founder of Women 4 Cyber Netherlands, and of Encode Europe. Notes and links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here: Vilija Vainaite on LinkedIn: John Salomon on LinkedIn: Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at Original video at Intro/outro music courtesy of Studio Kolomna via Pixabay:
info_outline
Return of the Bride of Terrorism, With Bjørn Ihler
Cybersecurity Advisors Network
Bjørn Ihler is Director of the Sweden-based Khalifa Ihler Institute, as well as founder and CEO of Revontulet, a Norwegian consultancy devoted to helping organisations protect themselves against terrorism and violent extremism. Part III of our mini-series on terrorism and violent extremism deals with freedom of speech, laws, personal and corporate obligations, and support for survivors of extremist violence. Notes and links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here: Bjørn Ihler on LinkedIn: John Salomon on LinkedIn: ...
info_outline
Bjørn Ihler - Let's Talk Terrorism, Part II
Cybersecurity Advisors Network
Bjørn Ihler is Director of the Sweden-based Khalifa Ihler Institute, as well as founder and CEO of Revontulet, a Norwegian consultancy devoted to helping organisations protect themselves against terrorism and violent extremism. We continue our conversation about terrorism - including whether the term has been watered down due to overuse, how we can spot extremist content, what some of the tactics of actors are, and how extremist and violent groups relate to more legitimate-yet-extreme political parties. Notes and links: Due to the volume of supporting links and text, we've listed them...
info_outline
Let's Talk Terrorism, With Bjørn Ihler
Cybersecurity Advisors Network
Bjørn Ihler is Director of the Sweden-based Khalifa Ihler Institute, as well as founder and CEO of Revontulet, a Norwegian consultancy devoted to helping organisations protect themselves against terrorism and violent extremism. An activist, expert, and frequent speaker on the topic of terrorist and violent extremist content (TVEC), Bjørn joins us today to share his thoughts on the very broad topic of "terrorism". What is it, who are the major actors, who is affected and how, where does terrorism come from, and more - these are all topics that we touch on in this fascinating...
info_outline
DPO & Hacker Éthique : Une synergie stratégique au cœur de la cybersécurité
Cybersecurity Advisors Network
Retour sur le webinaire organisé par l’initiative Black Is Ethical – 26 mars 2025 Le 26 mars 2025, l’initiative Black Is Ethical, soutenue par le Cybersecurity Advisors Network (CyAN) a organisé un webinaire autour d’un thème essentiel pour l’avenir de la cybersécurité :Comment instaurer une relation de confiance entre le Data Protection Officer (DPO) et le Hacker Éthique ? Ce webinaire a permis de croiser les regards de professionnels issus des domaines de la protection des données, de la sécurité offensive et de la gouvernance numérique. Version video: ...
info_outline
Information Sharing, Cybersecurity Politics, Threats, and More
Cybersecurity Advisors Network
This week, CyAN welcomes Gate15 Managing Director Andy Jabbour for a meandering talk around intelligence sharing, information security investments and ROI, US and European cyber policy, defence, and more. Notes and links: Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here: https://cybersecurityadvisors.network/2025/03/21/new-podcast-information-sharing-cybersecurity-politics-threats-and-more/ Andy Jabbour on LinkedIn: https://www.linkedin.com/in/andy-jabbour/ ...and on BlueSky: @andyjabbour.bsky.social John Salomon on LinkedIn:...
info_outline
Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience
Cybersecurity Advisors Network
Image-Based Sexual Abuse (IBSA) is a Growing Threat Online! IBSA can happen to anyone—regardless of age, sex, or gender. With the rise of AI and deepfakes, both real and fake intimate images are being shared without consent, causing immense harm. Explore the recorded session of "Breaking the Cycle – Combating Online Image-Based Sexual Abuse." Delve into expert discussions on the severe impacts of IBSA (Image-Based Sexual Abuse), strategies for prevention, and the pivotal role of technology in creating safer digital spaces. This webinar discusses the complexity and...
info_outline
State of (Cyber)War - Military Cryptology, Part II: The Cold War and Beyond
Cybersecurity Advisors Network
Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here: Hugo Tarrida on LinkedIn: John Salomon on LinkedIn: Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at Original video at https://youtu.be/twC6NTt9R8E Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/ Outro music courtesy of Studio Kolomna via Pixabay: Episode artwork via
info_outlineState of (CyberWar) Episode 6.1
Join Hugo Tarrida and John Salomon for the latest part of our Middle East cyberwarfare mini-series.
We decided to split a more in-depth discussion about the two most capable actors in the region, Israel and Iran, into two half-episodes. Join us as we look at the organizations that make up Israeli cyberwarfare and -defense capabilities, the history of Israeli state-sponsored and state-aligned cyber campaigns,
We also take a brief tour of Israeli media and social media operations, including information, propaganda, disinformation, and manipulation.
If you haven't watched it yet, please consider checking out our first overview of the overall Middle East situation: https://youtu.be/X3wkTszRlck
Notes and links:
Because of the highly emotionally and politically charged nature of current events, we can't tell how impartial many of the websites describing Israeli capabilities are or aren't. We will thus stick to Wikipedia unless there's either an original Israeli government webpage available, or a source we feel is somewhat authoritative, even if it's biased - in any case, do your own homework and draw your own conclusions, we're not here to push a narrative.
We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint.
Neither of us speaks even a bit of Hebrew. We are thus at the mercy of translation engines and webpages in languages we understand. Your mileage may vary.
02:03 CFR overview of cyberwarfare capabilities: https://www.cfr.org/cyber-operations/
02:50 Unit 8200: https://en.wikipedia.org/wiki/Unit_8200
03:05 Military Intelligence Directorate, aka Aman: https://www.idf.il/en/mini-sites/directorates/military-intelligence-directorate/military-intelligence-directorate/
03:57 Unit 81: https://en.wikipedia.org/wiki/Unit_81
05:01 Havatzalot: https://en.wikipedia.org/wiki/Havatzalot_Program - Google's horrible translation of the Hebrew wikipedia page indicates it's some kind of lily. Flowers are nice.
05:16 Talpiot: https://en.wikipedia.org/wiki/Talpiot_program - the name's apparently some biblical reference from Song of Songs 4:4 according to their LinkedIn page, that we can't figure out
06:55 Technion / Israel Institute of technology: https://www.technion.ac.il/
06:56 Hebrew University of Jerusalem: https://en.huji.ac.il/
07:30 IDF Information Security Department: https://en.wikipedia.org/wiki/Information_Security_Department - it's unclear whether it's the same as these guys: https://www.mitgaisim.idf.il/%D7%AA%D7%A4%D7%A7%D7%99%D7%93%D7%99%D7%9D/cyber-protection-unit/
07:40 Mamram: https://en.wikipedia.org/wiki/Mamram - apparently an abbreviation of the Hebrew for "Center of Computing and Information Systems"
09:15 This may be the Israel Innovation Authority - https://innovationisrael.org.il/en/ - we're not 100% sure though
11:14 Stuxnet: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
11:22 Specifically, Siemens PCS7, WinCC, and STEP7 control software, and various Siemens S7 programmable logic controllers (PLCs).
22:59 TAO: https://en.wikipedia.org/wiki/Tailored_Access_Operations
12:16 We're going to assume you're capable of looking up Snowden and his revelations on your own
12:30 Stuxnet 2.0: https://cyware.com/news/stuxnet-20-iran-hit-by-new-more-aggressive-variant-of-powerful-industrial-control-malware-9d9c9a73
15:37 Duqu: https://www.enisa.europa.eu/media/news-items/duqu-analysis
15:38 Flame: https://www.bbc.com/news/technology-18238326
15:39 Duqu 2.0: https://www.theguardian.com/technology/2015/jun/11/duqu-20-computer-virus-with-traces-of-israeli-code-was-used-to-hack-iran-talks - the Guardian is one of the outlets that linked Duqu 2.0 to Israel
16:21 Kaspersky's Equation Group overview: https://www.kaspersky.com/about/press-releases/2015_equation-group-the-crown-creator-of-cyber-espionage
17:13 Some info on those particular negotiations: https://www.cfr.org/backgrounder/what-iran-nuclear-deal
17:45 The NY Times article: https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html
18:38 Correction: Iranian officials disconnected oil terminals themselves as a reactive measure. BBC reporting about initial attack - https://www.bbc.com/news/technology-17811565 - and followup: https://www.bbc.com/news/technology-18253331
19:44 Pegasus (NSO Group): https://en.wikipedia.org/wiki/Pegasus_(spyware) - interestingly, just after we finished this recording, there were reports of "fake" Pegasus variants for sale: https://www.infosecurity-magazine.com/news/fake-pegasus-spyware-dark-web/
20:16 Kaspersky on Flame: https://www.kaspersky.com/about/press-releases/2012_kaspersky-lab-experts-provide-in-depth-analysis-of-flame-s-c-c-infrastructure
20:51 NSO Group: https://www.nsogroup.com/
21:18 Chrysaor: https://www.independent.co.uk/tech/chrysaor-android-spyware-app-smartphone-cameras-hack-photos-pegasus-google-a7666306.html
21:34 https://www.calcalistech.com/ctech/articles/0,7340,L-3927410,00.html
21:41 Should have dug just a little more: https://www.reuters.com/technology/microsoft-watchdog-group-say-israeli-spyware-used-hack-civil-society-2023-04-11/
22:33 Again the Guardian: https://www.theguardian.com/world/2022/may/03/over-200-spanish-mobile-numbers-possible-targets-pegasus-spyware
23:32 Start here: https://en.wikipedia.org/wiki/Rif_War - see you in a few months
23:56 https://www.telegraph.co.uk/world-news/2024/05/17/spain-blocks-ship-carrying-weapons-israel-gaza-war/
24:09 This is a very contentious, and very open legal question.
24:21 (German link) https://www.sueddeutsche.de/politik/us-geheimdienst-nsa-forschte-merkel-umfassender-aus-als-bislang-bekannt-1.2876007 - caveat: it's Wikileaks. They have been known to have...issues. That said, the investigation was closed in 2015 due to insufficient evidence: https://www.npr.org/sections/thetwo-way/2015/06/12/413866194/germany-closes-probe-into-alleged-u-s-hacking-of-merkels-phone - again, make of that what you will.
25:26 Predatory Sparrow/Gonjeshke Darande: https://www.bbc.com/news/technology-62072480 (with bonus steel mill fire video and dramatic music). Wired article with timeline of attacks: https://www.wired.com/story/predatory-sparrow-cyberattack-timeline/
25:54 https://foreignpolicy.com/2024/04/16/iran-israel-conflict-missile-attack-cyberattacks-warfare/
28:50 https://www.jpost.com/business-and-innovation/article-731636 - interestingly, a lot of the best investigative journalism exposing this kind of Israeli activity comes from the Jerusalem Post, Haaretz, and other Israeli news channels. Another story from Haaretz, and one from The Guardian on the topic
31:13 Very intelligently, we failed to note down the link to the specific story. Good job. But looking for idf manipulate social media site:haaretz.com yields a bonanza of articles on the topic.
31:51 Given Eurovision's colorful history of political controversies, we're not even going to start on this one...for the 2024 contest, there's numerous claims that the Israeli Ministry of Foreign Affairs ran a campaign to influence audience voting - here's an article (in Hebrew, use the translation site of your choice) from Ynet: https://www.ynet.co.il/news/article/sykjyhaza
32:36 For example, via the IDF Spokesperson's Unit International Media Branch: https://en.wikipedia.org/wiki/IDF_Spokesperson's_Unit. In fairness, a lot of government agencies / armed forces actively try to shape public perception through relationships with private sector channels. The US Defense Department's relationship is a very well documented example, with the Entertainment Media Office providing personnel and equipment to film productions that follow strict rules about how the US armed forces are portrayed: https://www.latimes.com/archives/la-xpm-2011-aug-21-la-ca-military-movies-20110821-story.html (Wikipedia: https://en.wikipedia.org/wiki/Military%E2%80%93entertainment_complex). It's a safe assumption that most major militaries do not have just media and public relations teams, but actively cultivate contacts with journalists to try and influence their reporting.
Bonus links from Hugo:
https://www.disinfo.eu/israel-hamas-resource-hub/ - a list of resources surrounding disinformation in the Israel-Hamas conflict
Our friends at Natto Thoughts on disinformation in the Mideast conflict: https://nattothoughts.substack.com/p/mideast-crisis-and-russia-cyberspace
The New York Times on fact hunting in the Israel-Hamas conflict: https://www.nytimes.com/2024/01/25/business/media/misinformation-fact-checking-israel-hamas.html
Original video at https://youtu.be/KtshVacVwZ0
You can find CyAN's Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors - and of course, our videos about cyber conflict on the State of (Cyber)War playlist here.
All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn - links on our Media page.
Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/