Iron Dome
A former Israeli intelligence officer says Chinese hackers didn't steal the blueprints for Israel's billion dollar Iron Dome system Reuters

Top-secret data for Israel's sophisticated defence system, Iron Dome, was not stolen in cyber-attacks by hackers working for the Chinese military, it has been claimed.

Former Israeli intelligence officer Lior Div believes the attackers were in fact fooled into thinking they had stolen top-secret data.

In July, a report was published that claimed the blueprints were stolen in attacks said to have taken place in 2011, which targeted three major Israeli defence contractors: Elisra Group, Israel Aerospace Industries and Rafael Advanced Defense Systems.

The announcement of the attack came from intelligence firm Cyber Engineering Services and followed reports earlier in the year that the same group of hackers - known as Comment Crew - had infiltrated six US companies involved in the nuclear power, metals and solar products industries.

Div, who was awarded the Medal of Valor - Israel's highest military honour - for his work leading an elite team within Unit 8200 more than a decade ago, said the three companies involved would not have been so careless as to leave the plans compromised.

While Div admitted "we do not know all the details about what happened", in his opinion, he said: "The enterprises like the three vendors we are talking about, they are well familiar with the programme in terms of cyber security."

Honeypot network

While Div said he cannot say for certain this is what happened, he claimed it is a "good assumption" that the companies would have deployed what is known as a "honeypot network" to trap the attackers and identify where they were coming from.

Div said the companies would have put computers that looked like they belonged to high-profile targets such as the CEO and CFO within the network and within these computers would be documents marked "top secret".

"The organisations would make sure that the system is more vulnerable and that would enable them to see who is attacking them and find out what they want to achieve," said Div.

He added: "Of course you give them some documents. Of course they are not classified but on the document would be written 'classified' or 'top secret'."

Catch-22

The question that arises if this is the case is why none of the three companies implicated called foul after the report was published in July.

Div said they couldn't say anything because they were in a catch-22 situation.

"They can't say anything, because if they reveal they had a decoy network, they are in trouble because they are exposing the way they protect themselves," he said.

"If they are not saying anything, people think that 'yes' someone managed to actually get in."

The Chinese government has come under a lot of scrutiny in the last 12 months after several reports revealed the extent of the cyber-espionage being carried out by groups affiliated with the Chinese military.

China continues to deny the allegations despite the US charging five Chinese cyber-spies with stealing plans about nuclear power plants and other industrial systems.

Cyber-breadcrumbs

Div said that he is in no doubt the Chinese have the skills to carry out the type of attacks they are being accused of. He said "we known this because they have not been able to cover their tracks effectively".

While the Chinese are not purposely revealing their identities, the breadth and depth of their attacks is such that a trail of cyber-breadcrumbs is almost inevitable.

Div added that because the whole world knows the Chinese are attacking other countries, some other groups see it as an opportunity to cover their own tracks:

"Because the Chinese [hackers] are very prominent and well-known, and everybody is talking about them, if you wanted to create a new attack group from say Russia or Eastern Europe - the easiest thing to do is to change your way of attacking or the point of the attack to look like it comes from China," he said.

Div said that "for sure" this is already happening at a nation state level but he would not expand on how he knew.

He did add, however, that researchers at his own security firm, Cybereason, have uncovered examples of where Chinese characters had been inserted in the code of malware attacking one of its customers, but once translated, it mades no sense.