Iranian claims that hackers broke into servers belonging to the Israeli Airports Authority (IAA) and stole sensitive data including flight plans have been dismissed by a local security expert as part of a bogus attempt to conduct “psychological warfare”.
On Wednesday, the pro-Government FARS news agency quoted claims made by the shadowy Islamic Cyber Resistance Group (ICRG) on its website (not currently available) that it had breached iaa.gov.il servers for several months, extracting enough important data to, if the group so wished, crash aircraft in the care of the Authority’s system.
After the ICRG site was taken down, documents said to have been stolen during the attack were published by Fars to back up the story, including what appear to be flight charts, logs of calls between pilots and ground control, and details of aircraft routes and maps.
“The Islamic Cyber Resistance Group is proud to add another one to its line of success and announces access to the LAN of Israeli aviation organization, in a move to render the fake legend of Israel's security and invincibility obsolete," Fars quoted the group as saying.
"By the grace of God, we could gain access to iaa.gov.il LAN and in addition to obtaining sensitive information, seized full control over the management panel. […] This brought us valuable information regarding flight communication structures and processes in Israel," the group insisted.
But according to Tal Pavel, an Israeli security expert and academic at Netanya Academic College, the stolen documents are most likely taken from an IAA training manual, most of which he believed was available on Google maps or from other Internet sources.
“It’s just another example of Iranian psychological warfare by the Iranians,” Pavel said in an interview with The Times of Israel. “Anytime this group can put together a plausible story they do,” Pavel said.
“But with the maps and documents that, if the reader didn’t know better appear to be top secret, they could weave a tale that sounds believable.”
He might have a point. The hack story appears to be part of a long-running series of attention-grabbing ICRG 'attacks' that might have happened but probably didn't, including one reported by Fars in December that the group had hacked passwords and other sensitive data from the Israeli Army.
Prominent cyber-hackers such as the prominent Syrian Electronic Army (SEA) target organisations for the embarrassment and publicity value such events generate; but some of the same can also be generated from simulated attacks. If it sounds like a novel approach but once debunked its potency will fade fast.
Israel is used to being on the receiving end of real attacks. Last April a campaign by the Anonymous group to "erase Israel from cyberspace" on 7 April in protest at rhe country's alleged behaviour towards Palestinians, apparently failed. Although the precise volume of attacks was disputed, the fact that the defenders knew the attacks were coming probably helped in repelling them.