Image by Getty Images

Three Israeli defense contractors behind the Iron Dome missile shield and related systems were robbed of hundreds of documents by hackers linked to the Chinese government starting in 2011, a U.S.-based computer forensics expert said on Tuesday.

Comment Crew, as the hacking group is known, stole designs for Israeli rocket systems in a spree of attacks during 2011 and 2012, Joseph Drissel, chief executive of Cyber Engineering Services (CyberESI), said in a phone interview.

The targets of the online attacks were top military contractors Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems. The companies built the system that now partially insulates Israel from rocket barrages fired from the Gaza Strip.

Forwarding the News

Thoughtful, balanced reporting from the Forward and around the web, bringing you updated news and analysis each day.

Terms(Required)

I agree to the Forward's Terms of Service and Privacy Policy

Email(Required)

Israeli and U.S. officials have said Iron Dome systems are responsible for shooting down more than 90 percent of the rockets they have engaged, while ignoring missiles on a trajectory to fall wide. That accounts for about a fifth of the rockets Israel has said Palestinian militants have fired into the country during the Gaza Strip crisis.

Krebs on Security, a blog operated by former Washington Post security reporter Brian Krebs, first reported details of the intrusions on Tuesday after being briefed by Drissel on his company’s findings.

Four years ago, Drissel founded CyberESI, a threat intelligence consulting firm based in Columbia, Maryland. That came after a decade in the computer forensics lab of the Defense Cyber Crime Center (DC3), an arm of the U.S. Air Force, where he was acting section chief.

His company, which includes former colleagues from his U.S. Defense Department forensic lab, traced the intrusions into Israeli contractors and identified more than 700 stolen emails, documents and manuals pertaining to development of the Iron Dome project and other missile projects.

“‘Comment Crew’ is so named for a very specific reason: They insert malware with hidden comments on various public Web pages they control and use those sites as command and control centers to download stolen documents,” Drissel said.

CyberESI identified these sites and was able to grab evidence of the stolen documents before Comment Crew could cover their virtual tracks, he said.

Drissel said he was disclosing the attacks only now, after years of seeking unsuccessfully to persuade the affected companies and U.S. and Israeli government authorities to address both the security issues that led to the breaches and to take stock of what specific weapon systems may have been compromised.

In May, the U.S. Justice Department indicted five Chinese military officers who allegedly belonged to Comment Crew, also known as Unit 61398 and based in Shanghai. They were accused of hacking into the networks of U.S. Steel Corp, Toshiba Corp’s Westinghouse Electric unit and four other U.S. companies in order to steal trade secrets.

Allegations of hacking and other espionage have strained ties between China and the United States, with Beijing denying last year that it had set up a special military unit to conduct such activity. China retaliated by shutting down a bilateral working group on cyber security.

Two of the Israeli companies named by Drissel declined to comment on the computer security expert’s revelations.

An official at the third company, Rafael Advanced Defense Systems, who declined to be identified by name, said of the report: “Rafael does not recall such an incident. Rafael’s databases, including its air defense databases, are extremely well protected.”

A former senior Israeli military official said assertions that these key defense contractors had been hacked would fit with a pattern of military and industrial espionage around the globe.

“The Chinese have been doing that to all defense contractors in the West, so if this really happened, we are not alone,” said Uzi Rubin, a former head of missile defense at Israel’s Defense Ministry and now head of the Rubicon consultancy firm.

Drissel said stolen materials recovered by his company included specifications for the Arrow III system and other ballistic missile defenses. Much of the technology for these systems was developed by Boeing and other contractors for use in U.S. weapons.

Rubin speculated that if the Comment Crew hacking group’s purpose was to steal the missile system plans, it was likely that China wanted to obtain technology on the cheap rather that reselling it to other nations.

“If the Chinese really did it, maybe we shall see a Chinese Iron Dome in the future,” he told Reuters. “It is said that imitation is the sincerest form of a compliment.”

Chinese officials were not immediately available for comment.

The Forward is free to read, but it isn’t free to produce

I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward.

Now more than ever, American Jews need independent news they can trust, with reporting driven by truth, not ideology. We serve you, not any ideological agenda.

At a time when other newsrooms are closing or cutting back, the Forward has removed its paywall and invested additional resources to report on the ground from Israel and around the U.S. on the impact of the war, rising antisemitism and polarized discourse.

Readers like you make it all possible. We’ve started our Passover Fundraising Drive, and we need 1,800 readers like you to step up to support the Forward by April 21. Members of the Forward board are even matching the first 1,000 gifts, up to $70,000.

This is a great time to support independent Jewish journalism, because every dollar goes twice as far.

—  Rachel Fishman Feddersen, Publisher and CEO

2X match on all Passover gifts!

$90 → $180 $180 → $360

$360 → $720

Other amount