8200 unit: the cyber warfare elite and the "engine" of Israeli high technology

(To Ciro Metuarata)
30/07/18

What may have in common the famous legend of David and Goliath, also reported in the Bible, with the intelligence unit of the Israel Defense Forces (IDF), known by the code name "8200"? It may seem strange, but in reality there are many similarities between the aforementioned biblical story and the Israeli military intelligence department, known above all for its allegedly advanced cyber abilities. In particular, this unit originates from the intelligence department created during the 30 years of the last century which, over time, has been identified with various codenames until it assumes its current name, in the framework of the Directorate for Intelligence military of the aforementioned IDF.

His story is studded both by important successes and by sensational failures, one of which, in particular, has determined its current physiognomy. Specifically, the sudden outbreak of the Yom Kippur war in the 1973 found Israeli intelligence totally unprepared, so it was decided that the unit in question, at the time identified with the code 848, was deeply restored. In particular, in addition to changing its name to "8200", the intelligence officers radically changed its internal organization, operating procedures and, above all, established that it owed free from foreign technology. So it was that the department was assigned the task of carrying out activities of SIGINT (Signal Intelligence) and cyber warfare, using both internal resources and local industry for the development of the necessary technologies. It soon became the main Israeli center for research and development of technologies for information security and intelligence. So much so that, nowadays, in a direct and indirect way, the unit has assumed the role of a real Israeli "engine" of the innovations in the information technology field, which are applied in many activities, even outside the context military or security.

Nowadays the existence of the department is no longer a secret, in fact many of its former members, in agreement with the military authorities, make mention of it in their curriculum as a qualifying element, very often determining their success in the working and business world. However, without prejudice to the very few information leaked on the department, moreover for the most part not confirmed by the authorities (as in the case of the alleged collaboration with US intelligence in the famous attack on the Iranian nuclear power plant Natanz - v. article), and those provided by its former members in various interviews, the operations performed by the 8200 unit remain protected by an impenetrable curtain of secrecy. Nevertheless, it is interesting to note how it is possible to make a parallel between some characteristics of this elite ward and the aforementioned biblical story set over three thousand years ago.

First: the motivations behind the determination of both the young David and the elements of the 8200 unit. In fact, all the subjects in question are moved, as well as from a proverbial faith in God, from the awareness of having to fight for the survival of their people. The department, like the rest of the IDF, is made up largely of specially selected young people performing the military service. From the stories coming from former members of the unit, their strong motivation emerges, which is the main driving factor for the development of the operational activities of the cyber teams. In fact, they are often asked to plan and conduct operations on which it depends, not only on the outcome of the intelligence actions, but also on the life of the agents employed "in the field". This often results in massively working shifts and very high psychological pressures, which can only be dealt with thanks to an extraordinary inner motivation. This, however, did not prevent some former members of the unit from raising serious doubts about the lawfulness of certain activities carried out during the active service period, with particular reference to the acquisition of information on political, sexual and religious orientation and on the habits of unaware citizens.

Second: the asymmetry. It is an element that characterizes both the confrontation that took place between the minute Jewish child and the philistine champion of gigantic proportions and that which the 8200 unit leads today in the cybernetic dimension. As often happens in the "real" dimension, even in cybernetic space, in fact, Israel is in perpetual state of siege and a few years ago it was even prophesied "the electronic holocaust", ie the elimination of all Jews from cybernetic space (link). Sovereign states, terrorist groups, political movements and individual hackers ensure that no day goes by without threatening or attacking at least one cyber attack on Israeli networks and systems. Just a few days ago, a warp plot was thrown at the expense of Israeli soldiers working near the so-called "Gaza Strip". In particular, the military was induced to download from the internet some applications for smartphones that, in reality, concealed software able to reprogram their personal devices so that, without their knowledge, could be controlled remotely in order to use them to spy on Israeli military activities. Moreover, the cybernetic dimension, by its nature, lends itself particularly to the development of asymmetric conflicts and the 8200 unit takes full advantage of this peculiarity. Clear examples, although they will never be confirmed, are the cyber attacks that would have accompanied the sorties of Israeli fighter-bombers on Syrian territory on several occasions, whose anti-aircraft defenses would have been rendered ineffective by the cyber unit in question. Or, the support that the teams "combat"Of the unit directly provide the departments of the IDFs used in the operations, taking full advantage of the cybernetic space (including the personal devices of" hostile elements "acquired during the actions of the infantry which, in this case, are decrypted and analyzed in real time, to search for information to be exploited immediately).

Third: creativity and "lateral thinking". Like the shepherd boy who surprised everyone, first Goliath, knocking out the giant with a simple slingshot and a stone, the Israeli cyber group is able to develop methods of cybernetic attack that are always innovative and extremely effective. In fact, its former components say that within the cyber department you are constantly pushed to think outside the usual mental schemes, to work in small teams that in a very short time are required to find solutions immediately implementable, to solve urgent operational problems . This particular way of working, based to a large extent on the initiative, is also reflected in the rather "loose" hierarchical relationships established within the unit, very different from those typically military that denote the other departments of the IDF. It is no coincidence that, thanks to these peculiar characteristics, most of the former operators and Commanders of 8200 founded high-tech startup companies that have had great success also worldwide (for example: Check Point, Waze, Nice, Comverse, Wix, etc.). Unity, in other words, has become a sort of singular training institute, able to continually churn not only excellent technicians, but also very open-minded, flexible, far-sighted and trained entrepreneurs to effectively calculate the risks and benefits of each activities. Moreover, the reserve institute ensures that the former members of the 8200 maintain an operational link with the unit. A virtuous cycle has therefore been established between civil society and military institutions, both of which derive unquestionable benefits.

Fourth: the age factor. As already mentioned, the cyber department in question is made up of limited staff in permanent service and, for the most part, by operators drawn directly from civil society through the compulsory leverage call. Thus, the 8200 unit is characterized by a very low average age, slightly higher than that of the Jewish child described in the Bible. Not only. The cyber staff is "observed" by the recruiters of the department with discretion, as early as when attending the lower school classes, and then be called and selected later, to become part of the elite Israeli military intelligence. It is important to note that the military authorities, rather than looking for young people already in possession of cyber skills and experience, select students who show they have the right attitudes to become operators of unity. As mentioned, this is a unique department in the IDF scene, which evidently requires uncommon qualities to its staff. Specifically, although the knowledge of subjects such as mathematics, computer science and foreign languages, certainly represents an added value, the 8200 candidates must rather demonstrate to have a strong predisposition to rapid learning, to work in a team, adapting to changing operational situations and facing seemingly impossible challenges.

Ultimately, the 8200 unit, while maintaining a very strict reserve on its operations, has to do what is necessary to understand how it lends itself to represent a very interesting and winning model for the development of cyber skills by a nation. In reality, it is an approach that is opposed to that used by many states, even Western ones. Israel has established a truly virtuous circle, confirmed both by the successes of the intelligence and the "six-zero" value of the companies started by the former 8200. Recruitment, training, the modus operandi and the continuous osmosis of the skills developed between the civil and military world, are moved by a single direction: the IDF. In many other nations, however, the Armed Forces seem to have lost their initiative in the cyber field, as in many other areas of security and defense. In such cases, most of the aforementioned processes are now totally in the hands of the industry which, moreover, is often not even national. The examples of failures at this juncture are under the eyes of everyone and others are, probably, close to show themselves despite the huge financial investments involved.

It is to be hoped that a serious and participated debate on these issues will start in Italy as soon as possible.

Without wanting to look like anybody, we should develop a strategy that can be applied in a very short time, to create a virtuous circle in the cyber sector in Italy, which brings benefits to both security and defense and to the national economy. ).

In these times this would be of extreme common sense, also because of hackers ready to use their "slingshot" against our country there are many around. The last alert, in order of time, refers to a cyber attack that would have been launched by a group already treated in these pages (v. article), against some Italian institutional subjects. Other recent reports, then, are certainly not flattering towards the security of Italian computer networks.

On the other hand, if it is almost inevitable to take some "stone in the forehead" like Goliath, it is right to do everything possible to avoid being decapitated, as happened to the philistine giant!

(photo: IDF)

Main sources:

https://www.forbes.com/sites/richardbehar/2016/05/11/inside-israels-secret-startup-machine/amp/

http://www.israeldefense.co.il/en/content/peek-inside-idf-8200s-combat-intelligence-unit

https://amp.ft.com/content/69f150da-25b8-11e5-bd83-71cb60e8f08c

https://blog.checkpoint.com/2018/07/05/an-invasive-spyware-attack-on-military-mobile-devices/

https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX

https://www.timesofisrael.com/anti-israel-hackers-promise-electronic-holocaust/

http://www.lastampa.it/2018/07/17/italia/prove-di-un-attacco-degli-hacker-russi-di-apt-anche-in-italia-xzMWxKUmQWaJCQOk5fJoKM/pagina.html

http://cybersecurity.startupitalia.eu/61460-20180724-attacchi-le-reti-italiane