Iran Overwhelmed Some Israeli Defenses --- Strike on Tuesday suggests pain could be serious if civilian infrastructure is hit

"DUBAI -- Iran's barrage of ballistic missiles this past week appears to have overwhelmed Israel's air defenses in some places, despite causing limited damage, said independent researchers who examined emerging satellite imagery.

This means that any new Iranian strikes against Israel could have much more serious consequences if they target civilian infrastructure or heavily populated residential areas.

That is an important consideration as Israel contemplates its military response. Tehran has threatened strikes on Israeli power plants and oil refineries if Israel hits Iranian territory in a counterattack.

Unlike Iran's April 13 attack, involving a large number of cruise missiles and drones, Tuesday's barrage was made up of some 180 much faster ballistic missiles, one of the largest such strikes in the history of warfare. Analysts say that most were Iran's most modern ballistic missiles, the Fattah-1 and Kheibar Shekan.

"The faster the missile, the harder it is to intercept it, that's simple physics," said Ulrich Kuhn, head of research for arms control at the Institute for Peace Research and Security Policy in Hamburg. "It's certainly much harder to defend against ballistic missiles, and even more so if there is a bulk of them coming in on a certain target, because then you have the ability to overwhelm the antimissile defenses -- which is exactly what happened in Israel."

Satellite images of the Nevatim air base in southern Israel, a target on Tuesday, show that as many as 32 missiles landed within the perimeter, according to analysis by Jeffrey Lewis, a professor at the Middlebury Institute for International Studies in Monterey, Calif.

"Thirty-two missiles is a lot of missiles," Lewis said. "We have exaggerated ideas about the effectiveness of air defenses." While Israel operates the sophisticated Arrow 2 and Arrow 3 missile-defense systems, co-produced with the U.S., the interceptors are limited in quantity and costlier than the incoming Iranian missiles, Lewis said. It often takes multiple interceptors to stop one ballistic missile.

There haven't yet been publicly available high-resolution images of Tel Nof air base, another main target Tuesday. Video footage from the area showed what appeared to be secondary explosions, suggesting that ammunition or air defenses had been hit. At least one projectile landed within hundreds of yards of the Tel Aviv headquarters of Israeli intelligence agency Mossad.

Iranian missiles have to travel about 550 miles to reach Israel and have proved to be relatively inaccurate at such ranges. Images of Nevatim, home to Israel's F-35 jet fighters, show that most missiles hit empty areas or roads. Only one appears to have struck a hangar, and it isn't clear what it contained. Satellite images show no damage to aircraft.

The Israeli military said Nevatim is operating normally, with planes based there launching airstrikes in recent days. "There were some hits in central Israel and some hits in southern Israel, including some hits on air-force bases, but nothing that hurt our functionality, our operation levels. No aircraft, no people, no important capabilities were damaged," said Israeli military spokesman Lt. Col. Nadav Shoshani. 

Israel wasn't releasing more details on the damage so as not to provide intelligence to its enemies, he said.

To save interceptors, Israel usually doesn't target missiles headed for empty areas, so it isn't clear how many missiles that hit Nevatim were deliberately ignored by air defenses.

The Israelis "are brilliant at prioritizing and protecting the things that have to be protected. They may have looked at [Nevatim] and said, 'This is acceptable, I still have to prioritize Tel Aviv, I have to prioritize my critical infrastructure,'" said retired Gen. Tim Ray, who commanded the U.S. Air Force Global Strike Command. "There is no way to stop everything."

Damage from the Iranian barrage wasn't commensurate with the resources expended, Ray said. "If I were to be the guy in charge of that strike, I would not be impressed with the results," he said. "While they did hit a few things -- and that's war -- they didn't truly degrade the Israelis. The Israelis were not deterred."

Israel hasn't specified what kinds of targets it will seek within Iran, though Prime Minister Benjamin Netanyahu has pledged a heavy response. 

Iran billed its Tuesday attack as retaliation for Israel's assassinations of the leaders of Hezbollah and Hamas, both designated terrorist organizations by the U.S.

The Iranian armed forces' general staff has promised "widespread and comprehensive destruction" of Israeli infrastructure should Iranian territory be attacked. Adm. Ali Fadavi, deputy commander of the Islamic Revolutionary Guard Corps, has pledged to hit power stations, gas fields and oil refineries, according to Iranian state media.

It is more complicated to inflict damage on a sprawling and hardened air base in the middle of the desert than to strike infrastructure sites in heavily populated areas. "The Israelis would care more about defending Tel Aviv" than defending Nevatim, said Lewis. "On the other hand, they would ultimately have the same problem there -- Iranians could at the end of the day overwhelm the system."

Because of that, Iran's arsenal of missiles and, even more important, its missile manufacturing capabilities, are likely to be among Israel's priority targets, said Fabian Hinz, research fellow for defense and military analysis at the International Institute for Strategic Studies.

The size of Iran's -- or, or for that matter, Israel's -- missile arsenals is a national secret. Gen. Kenneth McKenzie told a Senate hearing in 2022, when he was commander of the U.S. Central Command, that Iran had over 3,000 ballistic missiles of various types, some able to reach Israel.

Iran's missile stockpiles are in hardened underground facilities, but its missile plants are less protected, said Hinz. "They have a few very critical bottlenecks. These are exposed and you can target them relatively easily," he said." [1]

To give a devastating response you need missiles, not missile factories. 

The Israelis' mobility in the world is their plus (they gathered quickly in Israel) and their minus (they can quickly disperse in case of danger). Now two serious dangers appeared - Palestinians from the underground and rockets.

1. World News: Iran Overwhelmed Some Israeli Defenses --- Strike on Tuesday suggests pain could be serious if civilian infrastructure is hit. Trofimov, Yaroslav.  Wall Street Journal, Eastern edition; New York, N.Y.. 05 Oct 2024: A.7.

Ir tų, kurie pasiklauso pokalbių, pokalbiai yra pasiklausomi: kuo daugiau mūsų vyriausybė žino apie mus, tuo daugiau apie mus žino ir mūsų bei mūsų vyriausybės priešai. Tokia yra interneto prigimtis

 

 „Kibernetinė ataka, susijusi su Kinijos vyriausybe, prasiskverbė į daugelio JAV plačiajuosčio ryšio tiekėjų tinklus ir galėjo pasiekti informaciją iš sistemų, kurias federalinė vyriausybė naudoja teismo įgaliotoms tinklo pokalbių pasiklausymo užklausoms.

 

 Mėnesius ar ilgiau įsilaužėliai galėjo turėti prieigą prie tinklo infrastruktūros, naudotos, bendradarbiaujant su teisėtomis JAV užklausomis dėl ryšių duomenų, pasak su šiuo klausimu susipažinusių žmonių, o tai kelia didelę grėsmę nacionaliniam saugumui. Užpuolikai taip pat turėjo prieigą prie kitų bendresnio interneto srauto dalių, sakė jie.

 

 „Verizon“, „AT&T“ ir „Lumen Technologies“ yra vienos iš įmonių, kurių tinklai buvo pažeisti dėl neseniai aptikto įsibrovimo, sakė žmonės.

 

 Plačiai paplitęs pažeidimas laikomas potencialiai katastrofišku saugumo pažeidimu ir jį įvykdė sofistikuota Kinijos programišių grupė, pavadinta „Salt Typhoon“. Atrodė, kad tai buvo skirta žvalgybos duomenų rinkimui, sakė žmonės.

 

 AT&T, „Verizon“ ir „Lumen“ atstovai spaudai atsisakė komentuoti „Salt Typhoon“ kampaniją.

 

 Paprastai įmonės privalo per trumpą laiką atskleisti esminius kibernetinius įsibrovimus vertybinių popierių priežiūros institucijoms, tačiau retais atvejais federalinės institucijos gali joms suteikti išimtį dėl nacionalinio saugumo priežasčių.

 

 Stebėjimo sistemos, kaip manoma, yra naudojamos bendradarbiauti su užklausomis dėl vidaus informacijos, susijusios su kriminaliniais ir nacionalinio saugumo tyrimais. Pagal federalinius įstatymus telekomunikacijų ir plačiajuosčio ryšio įmonės turi leisti valdžios institucijoms perimti elektroninę informaciją pagal teismo įsakymą.

 

 Išpuolis ir jo reikšmė buvo aptikti pastarosiomis savaitėmis ir toliau aktyviai tiria JAV vyriausybė ir privataus sektoriaus saugumo analitikai. Tyrėjai vis dar stengiasi patvirtinti atakos mastą ir laipsnį, kuriuo veikėjai stebėjo duomenis ir dalį jų išfiltravo, sakė žmonės.

 

 Panašu, kad įsilaužėliai įsitraukė į didžiulį interneto srautą iš interneto paslaugų teikėjų, kurių klientais laikomos didelės ir mažos įmonės bei milijonai amerikiečių. Be to, yra požymių, kad įsilaužimo kampanija buvo nukreipta į nedidelį skaičių paslaugų teikėjų už JAV ribų, sakė žmonės.

 

 Asmuo, susipažinęs su išpuoliu, sakė, kad JAV vyriausybė įsibrovimus laikė istoriškai reikšmingais ir jai jie kelia nerimą.

 

 Aukšti JAV pareigūnai jau daugelį metų įspėjo apie Kinijos daugialypių šnipinėjimo operacijų, kurios gali pasireikšti žmonių šnipinėjimo, verslo investicijų ir galingų įsilaužimo operacijų, pasekmių ekonominiam ir nacionaliniam saugumui.

 

 Visai neseniai pareigūnai buvo sunerimę dėl tariamų Kinijos žvalgybos pareigūnų pastangų įsiskverbti į pažeidžiamus JAV ypatingos svarbos infrastruktūros tinklus, tokius kaip vandens valymo įrenginiai, elektrinės ir oro uostai. Jie teigia, kad šios pastangos yra įsilaužėlių bandymas įsitvirtinti taip, kad kilus dideliam konfliktui su JAV galėtų suaktyvinti žlugdančias kibernetines atakas.

 

„Salt Typhoon“ kampanija prideda dar vieną galvosūkį.

 

 Tyrėjai vis dar tiria „Salt Typhoon“ atakos ištakas ir tiria, ar įsibrovėliai gavo prieigą prie „Cisco Systems“ maršrutizatorių – pagrindinio tinklo komponentų, nukreipiančių didžiąją dalį srauto internete, anksčiau pranešė „The Wall Street Journal“. „Cisco“ atstovė anksčiau sakė, kad bendrovė tiria šį klausimą, tačiau negavo jokių požymių, kad „Cisco“ maršrutizatoriai būtų susiję. Atstovė į prašymą pakomentuoti penktadienį neatsakė.

 

 Kinija atmetė Vakarų vyriausybių ir technologijų įmonių kaltinimus, kad ji pasitiki programišiais, kad įsilaužtų į užsienio vyriausybės ir verslo kompiuterių tinklus.

 

 Kinijos ambasada Vašingtone į prašymą pakomentuoti neatsakė.

 

 „Microsoft“ kartu su kitomis kibernetinio saugumo įmonėmis tiria naują „Salt Typhoon“ įsibrovimą ir, kokia slapta informacija galėjo būti pasiekta. „Microsoft“ padeda įmonėms reaguoti į kibernetinius įsilaužimus naudodama duomenis iš savo didžiulio, visą pasaulį apimančio aparatinės ir programinės įrangos tinklo, ir kai kurioms su Kinija susijusioms kampanijoms priskyrė Typhoon pravardę.

 

 „Salt Typhoon“ veikia nuo 2020 m. ir yra nacionalinės valstybės įsilaužimo grupė, įsikūrusi iš Kinijos, kuri daugiausia dėmesio skiria šnipinėjimui ir duomenų vagystėms, ypač tinklo srauto fiksavimui, rašoma „Microsoft“ rugpjūčio mėn." [1]

1. U.S. News: U.S. Wiretap Systems Targeted in Hack --- Cyberattack linked to China is viewed as a potentially catastrophic breach. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert.  Wall Street Journal, Eastern edition; New York, N.Y.. 05 Oct 2024: A.3.

Wiretappers Are Wiretapped: The more our government knows about us, the more our enemies and our government's enemies know about us.This is the nature of internet

 

"A cyberattack tied to the Chinese government penetrated the networks of a wide swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

For months or longer, the hackers may have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.

Verizon, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently-discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said.

Spokesmen for AT&T, Verizon and Lumen declined to comment on the Salt Typhoon campaign.

Companies are generally required to disclose material cyber intrusions to securities regulators within a short time frame, but in rare cases, federal authorities can grant them an exemption from doing so on national security grounds.

The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband firms must allow authorities to intercept electronic information pursuant to a court order.

The attack, and its significance, was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it, the people said.

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers which count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside of the U.S., the people said.

A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome.

Senior U.S. officials have for years warned about the economic and national security implications of China's multipronged spying operations, which can take the form of human espionage, business investments and high-powered hacking operations.

More recently, officials have been alarmed by alleged efforts by Chinese intelligence officers to burrow into vulnerable U.S. critical infrastructure networks, such as water-treatment facilities, power stations and airports. They say the efforts appear to be an attempt by hackers to position themselves such that they could activate disruptive cyberattacks in the event of a major conflict with the U.S.

The Salt Typhoon campaign adds another piece to the puzzle.

Investigators are still probing the origins of the Salt Typhoon attack and are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet, The Wall Street Journal previously reported. A Cisco spokeswoman said earlier that the company is looking into the matter, but has received no indication that Cisco routers were involved. The spokeswoman didn't respond to a request for comment Friday.

China has denied allegations from Western governments and technology firms that it relies on hackers to break into foreign government and business computer networks.

The Chinese Embassy in Washington didn't respond to a request for comment.

Microsoft is investigating the new Salt Typhoon intrusion along with other cybersecurity firms and what sensitive information may have been accessed. Microsoft helps companies respond to cyber intrusions using data from its vast, globe-spanning network of hardware and software and has assigned some China-linked campaigns the Typhoon moniker.

Salt Typhoon has been active since 2020 and is a nation-state hacking group based out of China, which focuses on espionage and data theft, particularly capturing network traffic, Microsoft said in a research note written in August." [1]

1. U.S. News: U.S. Wiretap Systems Targeted in Hack --- Cyberattack linked to China is viewed as a potentially catastrophic breach. Krouse, Sarah; Volz, Dustin; Viswanatha, Aruna; McMillan, Robert.  Wall Street Journal, Eastern edition; New York, N.Y.. 05 Oct 2024: A.3.