Ad Blocker Detected
Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.
The exchange of the intelligence, enabled by a finalized agreement the Treasury Department will announce Thursday, underscores the value both governments place in tapping data gathered by their private sectors to guard against an array of hacking threats from governments and cybercriminals alike.
It also shows that, despite the revelation in February that Israeli-made spyware had allegedly been used against US diplomats, Jerusalem and Washington are still in lockstep on some cyber-related issues.
One of the hacking incidents, which hasn’t been previously reported, involved hackers unsuccessfully trying to overwhelm the US Treasury Department’s computer servers and knock them offline in February and March, around the time that Russia waged war in Ukraine and the US slapped sanctions on the Kremlin, according to Todd Conklin, deputy assistant Treasury for cybersecurity and critical infrastructure protection.
The malicious cyber activity — known as a distributed denial of service (DDoS) attack — did not impact Treasury operations, Conklin said, but it was significant enough that US officials passed detailed information on it to their Israeli counterparts so they could check their systems for the threat. Officials did not pinpoint the culprit but Conklin said he suspected hackers sympathetic to Russia may have been responsible.
In a separate incident, the Israeli government in March was hit by a DDoS attack that temporarily knocked some government websites offline, a hack that some Israeli press reports suggested originated in Iran.
The Israelis shared technical information on the attack with the US Treasury, Conklin said, which passed it along to American financial firms that are no stranger to Iranian attempts to disrupt their systems.
Both of the hacking incidents are examples of how the new agreement to rapidly trade threat data is supposed to work in practice, according to Conklin. There are other means for the two governments to share cyberthreat data, including between defense and homeland security agencies.
But the new agreement means officials in the Israeli finance ministry and the US Treasury will have a formal means — rather than an ad hoc arrangement that relies on personal relationships — of rapidly sharing hacking threats to their respective financial sectors. The agreement could also lead to more cyberattack drills involving big US financial firms and their Israeli counterparts, Conklin said.
“Israel has a really strong public-private partnership in this space,” Conklin told CNN. “So they have access to a lot more real-time vulnerability data impacting … not only government systems, but also their broader private sector.”
The US and Israel have a long and complicated history of collaborating in cyberspace that has been at times strengthened — and tested — by their shared foe in Iran. US and Israeli operatives were reportedly behind a 2009 and 2010 operation to hack sensitive computer systems and destroy uranium-enrichment centrifuges at an Iranian nuclear facility.
The US is currently seeking to revive the 2015 agreement with Iran to set limits on Tehran’s nuclear program in exchange for sanctions relief. Iranian hacking operations sometimes ebb and flow in response to geopolitical events, according to analysts. There have been no public reports of a shift in Iranian cyber activity around the latest nuclear-deal negotiations.
The new agreement with Israel, however, “would offer an opportunity as a first-alert-type mechanism for us” if there was any new Iranian hacking activity aimed at the US or Israel, Conklin said.