Home » Comms » Hez Hacked Israeli Radios

Hez Hacked Israeli Radios

This is downright shocking, if true. “Hezbollah guerrillas were able to hack into Israeli radio communications during last month’s battles in south Lebanon, an intelligence breakthrough that helped them thwart Israeli tank assaults,” Newsday reports.

Using technology most likely supplied by Iran, special Hezbollah teams monitored the constantly changing radio frequencies of Israeli troops on the ground. That gave guerrillas a picture of Israeli movements, casualty reports and supply routes. It also allowed Hezbollah anti-tank units to more effectively target advancing Israeli armor, according to the officials…
The Israeli military refused to comment on whether its radio communications were compromised, citing security concerns. But a former Israeli general, who spoke on the condition of anonymity, said Hezbollah’s ability to secretly hack into military transmissions had “disastrous” consequences for the Israeli offensive…
Like most modern militaries, Israeli forces use a practice known as “frequency-hopping” — rapidly switching among dozens of frequencies per second — to prevent radio messages from being jammed or intercepted. It also uses encryption devices to make it difficult for enemy forces to decipher transmissions even if they are intercepted. The Israelis mostly rely on a U.S.-designed communication system called the Single Channel Ground and Airborne Radio System…
With frequency-hopping and encryption, most radio communications become very difficult to hack. But troops in the battlefield sometimes make mistakes in following secure radio procedures and can give an enemy a way to break into the frequency-hopping patterns. That might have happened during some battles between Israel and Hezbollah, according to the Lebanese official. Hezbollah teams likely also had sophisticated reconnaissance devices that could intercept radio signals even while they were frequency-hopping.
During one raid in southern Lebanon, Israeli special forces said they found a Hezbollah office equipped with jamming and eavesdropping devices.

It was my impression that this kind of signal interception was really, really hard to do — especially for an irregular force like Hezbollah. I know there are some radio and commsec gurus who read the site regularly. Weigh in here, guys.
Or maybe the article itself contains the seed of what actually happened. “Besides radio transmissions, the official said Hezbollah also monitored cell phone calls among Israeli troops,” Newsday notes. A raided Hezbollah base had list of “cell phone numbers for Israeli commanders.“
Cells are, of course, way easier to intercept. “Israeli forces were under strict orders not to divulge sensitive information over the phone.” But maybe they talked anyway. Maybe they thought Hezbollah would never be sophisticated enough to grab their calls.
UPDATE 3:25 PM: Weeks ago, the Times of London and Asia Times had hints of this.

Apparently using techniques learnt from their paymasters in Iran, they were even able to crack the codes and follow the fast-changing frequencies of Israeli radio communications, intercepting reports of the casualties they had inflicted again and again. This enabled them to dominate the media war by announcing Israeli fatalities first.
They monitored our secure radio communications in the most professional way, one Israeli officer admitted. When we lose a man, the fighting unit immediately gives the location and the number back to headquarters. What Hezbollah did was to monitor our radio and immediately send it to their Al-Manar TV, which broadcast it almost live, long before the official Israeli radio.

(Big ups: JQP, /.)

Share |

{ 74 comments… read them below or add one }

reload223 September 24, 2006 at 5:10 am

Pssiitttttttt —- you missed something, what Hez boys were doing were listening to cell phones ———————-

Reply

Recon 30248 September 24, 2006 at 6:23 am

i am from Iran and i am a network security expert. this is like a joke that IRAN and Hezbollah have such ability. These hacking techniques require advance knowledge and experts. as i know in my country what is not important , is knowledge !! so who want to hack these complicated systems ? The Hezbollah (who r unfamiliar with basic warfare) or REVELOTIPN BRIGARDS (same as Hezbollah) i recommend u to allow military intelligence search for something else like military personal abuse or spying.

Reply

Golani51 September 24, 2006 at 6:50 am

Point 1.
They rabs have been able to jack into communications for at least the last several years since I served. One doesn;t have to be a genius, especially when it comes to mobiles.
Point 2.
As for it being sa victory against Israel, what a crock of your mothers crappy hummus. For reasons beyong understanding, Israel pulled back when we should have gone on and cleared the waste that is Lebanon. Unfortunately, injuries were suffered because unlike those sheep-dipping bloodthirdty murderers, Israel does care about the life of innocents, even if it adds to the fatalities of its own soldiers. As an ex-IDF sniper, I can verify many times I wasn’t allowed to complete a job because of information that could not be 100% verified. If Israel said screw them all, it wouldn’t have taken much to clear the whole bloody lot of them. Case closed!!

Reply

erewhon September 24, 2006 at 10:15 am

SAVILLE is a relative biatch to encode and decode, unless you’re vonNeumann’s reincarnation you’re not likely to be decrypting it in any useful period of time.
The most straightforward way to intercept a SINCGARS net would be to have someone give you the keys.
In terms of frequency hops, SINCGARS’ direct chip LFSR algorithm has a long dwell time (comparatively) and very well defined bins. You could use a multi-blade SDR setup to first bin out the entire SINCGARS hop spectrum, if you got somewhat close to an operating system.
The hopset for a SINCGARS net is variable but usually not that many slots, less than 2000 bins and usually more like 1000. Once you have the hopset elucidated, you can narrow your SDR’s attention to the 1000 or so bins that the net is operating in, a small enough subset that your SDR could easily munch it in real time.
You could use that data to easily triangulate on units close by. Given idiosyncrasies in each unit’s center frequency, chip timing and amplitude, you can eventually identify and separate out transmissions from units at a distance.
Decoding would be a lot tougher. But if you had the keys at one location and no way to easily distribute them to the other “freedom fighters”, I would assume one might be able to fake being a net controller and send well-known keys to the net with ERFs, everyone would think they were properly set up to transmit with code keys but would be using ‘blanks’.
Short of that, there are some other ways to attack encrypted transmissions that don’t involve directly decrypting the traffic’s data stream by carefully examining some aspects of the signal characteristics once you have the hopset. Some sets will “give away” more of this info than others, it would be a crapshoot if you could locate a SINCGARS unit doing it that was also sending really useful comm traffic. Maybe that’s why HB couldn’t do it daily.
At any rate, a special purpose SDR receiver with some computational horsepower and a competent operator is needed, most likely HB is getting help from a technically advanced country, it’s not the sort of thing you toss together over the weekend.

Reply

Warren September 25, 2006 at 9:06 am

It is kinda funny most of you jokers act like these arabs are backward and you pysdo tough guy have no respect for our current foes in the middle east, I am a signal officer and when I attended college most of the EE, and mathmatic majors were either arab or persian. Freq are based on wavelengths hmmmmm….maybe the are smat enough to figure this out…and maybe we are to dumb to see it. In a nutshell never underestimate you enemy.

Reply

41mils September 25, 2006 at 1:07 pm

Interesting debate. Most telling is that you never underestimate your enemy, technology is not fool proof, and the good guy doesn’t always win.

Reply

djb1017 September 26, 2006 at 8:11 am

To erewhon & his ilk; There is an old saw about engineers: “Never use a straight line where a recurve is possible, the shortest distance between any two points is never a straight line, & never, EVER, use clarity when obfuscation will suffice”. I don’t know who the original author was, but he sure nailed it when one reads comments like the ones erewhon (amoungst others) wrote. Why is it so hard for engineers to stop & think before they open their mouths to massage their own ego’s with supposed insider info? These guys make me crazy!! Hey moron - anyone with a high end scanner, a decent laptop & 10 cents worth of brains can figure out the 5 or 6 percent of transmitted info necessary to sus out common repeated intel. The more you engineers complicate things, the easier they are to break. Evidently, this is a lesson which will never find acceptance in the engineering community.

Reply

Liz September 26, 2006 at 12:30 pm

It can be a tricky thing to keep track of who got what weapon, not to mention when and how they are used, when the technology and intelligence of weapons is just like any other commodity-regulated by availability and demand.
National borders and national loyalty is only true in the vocabulary of those at the state vs state level. Below relations-whether in information, personal connections, monetary transactions, resources etc - are flowing with little regard to artificial lines.

Reply

erewhon September 26, 2006 at 9:24 pm

djb:
Do you seriously think a Radio Shack scanner is going to be able to follow a direct-chip sequence spread spectrum network? Even one as slow as SINCGARS?
Get a grip, dude. It’s only been in the last couple of years that software defined radio systems have been able to pull it off.
You can’t spot traffic patterns until you can catch the traffic. You…DO…know that you can’t just turn on a shortwave and actually HEAR anything on a spread-spectrum net like SINCGARS?
Back under your rock, troll boy. Come back when you can describe an FFT kernel without a cut-and-paste off Wikipedia.

Reply

Begruss September 26, 2006 at 9:50 pm

One more time:
Where did it say specifically that the HZ decoded frequency hopping signals. The use of the expression “hack into” sounds to me like the author of the original article did not really understand the total situation. As usual, we American high tech guys jumped in and said it cannot be done. There were indications that the HZ did monitor some RDF cell phones and probable some signal channel comms that may or may not have been encrypted. Bottom line, everyone should have learned something about OPSEC planning and tactical communications in the field.

Reply

erewhon September 27, 2006 at 11:04 am

Begruss:
Both the London Times and Newsday articles seemed pretty explicit that they had compromised either SINCGARS or other unnamed Israeli comms that used frequency hopping. Grant you, as you say the authors may have misunderstood, but it was explicitly stated that HB had gotten their intel from encrypted or frequency hopping comms.
If they were using digital cell phones, the data is encrypted there as well but you can snag the key if you catch a call during setup. Or you can do it pretty easily at the cell tower, if you get access to the equipment. You can’t trust cell phones in enemy territory.

Reply

SaigonJohn September 27, 2006 at 12:47 pm

Just a thought, What has been Syria’s fee for torturing suspected Al Quaeda members. Access to possible signal hopping frequences related to our old, outdated battlecom system??

Reply

Bucky September 27, 2006 at 11:58 pm

Been a ham and inventor in more then one way for over 50 years. I beleive I have a way to catch whomever/whereever at anytime. I need a contact with the proper agent and or person. Can be done with what we already have availible to us.

Reply

erewhon September 29, 2006 at 4:27 pm

“Ps, It’s not possible to intercept and decrypt Israeli Military Radio Communications within a reasonable parameter for effective utilization. So, for the the people here declaring it can be done … quit smoking crack and get back to reality”
Once upon a time there was a person of Arabic descent. He thought he had a secure line of communication. He spoke of many interesting things upon his encrypted radio link.
The encryption was indeed formidable. Not decodable in universe time…one of those combinatorial explosions you get with prime factors.
Yet, the intrepid crew got the audio anyway.
And they didn’t decrypt the data flow.
How do you get down off an elephant? You don’t. You get down off a duck.
How do you decrypt spectacularly good encryption?
You don’t.
In this case, the audio amps were drawing a variable amount of current when our Islamic friend spoke on the invulnerable encryption. That caused a tiny frequency deviation in the FM modulator, and a tiny AM modulation of the signal amplitude. And when you used a mathematic transform on the two that amplifies similarities between the two effects and removes the other noise, voila! there was the voice data.
The moral of the story is, you don’t always have to decrypt the unbreakable encryption to retrieve the data.

Reply

xshipdriver October 1, 2006 at 10:46 pm

Sometimes, the obvious is overlooked. It is not impossible that the Hezbollah had the use of the fruits of Iranian or Syrian espionage. Since the system is a US one, it is possible it was compromised in the US. Remember what the traitor Walker did to the US Navy?

Reply

Lizardman October 6, 2006 at 10:27 am

Having worked for the maker of SINCGARS, I am not aware of any sale of the system to the IDF. Israel has it’s own comms company and they prefer to use it instead of a foreign system. The IDF radios although Freq Hopping are not based on the SINCGARS model in anyway.

Reply

Sean Osborne October 18, 2006 at 12:33 pm

I have 4 .jpg images of the equipment the IDF SoF recovered as refereced in the article.
All I can say is that your eyes will pop like mine did.

Reply

J.P. Patterson RM2 October 31, 2006 at 12:32 am

Do you guys remember a guy named John Walker a US Navy RMC who stole our Jason and Creon codes for the Russians? All during Nam the Soviets supplied codes and then radio equip cloned from the hijacked USS Pueblo. They read our mail every day for years while we sweated our secure procedures. Even channel hopping can be tapped into with the right computer chip.

Reply

Alvin King November 4, 2006 at 1:25 am

Rule # 1, regardless of your communication and transmission security, even the most advanced, always assume that all your communications have been intercepted by the enemy and that it will be used against you. Hence, only a fool would believe that his communication system cannot be intercept, decode and use against you

Reply

Ray July 27, 2008 at 12:12 am

I had heard that Israel DOES NOT use SINCGARS. If their frequency hopping net was hacked then they were not using encryption. It is possible to follow a FHSS net by using highly specialized receivers such as some made by WJ (Microceptor)+ AOR (SR1050). If they were just freq hopping in the clear then yes, anyone with $5500 and some good technical knowledge could follow the hopping. If they had used AES or even DES then their info would not have been broken in real time. As far as monitoring digital cell phones all they needed was a service monitor. On a further note, Israel is a terrorist nation just like Iran and Iraq. I wish the U.S would cut off that blood sucking leach Israel now!
Remember the U.S.S Liberty

Reply

Reva August 11, 2009 at 5:18 pm

Hey. Don’t be afraid to take a big step if one is indicated. You can’t cross a chasm in two small jumps. Help me! Help to find sites on the: Modern framed bathroom mirrors. I found only this - financial freedom debt relief. Pink acid washed jeans is probably the closest description. A home garden fun for the whole family. Thank you very much :o . Reva from Chile.

Reply

Kita August 16, 2009 at 7:35 pm

Greeting. Keep cool and you command everybody. Help me! Please help find sites for: Home depot bathroom mirrors. I found only this - debt relief form letters. Old sitting in the chair with his mouth hanging open. Now, as you put in the frames, together with the help of the handyman, you also have to note that it also has to be fixed by nailing. Thank :-( Kita from Nauru.

Reply

Rosalyn September 6, 2009 at 4:51 pm

Excuse me. Deeds, not words shall speak me.
I am from Zambia and also now teach English, please tell me right I wrote the following sentence: “How to apply provillus: the front hair is a regenerative hour industry that does at the effect of the head condition.”
Thank :p Rosalyn.

Reply

Katina October 1, 2009 at 12:34 pm

Good evening. There is a tragic flaw in our precious Constitution, and I don’t know what can be done to fix it. This is it: Only nut cases want to be president.
I am from France and too poorly know English, tell me right I wrote the following sentence: “Tisdale’s surgery jumped her to improve fabulous attempts on the melancholia.”
Thank :o Katina.

Reply

Leave a Comment

Previous post:

Next post: