return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Israel was planting malicious chips in US assets before China ]

Israel was planting malicious chips in US assets before China


Reporting on the FBI investigation of Chinese counterfeit, some possibly malicious, electronics has made no mention that Israel had embedded malicious chips in nothing less than the White House phone system by 2000. Outside of members of the intelligence community and attentive technical readers of the period, this will come as a surprise, possibly coupled with the erroneous assumption of anti-Israeli bias, to many readers.

Nothing in open source then or since has convinced me that the US telecommunications network is either secure or immune to further interruption or breach. Whereas SCADA control networks, primarily for power grid generation, transmission and distribution applications (genco, transco, disco), and recently fiber optic networks have been identified as vulnerable to attack, little has been made publicly of telco vulnerability until the China Cisco counterfeits. The vulnerability of the US/EU telco network to a variety of state and nonstate actors is so great that it should be ranked adjacent to the vulnerabilities of our SCADA networks, for all applications, and fiber optic networks. See:

Telco supply chain analysis has again been reduced to function at lowest cost with the assumption of low risk. All tier providers from whatever state actor need to be examined and risk assessed in the design, fabrication, installation and maintenance phases. See Foreign vulnerability inherent in US globalization of its commercial and defense supply chains, 5/6/2008.

Israel as independent actor, often counter to US interests, not unlike China

From Palmerston, interests, and forms of governance, 5/22/2004:

Israel pursues an independent diplomatic policy at odds with US interests. Israel is a modest cooperative partner in the US war against terrorism. Just as the Russians, the Pakistanis, the Chinese and others did in the post 11 September period, Israel immediately offered the US data that painted their parochial adversaries as the architect or participant of the air liner assault so that we might attack them. Each country offers or withholds information so as to advance its national interests, and attempts to influence where it cannot command. Israel is no exception and I think that it applies Palmerston better than the US.

Israel ran Jonathan Pollard, a US Navy civilian analyst, as a spy to enormous and ongoing harm to the US. Israel not only used that information to US disservice but further went on to sell or broker that information to the Russians and the Chinese, perhaps others. The impact on the US is still being felt to this day and none of the attempts of his apologist spouse, Esther, will wipe that away. The effects of Pollard's espionage is so great that Director CIA threatened to resign if Clinton pardoned Pollard. (If a US national has strong loyalties, be it religious, tribal, cultural or geographic, that work to the detriment of US interests, then I am also at odds with them.)

Israel is not a devoted friend of the US and it has nothing to do with religion or its democratic governance. (We forget that France was the principal post-partition mentor of Israel before the US.) It is a nation state acting in its best interests, some of which correspond to our own...

Yes, there are tactical interests between the US and Israel. Examples being the identification of certain Palestinian assets to the Israelis... I was in some briefings by Israeli officers in which they used a metaphor that I think circulates within the IDF, as others have heard it, that Israel is like the man atop a burning building that can neither put out the fire or get down off the building. All actions are conducted within that narrow range of options.

Commentary follows on related Israeli collection efforts and how those events receded from the public consciousness. The note on sources for a series on the interaction of AIPAC, American Jews, the State of Israel and the Christian Right also applies here.

Recognition of intel collection events obscured by fog facts

Larry Beinhart, author of American Hero [snippets here] filmed as Wag the Dog, describes "fog facts" as an overlooked class of information that become increasingly obscure with the passage of time. (This analyst would add lack of simple search tool access by scrolling off of the original source, lack of mirroring or mirroring at sites that have an otherwise offensive character, original foreign or foreign language sources, or pre-2004 topical information before the advent of the web that is still less well captured than post-2004 data.):

Fog facts are things that have been reported, somewhere, sometime, but have disappeared into the mist - like the pre-9/11 hints that there were hijackers in our midst. The fog facts can still be found by enterprising reporters, but with time and news space increasingly crunched - and media priorities shifting to the trivial - they usually remain obscure, at least to the general public.

Diplomatic "dead air," from both the embarrassed target and successful collector, combined with dissuasion of national reporting creates fog facts in record time. In the case of Israel, two events have persisted in the public consciousness, out of the fog bank: the Jonathan Pollard and USS Liberty affairs. Almost all other Israeli intel collection efforts against the US have receded into fog facts as if they never existed.

Espionage at the pinnacle of impunity

Consider Bush43 standing before the State Duma (lower house) or the Federation Council (upper house) of the Russian Federation or the PRC's National People's Congress (NPC) or Central Committee of the CCP and making the equivalent declaration:

I have been fortunate to see the character of Israel up close. I have touched the Western Wall, seen the sun reflected in the Sea of Galilee, I have prayed at Yad Vashem. And earlier today, I visited Masada, an inspiring monument to courage and sacrifice. At this historic site, Israeli soldiers swear an oath: "Masada shall never fall again." Citizens of Israel: Masada shall never fall again, and America will be at your side.

Given the level of espionage directed against the US by the State of Israel, the comparison is pointedly appropriate.


Israel's espionage efforts against the US, despite Israeli diplomatic statements to the contrary, are long standing, and all too effective. From Who's on the National Security Threat List and why?, 4/27/2004:

The 2000 Annual Report to Congress on Foreign Economic Collection and Industrial Espionage uncloaked to identify six greatest offenders as China, Japan, Israel, France, Korea, Taiwan, and India. I surmise the temporary Russian absence was due to the disruption from the breakup of the former Soviet Union. Taiwan was greatly exercised by being publicly placed among 13 nations designated as a threat to US national security, "including Russia, China, North Korea"... Who doesn't get publicized on the list are our closest allies such as the UK, (then West) Germany, the Netherlands, Belgium, and Canada.

Commercial enterprises and individuals account for the bulk of international industrial espionage activity, roughly three times the percentage due to foreign government-sponsored efforts.  Even developing countries pose a threat as their intel agencies profited from training provided by the USSR, DDR (East Germany), Czechoslovakia, Bulgaria, and even the US and so have created a "reservoir of professionally trained intelligence mercenaries."

Israel's espionage efforts are rivaled by their technology diversion efforts. From the 2005 Israel as serial violator, temporarily the chicken killed to scare the monkeys:

It is appropriate to class Israel as a serial violator in terms of its diversion of US weapons technology and weapons systems embedding US technology to states such as the PRC. Israel regards such sales as essential both to bolster its own defense industry and to secure greater independence from US strictures on its diplomatic action. Israel is also a purchaser of US weapon systems as well as a creator of weapons systems of interest to the US, thus it becomes a multi-edged proposition in purchases, technology, diplomacy, and US domestic politics.


Despite its violations Israel has succeeded in deflecting the bulk of US displeasure, thus is was interesting to see the US move to "sideline" Israel from "participating in developing the Joint Strike Fighter because of violations of agreements about arms sales to China."

Whatever one's opinion is of the State of Israel, the state is certainly unique in its ability to target US assets while retaining a more than cooperative relationship with the US.

Security risks in telco supply chains

This analyst would have the same concerns of employing a Chinese telco to build and/or maintain sensitive telecommunications systems, or provide service via their systems, as I would an Israeli firm as we have already had three significant, verified breaches courtesy of Tel Aviv, most notably the breach (also here) of the White House phone system by Telrad during the Clinton administration. I would have equal interest in the master purchase agreement between Sprint and ZTE, and the presence of Huawei of Telrad in telco installations.

PTT (Post, Telegraph and Telephone) applications should be on a national security-level footing regardless of who builds, and the pen testing and on-going monitoring should be done externally. Yes, this approach requires more money, assets and training but that is part and parcel of a national security footing. Witness the recent penetration of the Greek cell phone system (details here) and the recording of calls by senior government officials. Due to both architecture and insufficient patching, the perpetrators were able to penetrate and monitor even as they shielded their efforts.


Possible targets must examine their entire supply chain well into the lower tiers, the ostensibly more innocuous the better. Witness the Israeli firm, Amdocs Ltd, which did, and may still do, the bulk of directory assistance calls and call records and billings in the US. It was said that it was virtually impossible to make a landline call without generating an Amdocs record. NSA long felt that while Israel may not have been intercepting the contents of the calls, it did have a perfect "traffic analysis" of who called whom when and for how long. Combine that with external events and you have amazing abilities.


Israel penetrates the White House communications network


Said to have been operational in 1998 during intense Israeli speculation about US intentions of the ongoing peace process:

The tip-off about these operations [appears] to have come from the CIA... A local phone manager had become suspicious in late 1996 or early 1997 about activities by a subcontractor working on phone-billing software and hardware designs for the CIA. The subcontractor was employed by an Israeli-based company and cleared for such work. But suspicious behavior raised red flags. After a fairly quick review, the CIA handed the problem to the FBI for follow-up...


"It's a huge security nightmare,"... "The implications are severe,"... "We're not even sure we know the extent of it...All I can tell you is that we think we know how it was done... That alone is serious enough, but it's the unknown that has such deep consequences."


Sources in Israel say intelligence agents infiltrated Telrad, a company that had been subcontracted by Nortel, America's [then] largest telecommunications conglomerate, to help develop a communications system for the White House.


Company managers were said to have been unaware that virtually undetectable chips installed during manufacture made it possible for outside agents to tap into the flow of data from the White House.


Information being sent from the president to his senior staff in the National Security Council and outside government departments could be copied into a secret Israeli computer in Washington, the sources said. It was transferred to Tel Aviv two or three times a week.


One opportunity for Israeli agents to mount the operation arose when Nortel, Telrad and another firm won a 33m contract to replace communications equipment for the Israeli air force. Members of the air force were allowed access to manufacturing areas as a result...


As for how this may have been done technologically, the FBI believes it has uncovered a means using telephone-company equipment at remote sites to track calls placed to or received from high-ranking government officials, possibly including the president himself, according to Insight's top-level sources. One of the methods suspected is use of a private company that provides record-keeping software and support services for major telephone utilities in the United States.


A local telephone-company director of security, Roger Kochman, tells Insight, "I don't know anything about it, which would be highly unusual. I am not familiar with anything in that area."


U.S. officials believe that an Israeli penetration of that telephone utility in the Washington area was coordinated with a penetration of agents using another telephone support-services company to target select telephone lines. Suspected penetration includes lines and systems at the White House and NSC, where it is believed that about four specific phones were monitored -- either directly or through remote sites that may involve numbers dialed from the complex.


"[The FBI] uncovered what appears to be a sophisticated means to listen in on conversations from remote telephone sites with capabilities of providing real-time audio feeds directly to Tel Aviv," says a U.S. official familiar with the FBI investigation. Details of how this could have been pulled off are highly guarded. However, a high-level U.S. intelligence source [said] "The access had to be done in such a way as to evade our countermeasures .... That's what's most disconcerting."

Supply chain breach of the US telecommunications network


As part of, or in concert with, the Telrad penetration, the FBI was investigating Bell Atlantic and Amdocs Ltd., a "Chesterfield, Mo., telecommunications billing company [that] helped Bell Atlantic install new telephone lines in the White House in 1997":

Amdocs provides billing and customer services to telecommunications companies around the world, including Bell Atlantic, BellSouth, Sprint and Vodafone. The Israeli-owned company has grown at an incredible rate since opening an American base in 1997, tripling its U.S. revenues to more than $600 million in 1999. Amdocs software handles 50 percent of all local calls in the United States and 90 percent of all local calls in Germany...


Amdocs, once a small Israeli software company, is the world's leader in the $20 billion telecommunications billing software industry, with expected revenues this year of $1.1 billion, said Debra Katz, an analyst with Gerard, Klaur and Mattison in New York. The company employs 5,600 people worldwide and is run by "an amazingly high caliber of people."...

In what was a stupendous opportunity for traffic analysis, the US offered significant parts of its telephone logs (date, time, duration, to, from, likely more) to Israeli assets:

In 1997, the White House had a new, state-of-the-art phone system installed by Bell Atlantic. The system installed was not the secure, military-installed system for classified conversations but rather a commercially secure phone system. The classified phone lines presumably remain secure and are not involved in the alleged breach, sources said...


[A]  senior-level employee of Amdocs had a separate T1 data phone line installed from his base outside of St. Louis that was connected directly to Israel. [Investigation centered on] whether the owner of the T1 line had a "real time" capacity to intercept phone calls from both the White House and other government offices around Washington, and sustained the line for some time... An interceptor could allegedly place the location in the White House or other buildings where phone calls originated Sources familiar with the investigation say FBI agents on the case sought an arrest warrant for the St. Louis employee but Justice Department officials quashed it...

A US cryptographer and security specialist asked the same question that first came to mind when the breach was discovered:

Why should we be freely giving to Israeli corporations information (call records, CALEA information) that requires court orders to obtain in this country?  Such information is obviously sensitive, and the well-motivated efforts to strengthen and protect our national infrastructure should reasonably include mandating that such information not be routinely handled by any foreign entities...

 The balance tipped further in Israel's favor by its ownership of the major Lawful Interception (LI) products producer, Comverse Infosys. As US domestic calls transit telco routers, "Custom computers and software, made by companies like Comverse, are tied into that network to intercept, record and store the wiretapped calls, and at the same time transmit them to investigators":

The [Lawful Interception (LI)] manufacturers have continuing access to the computers so they can service them and keep them free of glitches.  This process was authorized by the 1994 Communications Assistance for Law Enforcement Act, or CALEA... [W]hile CALEA made wiretapping easier, it has led to a system that is seriously vulnerable to compromise, and may have undermined the whole wiretapping system...


[Comverse] insists the equipment it installs is secure. But the  complaint about this system is that the wiretap computer programs made by Comverse have, in effect, a back door through which wiretaps themselves can  be intercepted by unauthorized parties.


Adding to the suspicions is the fact that in Israel, Comverse works closely with the Israeli government, and under special programs, gets  reimbursed for up to 50 percent of its research and development costs by  the Israeli Ministry of Industry and Trade. But investigators within the DEA, INS and FBI have all told Fox News that to pursue or even suggest  Israeli spying through Comverse is considered career suicide.

Significant elements of the US/EU telecommunications network are neither secure or immune to further interruption or breach from a variety of state and nonstate actors. To focus on only one state, possibly erroneously, only does us harm.


President Bush Addresses Members of the Knesset

The Knesset


Office of the Press Secretary

For Immediate Release

May 15, 2008


USS Liberty Summary of Events

USS Liberty Memorial


I busted Pollard


Jerusalem Post

Nov 20, 2006 20:18, Updated Nov 20, 2006 20:41


telnetd root Backdoor in Vodafone's Ericsson Systems?

Sascha Welter


1 March 2006


Phone Tapping Scandal in Greece

Sascha Welter


02 February 2006


Why Jonathan Pollard is Still in Prison?



JUNE 28, 2002

See the section: 'THE CRIME'


Allies and espionage

Jane's Intelligence Digest

15 March 2002


Mirror via Nucnews




By Sylvain Cypel


05 March 2002

Translated by Malcolm Garris




The Israeli Spy Flap Will Fade Away, But At What Cost?

By Douglas J. Brown


February 7, 2002


Israeli News Reports On The Fox Series Of Israel Spying On US



U.S. phone eavesdropping software open to spying --Fox News

From: Declan McCullagh


Date: Fri, 14 Dec 2001 14:51:51 -0500

A Fox series of 4 items, of which this is part 3, is mirrored at Cryptome


FBI Probes Espionage at Clinton White House - suspected telecommunications espionage

by J. Michael Waller,  Paul M. Rodriguez

Insight on the News

May 29, 2000




Weekly  Intelligence Notes
Association of Former Intelligence Officers (AFIO)
26 May 2000


Israeli spies tapped Clinton e-mail

by Uzi Mahnaimi

Sunday Times (UK)

May 21, 2000

Original scrolled off




Weekly  Intelligence Notes

Association of Former Intelligence Officers (AFIO)

19 May 2000



Weekly  Intelligence Notes

Association of Former Intelligence Officers (AFIO)
12 May 2000


President, Senior Officials Briefed on Possible 'Penetration' of White House Phones

By Carl Cameron


6:57 p.m. ET (2257 GMT) May 5, 2000

Original scrolled off



The ABC's of Spying


New York Times

March 14, 1999


Why Pollard Should Never Be Released (The Traitor)

Seymour Hersh

The New Yorker

January 18, 1999


Gordon Housworth

Cybersecurity Public  InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

<<  |  May 2020  |  >>
view our rss feed