Israeli Surveillance Gear

The Israeli Defense Force mounted a botched raid in Gaza. They were attempting to install surveillance gear, which they ended up leaving behind. (There are photos -- scroll past the video.) Israeli media is claiming that the capture of this gear by Hamas causes major damage to Israeli electronic surveillance capabilities. The Israelis themselves destroyed the vehicle the commandos used to enter Gaza. I'm guessing they did so because there was more gear in it they didn't want falling into the Palestinians' hands.

Can anyone intelligently speculate about what the photos shows? And if there are other photos on the Internet, please post them.

Posted on November 18, 2018 at 6:26 AM • 24 Comments

Comments

ronNovember 18, 2018 7:44 AM

If it is intelligence-related hardware, nobody with actual knowledge will tell you anything useful.

I note that the pink labels seem to be in Hebrew (hard to see w/ the photo resolution), and I find it doubtful that a device intended to be installed in enemy territory would have labels in Hebrew.

AmitNovember 18, 2018 8:58 AM

The picture itself is very odd - there are a lot of lables, none of them are legible. '
It would surprise me a bit if this actually shows the surveillance hardware, since the only parts I can actually identify look like a socket for a comm handset (Something like this http://heb.sysdo.net/images/product/38_1.jpg) and there are way too many output options for something that should collect information.

PhaeteNovember 18, 2018 9:55 AM

I can see some self made control boxes with 80s style switches and what looks like labelmaker labels. Other stuff is obscured, but you usually don't control computerised equipment with those switches.
Desert condition/ruggedness requirement might play a role, but even then one might expect newer tech, especially with the connections the Israeli have.

I'm not sure what kind of system that is but it looks either antique or amateurish.

Clive RobinsonNovember 18, 2018 11:34 AM

@ Bruce,

I can not in all honesty advise anyone to look at that page.

It basically wants you to be tracked in oh so many ways it would not be sensible to do so.

I do not know what Israeli organisation is behind the web site, but it strikes me as odd that if these photographs are so sensitive to Israeli National Defence, then why would a reputable Isreali orgasnisation be putting them out there?

Something tells me there is a large rodent behind this somewhere.

Spy or Sky?November 18, 2018 11:48 AM

@Bruce
>> There are photos

Is it a news website or Mining website? NoScript add-on blocks it.

“Three things are infinite: the universe, human stupidity and Israeli–Palestinian conflict; and I'm not sure about the universe.” ― Albert Einstein (?)

FaustusNovember 18, 2018 12:02 PM

Maybe the devices were left as bait to a trap, that may involve browsing to these web pages as part of the exploit. Sub threshold sound communication? Or some other covert channel between devices and web pages?

KerenNovember 18, 2018 12:20 PM

I am Israeli and I can confirm that walla.co.il is a legit news website that is very popular here among the general population. Quite possible that the site owners are collecting and selling info about visitors, but I doubt it's an Intelligence services front. Many sites here are just horrible and obnoxious.

The photo of the guts of the device is at a resolution just low enough that nothing is really legible. I am pretty sure that the pink label furthest down and to the right is composed of two words, the second of which is "SWITCH" (upside down relative to the camera).

TimothyNovember 18, 2018 12:21 PM

A Breaking Israel News article “IDF Officer Killed in Undercover Operation Inside Gaza” has a tweet not showing surveillance equipment per se, but rather footage of an Israeli strike in the Gaza Strip. Here is the tweet with the video:

i24NEWS English
@i24NEWS_EN
WATCH: Footage purportedly shows Israeli forces striking targets in the #Gaza Strip. Reports indicate that an Al-Qassam brigade commander was killed in an Israeli operation earlier this evening.

Read more HERE: http://i24ne.ws/ijS330mzVsn

Breaking Israel News also has an article about a $38 billion defense aid bill drafted by the U.S. for Israel. The article says, “The bill would give Israel increased access to sophisticated U.S. technology to ensure it maintains its qualitative edge in the region through the U.S. war-reserve stockpile in Israel, which Israeli forces can use under certain conditions.” From what I can tell, the bill (the “U.S.-Israel Security Assistance Authorization Act of 2018“) has passed both chambers of Congress, but is still awaiting the president’s signature.

According to several The Economist articles, Israel also has relationships with China and the Gulf states:

Israel’s commercial ties with China have flourished under Binyamin Netanyahu, the prime minister, who met President Xi Jinping in Beijing last year (see picture). In the first eight months of 2018 Israel sold $3.5bn-worth of goods and services to China, up 63% compared with the same period last year. China accounts for a third of the investment in Israel’s impressive technology sector, said Mr Netanyahu last year. The prime minister will host Wang Qishan, China’s vice-president, for an “innovation summit” in Jerusalem on October 24th.

Also from the article “A general tells Israel that its army must be still readier to fight”:

At the same time, the generals have been blindsided by Binyamin Netanyahu, the prime minister, who has just proposed his own “IDF 2030” programme, envisaging more spending on long-range missiles, cyber-warfare and intelligence gathering, instead of beefing up ground forces. Mr Netanyahu, who served as a commando officer 50 years ago, has often expressed impatience with the large armoured divisions of the regular army, and has always wanted more cash for sophisticated intelligence, special forces and the air force.

Clive RobinsonNovember 18, 2018 12:59 PM

@ paranoid,

With regards the photo you link to it appears to be a welded sub-chassis for a vehicle of a "standard form". What type of vehicle is not clear but at a guess I'd say for the likes of a medium sized delivery van.

If you look on the left you can see what looks like three semi-secure VHF or above radio systems of the sort that are fairly standard issue to military / police forces around the world for doing forward FATC for airstrikes.

Such kit usually runs on ~28V not the typical car and small van 13.8V. Which might account for what looks a commercial DC-DC converter (black heatsink white/silver lable) to the lower right of what could be a purple cussion.

To the right of that there is what looks like an "auto fuse bank" with the orange and red plastic fuse holders.

Under that is a black box with a similar one to it's right at 90degs. The yellow plastic that is visable appear to be protective plastic caps you get on high end high rel connectors when you buy them.

In between is another box of a similar form factor to the radios, but it's not clear what it is my guess is it's a crypto or store and forward unit. My guess is that the two black boxes are for "sensors" to be connected to and these then get multiplexed up into what could be a semi custom crypto-unit or store and forward unit.

Below and slightly to the left of the purple cussion is what looks like a central control box for the radios. The red switch cover is one of those oddities you see around equipment for mil use. Because it has a a dual function, which is to stop the toggle switch underneath it getting either accidentl knocked into a different position, and also stops mechanical vibration you would expect from off road or similar vehicles.

If you move down from this towards the front you will see a bunch of white connectors that are almost universal in cars and light commercial vehical wiring harnesses. What they are designed to "pickup with" in this case is not clear.

To the right of the white connectors are another bunch of rotary and toggle switches that look like they are designed for "high current" switching and one lable appears to have "12" on it suggesting that this part is for power supply switching.

Without better photographs there is not much more you can say.

But if I was to make a guess this was designed for an unmaned "park-up unit" which could be interogated by either a helicoptor or plane using standard 40-70MHz VHF or 400MHz UHF equipment, which would mean little or no suspicion would be raised for standard military personnel servicing such air frames etc.

The question of course is there a "self destruct" unit in that mess, if there is my guess would be that it is in that box that could be crypto / store and forward...

John CarterNovember 18, 2018 2:35 PM

Hint to anyone publishing photos wanting to know "what is this thing". Use a macro lens and get close enough to see the labels on each component.

Given enough of those a knowledgeable person can pull the datasheets and infer what the rest of it is.

obsNovember 18, 2018 3:32 PM

I can't read Hebrew so I don't know what the article says. However, there are a couple of odd things in these photographs:

The vehicle shown in the lower three photographs is completely burnt down. There is not a single piece of plastic left on it. Such a fire usually leaves traces in the surrounding but there are no stains nor ash from the fire on the ground. Also there are bushes/twigs next to and below the vehicle which are not burnt, which I find odd.

The tires in the last photo are half hidden in the dirt. Park your car, set it on fire and look if it digs itself in by 10" just by burning. Presumably, the location in the photographs is not the place where the vehicle actually burnt down or the photos show a wreck that burnt a couple of years ago.

The plastic on the supposed surveillance device is more or less intact. If it is still part of the vehicle in this photograph, then there shouldn't be any cable insulators, plastic switches, printed labels left. This piece cannot have been part of the vehicle during the fire. Was it perhaps expelled by an explosion before the fire actually started? The device itself does not look like it is the origin of a violent explosion because it is rather intact.

These things aside, why would you use a raid to place surveillance gear? The device shown in the photograph is surely not meant to be taken out of the vehicle to be placed somewhere. It is meant to remain in the vehicle. Why then bother with creating a lot of attention with a military operation if the goal is to place surveillance gear and a single person could drive the vehicle to the destination and park the vehicle at the intended location?

I would say the equipment was part of the raid in the sense that it was used to locate the target person(s). It may not have been the intent to leave the car and the equipment behind but if you operate in enemy territory you usually take into account that you are forced to do it.

If this is truly the com/surveillance gear then the IDF did a pretty bad job in destroying it.

echoNovember 18, 2018 5:14 PM

I don't have a clue enough to guess but agree they did a bad job of destroying it. I can't ask more than wonder if it's old kit and they didn't expect running into a problem? It sounds daft but what if they wanted somneone to acquire this? Is there a plausible reason why this would be so?

Jon (fD)November 18, 2018 10:05 PM

@ obs :

"The tires in the last photo are half hidden in the dirt. Park your car, set it on fire and look if it digs itself in by 10" just by burning."

They can and they do. Look, if you choose to, at some of the plethora of pictures from the recent California wildfires. You will find cars in all sorts of interesting ways, and yes, sometimes burnt out with happy shrubbery beside them.

Fire can do weird things.

Jon (fD)

CallMeLateForSupperNovember 19, 2018 8:19 AM

So, JavaScript required? That would explain why the link ultimately coughs up a blank page here, where JS is DISabled. :-)

vas pupNovember 19, 2018 11:19 AM

I guess all such surveillance devices should have embedded self-destruction capability in a case of similar unsuccessful operation or/and unauthorized access.
Moreover, as I recall some electronics (many years ago in ussr) was placed in kind of epoxy cover around making unit as a brick difficult to do reverse engineering without destruction.

Clive RobinsonNovember 19, 2018 11:53 PM

@ vas pup,

I guess all such surveillance devices should have embedded self-destruction capability...

Self destruct devices, realy are not liked for many reasons, not least for their unreliability in various ways.

One of the reasons the so called "black box recorders" are switching over to "all solid state" is that chips are just to difficult to destroy... Likewise artillery shells woth massive G-Forces are using more and more solid state electronics for fusing systems.

Forensics personnel involved with sifting through the debris of terrorist bombs often find the electronic fuses be they mobile phones or other low cost consumer electronics with the chips still intact enough to be used...

Whilst they are,not impossible to destroy the job is a hard one. So much so that people have developed highly specialised "shaped charges" that are built for each chip...

One of the reasons behind the "going dark" encryption issue is to do with chip survivability in the likes of explosions. From the LEO perspective data that can be gained from devices used by bombers as part of the fusing and triggering mechanisms is desirable. Most but not all consumer electronic devices are realy not designed to be secure in the right way, including the likes of Solid State Hard Drives with inbuilt Full Disk Encryption. As we find out every so often when researchers buy a bunch and "put them under the microscope" and publish their results.

We've likewise seen Microsoft weaken the strength of "Bitlocker" in one way or another, including turning encryption off if a device at the lower level in the computing stack says it's encrypted...

Now Microsoft are playing with Linux, it will be interrsting to watch what they do with their patches and similar to do with high quality security...

But there are other issues with "self destruct" in that do you realy want to "sit on a bomb", or have it accidentally go off when a stray bullet hits the device it's built into or even just gets dropped?

The reality is, the more "fail safe" you make a "self destruct device" the more likely it is to go off. That is "fail safe" in such a device realy means "blow up on even more environmental factors" because the design focus is protecting the secret at all costs... Which includes those using the equipment as well as the equipment it's self.

As an example consider a self destruct device that includes "anti-tamper" mechanisms. Because of their function "anti-tamper" mechanisms are "fragil" in design, that is it takes very little for them to be triggered and thus trigger the self destruct mechanism. Like all mechanisms "anti-tamper" devices become more fragile with both use and age. And if they are to be of any use for their design function then they have to be "in permanent use" even in storage, otherwise they become easy to bypass...

Thus "Catch 22" comes into play.

It's one of the reasons the likes of the SigInt agencies like GCHQ, NSA, et al have "Crypto Ignition Keys" and "Key Fill" devices such as "punched paper tape".

The correct design ethos is to make the system solid, and reliable to the point of surviving a close by nuclear blast, if it cannot survive this in a functioning state it should not be on the battlefield. But... design it such that the encryption KeyMat is on a removable device or can be "zeroed" with the press of a button, loss of power or half a dozen other easy ways. You then implement appropriate "KeyMat handeling proceadures" to do fast refill from "blue tape" etc.

But things can still go wrong... I was in a forward ComCen with multiple bits of comms and crypto kit all humming along nicely in the cell. The person holding the KeyMat having filled and initialised the crypto devices had withdrawn with the KeyMat to a rearwards position "for reasons unknown" at the time and taken the fill with them. A flash message giving orders to prepare for bug-out but hold and remain carrying traffic untill enemy contact etc, came down the wire, which I handed to the officer in charge who got the ball rolling. Due to a misunderstanding the standby power system got removed from the outside of the cell instead of the main power supply. Thus when main power was pulled with the "non essentials" decamping it was "lights out" for the comms/crypto cell...

With the power quickly restored, and having the KeyMat fill tape in your now sweaty hand you can with experience get ten or so crypto devices "re-filled" before the first has resynced with the comms, thus the slowest part is getting the door open on the semi-portable KeyMat holding safe... Which on this occasion was not where it should have been because somebody who shall remain namless had naffed of rearwards and taken it with her...

There are proceadures for "Re-keying without KeyMat" and for "Obtaining KeyMat without secure comms" such as over an Engineering Order Wire (EOW) or open voice circuit. They are basically manual processes that use a One Time Pad or similar as a bootstrap. But they are at best slow and laborious and not something you want to do by yourself[1].

Especially as the sole comms tech everyone is now looking at, because you are the only person in the cell that has done the training as the Yeoman of Signals and KeyMat holder are both not in the cell where they are supposed to be at such times...

It was far from "my finest hour" and luckily I got saved by "enemy contact"... Thankfully it was only an "excercise" but reports had to be written and local procedures had to be changed. Which ment having to explain the "who what where and when" to people with red on their collars, in a way that does not kill careers etc[2]. Which is not an ordeal you should put a young person of "delicate sensibilities" through :-(

[1] Whilst you can do the "mechanics" of the process yourself, authentication steps in such protocols can require "two key persons" or more and due to the way things work you are probably not even one of them...

[2] The secret to this is by the good old bureaucratic technique of "reflecting the problem back upstairs". What you do is examin the existing procedures handed down from on high looking for flaws. You then frame / couch what went wrong in a way that shows that "following procedure" is what went wrong, thus every one had done what they were supposed to have done and are thus blaimless... The fact the real reason "procedure" failed is a certain person who shall not be named wanted to use a real toilet rather than squat over a trench in an open field, need not be known ;-)

OtterNovember 20, 2018 10:27 AM

Have you seen photos or film from Gaza recently?

There is no one in the Isreali Army dim enough to imagine they might park a van unnoticed anywhere in Gaza. And equipment decorated with Hebrew text!

On the other hand, Isreali citizens are brighter than Americans. It is probably a the-sky-is-falling-pump-up-our-budget.

vas pupNovember 20, 2018 11:24 AM

@Clive: "But there are other issues with "self destruct" in that do you really want to "sit on a bomb", or have it accidentally go off when a stray bullet hits the device it's built into or even just gets dropped?"
Clive, thank you for your input on that, but I was thinking about kind of chemical-type destruction when acid/other solvent could dissolve critical element not harming folks around.
Yeah, you right that accidental activation is always possible - but that is up to cost benefit analysis which is different in case of the battle field or compromising IC operations.

Wesley ParishNovember 21, 2018 4:44 AM

@Otter

This case of the IDF putting their foot in it is a real-life illustration of an old Russian Jewish joke:

An old Russian Jew was sitting alone in a railway carriage with his shopping bag when a Russian officer entered the carriage and sat down. After a while he opened the conversation, saying, "How come all you Jews are so smart?"

"Oh, it's simple," the old Russian Jew said. "We chew raw fish heads." Then he looked into his shopping bag and said, "Well, guess what, you're in luck! I've got a raw fish head here, and I'll sell it to you for three roubles."

The officer duly bought the fish head and sat chewing it, then suddenly said, "I could've bought a fish head for eight kopecks!"

"You see," said the old Russian Jew, "it's working!!!"

The IDF is filled with fish-head-chewing bureaucrats wondering if they can remember how to make fish soup. Each one sells fish heads to the next, and buys them from the previous. Then they enter the Knesset and spend the rest of their careers trading and chewing fish-heads.

Chewing fish heads for three roubles when you could've bought them for eight kopecks is a function of power, not ethnicity.

FalseNovember 27, 2018 8:17 PM

"One of the reasons the so called "black box recorders" are switching over to "all solid state" is that chips are just to difficult to destroy"

Bullsh**

Clive RobinsonNovember 28, 2018 2:35 AM

@ False,

Bullsh**

Yet a new bottle for sour wine?

Your comment is obviously devoid of any kind of fact, and it's hardly even qualifies as a reasoned opinion, just a jerk response as seen in some types of neurological testing...

So it's "Put up or Shut up time", you will need to quote with valid citations within 24 hours why you regard my statment as inaccurate or non factual.

Please remember that what preceded the solid state devices were "electro mechanical" including if you go back far enough "chopper amplifiers" and "wire recorders", that in their time were "state of the art"...

I suspect your Ratio of success to remain low as always.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.