Israeli pilots upload sensitive Iran strike documents to public network: Report

Classified documents from Israel’s elite Air Force Squadron 69, including preparation materials for a potential strike on Iran, were mistakenly uploaded to a non-secured online platform accessible to the public, Israeli media outlet TheMarker reported.

The files, which were managed via the Israeli army’s “Click Portal”—a Microsoft SharePoint-based internal workspace—were intended solely for unclassified data.

However, they included highly sensitive documents such as classified weapons manuals, response protocols for enemy missile attacks, and internal debriefs. Some of the files were uploaded by senior squadron personnel, including the squadron commander.

Files scanned via app with security history

Many of the documents were scanned using CamScanner, a mobile app previously removed from Google’s Play Store in 2019 due to embedded malware that posed a risk of user data leaks.

CamScanner, which is owned by a Chinese company, was also banned by the Indian government over national security concerns.

Among the files uploaded to Click Portal were operational briefings, event schedules, and security drill timetables, including references to alert procedures related to Iranian targets.

Although access was limited to users with Israeli army’s email credentials, the system was accessible globally and did not require military clearance—extending availability to reservists, discharged soldiers, and even pre-enlistment candidates.

Critical lapse in information security protocol

The exposure of these documents contradicts the established Israeli army’s information security protocols, which strictly prohibit discussing or handling classified material near mobile devices, let alone scanning such documents via mobile apps.

Security experts speaking to Israeli media outlet cited two core violations: the failure to compartmentalize access within the organization, and the exposure of classified data on a system meant for open communication. “You don’t want this content leaking,” one Israeli army official was quoted saying.

Israeli Air Force shocked by breach

The incident is particularly alarming given Squadron 69’s role in the Israeli Air Force, it was reportedly behind the airstrikes that killed Hezbollah leader Hassan Nasrallah and has been a command track for several top military figures, including current Israeli Air Force chief Tomer Bar.

According to TheMarker, Click Portal pages of both Squadron 69 and Squadron 166 were publicly accessible within the platform, though most other squadrons maintain closed access.

The 166 Squadron of the Israeli Air Force, also known as the Fire Birds Squadron, is an Elbit Hermes 900 UAV squadron based at Palmachim Airbase.

In one weekly briefing, the squadron commander warned explicitly about information security lapses and referenced an espionage incident in another unit.

Broader systemic concerns with cloud transition

The Click Portal was developed as part of the Israeli army’s broader shift to digital systems under former Israeli Chief of Staff Aviv Kochavi’s multiyear transformation strategy. Intended to improve organizational efficiency and enable remote access, the platform was hosted on a civilian cloud managed by Microsoft.

While the system is designed for basic services like medical appointments and transportation coordination, it has become a routine working environment.

Since COVID-19, usage of the platform expanded significantly, alongside the unauthorized use of it for sensitive operations.

Israeli army’s response and ongoing investigation

Following reports, the Israeli army removed the documents and launched an investigation led by the head of the Israel Military Information Security Department in cooperation with the Israeli Air Force.

“This is a serious incident that was addressed immediately. The content has been removed. A thorough investigation is underway,” the Israeli army said in a statement.