Cyber-terrorism: Defending the country’s online borders

Gov't sites are the most targeted by cyber jihadis. Some of the people at the forefront of protecting them shared some of their secrets.

Nuriel 311 (photo credit: YAAKOV LAPPIN)
Nuriel 311
(photo credit: YAAKOV LAPPIN)
It’s a sobering fact, yet one which surprisingly fails to create more than an occasional ripple: The government’s Internet portals are the most targeted networks in the world, coming under relentless attacks by cyber jihadis and hostile “hacktivisits.”
Furthermore, national defense planners remain concerned about potential attempts by skilled hackers to break into and sabotage computer systems that manage our vital national infrastructures, from the train system to the electricity grid.
Yet the vast majority of the attacks fail, and even those that do succeed are quickly neutralized.
On Monday night, some of the people who are, or who were recently, responsible for defending the nation’s online assets, gathered at the Interdisciplinary Center’s Institute for Counterterrorism in Herzliya and shared some fascinating inside information on a daily battle which plays out on a mostly silent – yet increasingly important – arena.
Speakers at the IDC’s International Conference on Cyber-Terrorism included Assaf Keren, who until recently was tasked with securing all government sites and portals.
Keren listed several of the most common attacks he faced, including denial of service, defacement of websites, theft/corruption of government data and threats to government online services or funds.
“Every time there is a crisis, we see lots of actions against the websites of the prime minister and the Foreign Ministry website,” he said.
During Operation Cast Lead, there was a doubling of defacement attacks.
When Deputy Foreign Minister Danny Ayalon became involved in a diplomatic entanglement with Turkey in January, Keren identified an impending largescale Turkish hacking attack on government sites, and ordered all Turkish ISPs blocked for a day – “to let them cool off,” he explained.
“We know that specific countries are sources of attacks, like Turkey, Saudi Arabia and Iran, and we just block them automatically when we detect that it is approaching,” Keren said. “We instruct personnel in the operations room to adopt a loose trigger policy during these times. They are free to block many more suspicious ISPs than usual.”
During times of armed conflict, denial of service attacks, in which millions of computers are hijacked by malicious software and are ordered to send phony coordinated requests for accesses to servers, leading to a crash, reached new peaks.
In what could be the largest denial of service attack ever, some 15 million requests per second were sent during Operation Cast Lead in Gaza, though Keren’s counteractions meant that the networks emerged largely unscathed.
“The sites being targeted give citizens information about what is going on.
During the Georgian-Russian war [of 2008], Georgia’s websites were taken down by hackers, and its Foreign Ministry was forced to use a Blogspot [free blog service] account... this hurts national pride. We don’t want that to happen to us,” Keren added.
He spelled out some of the basic steps involved in the security operation. “A number of security rings have been established for each government service,” he said.
The first ring of security is based on an operations center staffed at all times, with a minimum of three people per shift. It monitors and logs all attacks, and has the ability to take basic countermeasures.
Further out along the virtual security perimeter, analysts sift though logs of all previous attempted attacks. After identifying new threats, they update defenses, in effect immunizing them.
Online defenders must also deal with the threat of hackers who try to break into servers and quietly change their content, or steal sensitive information.
Recently, hackers succeeded in penetrating the Bank of Israel’s website, and defaced it. They could have done far worse damage had they altered one or two exchange rates, and only declared their actions months later, forcing the bank to reevaluate all other rates, leading to economic chaos, according to Keren.
The Bank of Israel’s website has since been moved from its private server and placed within the fortified government network.
DURING MONDAY’S panel discussion, Brig.-Gen. (res.) Nitzan Nuriel, director of the Counterterrorism Bureau, said his organization has been spending the past few years ensuring that government ministries were taking steps to defend critical national infrastructure from hackers.
“We have been asking: What type of civilian critical infrastructure should be defended by the state? Above all, the casualty question is most important.
How many people may be killed [in the event of an intrusion?] The railway system is one obvious example; if someone can take control and creates a train crash,” Nuriel said.
“Should hospitals be protected by the state? When we analyze the threat, we find the damage that could be caused by someone taking control of the IT system of a hospital can create a major mess that can lead to many casualties.
“A second question is the economy: What will be the level of economic damage? And the third question is the morale effect.”
Based on those criteria, the Counterterrorism Bureau has created a high priority list of sites that must be fully defended, such as the heavy industrial plants in Haifa, filled with hazardous substances.
Similarly, the bureau has been engaging the private sector in attempts to reach understandings on Web protection, Nuriel said, adding that companies such as cellphone networks were critical to the maintenance of any modern state.
“Insurance companies... hold 30 percent of our cash. What do you need to do to prevent an attack on them that would leave all of us without money? This is a real threat. We are walking into a new world... and we need to find new tools [of defense],” he said.
Plans for a nationwide exercise simulating a major cyber-terrorist attack were also being drawn up, he added.
The Counterterrorism Bureau has asked all directors-general of government ministries to take a series of steps to ensure that Web defenses of infrastructure under their jurisdiction were prepared for the threat.
Yaakov Lappin is author of the forthcoming book Virtual Caliphate (Potomac Books, Inc.)