Could Israeli cybersecurity tools have prevented 2016 Uber breach?

Udi Mokady, CEO of the Israeli firm CyberArk Software Ltd., expressed concern over security breach after news of a hack.

By
November 23, 2017 02:49
2 minute read.
Could Israeli cybersecurity tools have prevented 2016 Uber breach?

A photo illustration shows the Uber app on a mobile telephone, as it is held up for a posed photograph in central London, Britain September 22, 2017.. (photo credit: REUTERS)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

Ride-hailing giant Uber Technologies Inc. announced on Tuesday that hackers stole the account information of 57 million people; one Israeli cybersecurity firm may have been able to prevent the data breach.

In October 2016, hackers penetrated Uber by using computer code found on GitHub – a depository where engineers collaborate on code. They then stole Uber’s login credentials for cloud-service provider Amazon and downloaded the archive of data. Cloud services store data in an Internet server as opposed to an internal computer network.

Be the first to know - Join our Facebook page.


The attackers emailed Uber asking for ransom, and the San Francisco-company complied by paying them $100,000 to delete the personal data. The stolen information included customers’ names, emails and phone numbers, along with the names and license numbers of American drivers.

Udi Mokady, CEO of the Israeli firm CyberArk Software Ltd., expressed concern over the security breach. He said that companies should be wary if they're using DevOps, or when developers writing code work simultaneously with those operating and configuring the code.

An estimated “80% of security breaches involve privileged credentials,” Mokady said, adding that a recent CyberArk survey found that “75% of organizations report no strategy to manage secure DevOps secrets, with 99% of respondents failing to identify all places with privileged accounts.”

With more and more companies adopting DevOps – which prioritizes multi-team collaboration – many more people have privileged account credentials, which leads to greater security challenges. At the same time, more companies are being hosted on cloud development infrastructure rather than their own internal network.

“In the past, if you made this [coding] mistake, nothing happened,” said Kobi Ben-Naim, CyberArk’s senior director of cyber-research, since problems could be contained on an internal network. “But now, if a developer makes a mistake, like the one we saw with Uber, it’s a catastrophic mistake, because the code is public… hackers steal those [account authentication] keys and use them instantly.”

JPOST VIDEOS THAT MIGHT INTEREST YOU:


No cybersecurity tool is foolproof, but CyberArk and its Conjur service helps protect machine identities by creating a digital safe. In other words, CyberArk’s clients are not using account authentication keys, but rather the equivalent of a key.

“You cannot make the mistake of leaving the key exposed,” Ben-Naim said.

Based in Petah Tikva, CyberArk says the data breach underscores the need for more companies to use secrets-management solutions such as Conjur, which the company acquired in May 2011 for $42 million.

Israel has stood at the forefront of the global cybersecurity trade, partly because of the security challenges it faces. Much of its workforce gains experience in army intelligence or Unit 8200, where soldiers cyber-attack different nation-states. In other countries, software developers are conducting penetration testing, or “practice.” This has led to the success of multi-billion-dollar entities such as Check Point.

With future advances in machine learning and artificial intelligence, it is possible that computers themselves could write code, avoiding these types of developer mistakes and detecting errors through pattern recognition.

Until then, CyberArk’s Ben-Naim wants companies to know that “going into the cloud [server] itself, it’s not adding strength to your security.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

October 19, 2018
Police clear Eli Kamir in Netanyahu-related corruption case

By JERUSALEM POST STAFF