The hacker attack that exposed the credit card numbers and other personal information of thousands of Israelis last week shows every sign of being an unsophisticated break-in that exploited the weaknesses of a poorly secured website. But experts warn that for Israel, like other highly networked economies, the worst is yet to come.
Lone-wolf hackers have gradually gained the knowledge and experience once the preserve of intelligence agencies and armies. Instead of defacing websites or shutting them down by flooding them with e-mails, growing numbers of hackers have the ability to disrupt electricity, water, medical and other critical services, they say.
Ayalon: Cyberspace attacks should be treated as terrorism
Tiberias man arrested for using hacked cards
“To shut down a major network, even for a government, is considered to be difficult, and demands excellent experience and knowledge, but there are a few tens of thousands of people around the world who could do it,” Ron Porat, who co-founded Hacktics, an Israeli maker of anti-hacking technology, told The Media Line. “Some of them have the motivation also.”
A group of Saudi hackers dubbed Group-XP led by someone who goes by the web name OxOmar claimed last week to have obtained the personal information some 400,000 Israelis through credit card data. The Bank of Israel said the numbers were in fact much smaller, probably about 15,000 names, and that the credit card issuers had blocked the exposed accounts.
Nevertheless, the attack drew a sharp response from Israel as well as its arch-nemesis, the Palestinian militant movement Hamas. Israel’s Deputy Foreign Minister Danny Ayalon termed the cyber-attack “a breach of sovereignty comparable to a terrorist operation” and hinted at unspecified “retaliatory action.”
Hamas, which is not believed to have had anything to do with this attack, termed it “a new form of resistance.” Spokesman Sami Abu Zuhri was quoted by Reuters urging others to ignore Ayalon’s threat and “use all means available in the virtual space to confront Israeli crimes.”
Much attention has been focused on governments engaging in cyber-warfare, such as the Stuxnet worm that allegedly wreaked havoc on Iran’s nuclear program or when a Chinese state-controlled telecommunications company hijacked a big chunk of the world’s Internet traffic, including data from the US military, for 18 minutes in April 2010.
But hackers like OxOmar are a growing threat as well.
Israel and Palestinian hackers have been engaged in a cyber cold war for more than a decade. Israeli teenagers blocked websites belonging to the Lebanese Shiite movement Hezbollah, provoking Palestinians and other Arabs to declare an e-Jihad. Those attacks consisted mainly of denial of service attacks and defacing websites, although embarrassingly for Israel these included over the years high-profile sites like those of the Knesset and Foreign Ministry. During Operation Cast lead in 2009, Hamas was probably responsible for an attack on Israel’s Amos 3 spy satellite. More recently, Israeli hackers took over an official Hamas website and uploaded Israel’s national anthem onto it.
Other cyber wars have erupted across the Middle East. Anonymous, a loose collection of so-called “hacktivists,” launched denial of service attacks against government websites in Egypt, Tunisia and elsewhere during the Arab Spring uprisings. In November, Anonymous turned its sites on the Muslim Brotherhood. “The Muslim Brotherhood has become a threat to the revolution Egyptians had fought for, some with their lives,” it declared in a video.
While Israeli credit card companies were handling the Saudi break-in, Turkish hackers were threatening to unleash a wave of attacks against French websites after lawmakers in Paris approved legislation that would ban the denial of the Armenian genocide.
They have already assaulted French websites, including that of Valerie Boyer, the French politician who introduced the law that could punish genocide deniers with jail time.
But that is small change compared to what hacker are potential capable of doing, say experts. Indeed, hackers now take the trouble to exploit human weaknesses to enter networks, for instance, applying for a job and using the interview to gain access to a company’s headquarters and physical access to a computer.
“These kind of things were once done by the CIA, but now they are being done by hackers. It’s becoming very, very hard to defend any organization including the army and intelligence units,” said Porat. “In the past most hackers used a single vector or two to hack into system. They use multi-vector attacks now.”
Danny Dolev, a leading computer scientist and engineer at the Hebrew University of Jerusalem, said that Israel was as well protected as any heavily networked economy even if it remains vulnerable. Policy makers and defense officials have over the past year come to recognize the extent of the threat.
In August, he noted, the government created a National Cyber Directorate
to coordinate activities of the agencies that deal with the issue and
to secure infrastructure against cyber attacks. The exposure of credit
card details will awaken the public’s attention, which is as critical as
“I’m glad in a certain way it happened because it will awaken
awareness,” Dolev told The Media Line. “Awareness means being careful
when you plug in a disk on key, being careful when you change a password
and being careful when you put your information on a social network.”
Dolev expressed doubt that a lone hacker is capable of bringing down an
entire economy, but he said they are capable of doing serious damage.
“Let’s assume a single hacker enters the blood database and changes few
of the blood types of the database,” he said. “This would be horrendous.
It would not bring down a country but it could do a lot of harm. There
is damage that would be significant.”