Big hack attack on Israel inevitable, say experts

Cyber warriors are gaining the knowledge to do more than virtual vandalism; the worst is yet to come say experts.

By DAVID ROSENBERG / THE MEDIA LINE
January 9, 2012 12:04
Illustrative photo

keyboard computer Internet cyber warfare 311. (photo credit: Thinkstock/Imagebank)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

The hacker attack that exposed the credit card numbers and other personal information of thousands of Israelis last week shows every sign of being an unsophisticated break-in that exploited the weaknesses of a poorly secured website. But experts warn that for Israel, like other highly networked economies, the worst is yet to come.

Lone-wolf hackers have gradually gained the knowledge and experience once the preserve of intelligence agencies and armies. Instead of defacing websites or shutting them down by flooding them with e-mails, growing numbers of hackers have the ability to disrupt electricity, water, medical and other critical services, they say.

RELATED:
Ayalon: Cyberspace attacks should be treated as terrorism
Tiberias man arrested for using hacked cards

Be the first to know - Join our Facebook page.


“To shut down a major network, even for a government, is considered to be difficult, and demands excellent experience and knowledge, but there are a few tens of thousands of people around the world who could do it,” Ron Porat, who co-founded Hacktics, an Israeli maker of anti-hacking technology, told The Media Line. “Some of them have the motivation also.” 

A group of Saudi hackers dubbed Group-XP led by someone who goes by the web name OxOmar claimed last week to have obtained the personal information some 400,000 Israelis through credit card data. The Bank of Israel said the numbers were in fact much smaller, probably about 15,000 names, and that the credit card issuers had blocked the exposed accounts.

Nevertheless, the attack drew a sharp response from Israel as well as its arch-nemesis, the Palestinian militant movement Hamas. Israel’s Deputy Foreign Minister Danny Ayalon termed the cyber-attack “a breach of sovereignty comparable to a terrorist operation” and hinted at unspecified “retaliatory action.”

Hamas, which is not believed to have had anything to do with this attack, termed it “a new form of resistance.” Spokesman Sami Abu Zuhri was quoted by Reuters urging others to ignore Ayalon’s threat and “use all means available in the virtual space to confront Israeli crimes.”

Much attention has been focused on governments engaging in cyber-warfare, such as the Stuxnet worm that allegedly wreaked havoc on Iran’s nuclear program or when a Chinese state-controlled telecommunications company hijacked a big chunk of the world’s Internet traffic, including data from the US military, for 18 minutes in April 2010.



But hackers like OxOmar are a growing threat as well.

Israel and Palestinian hackers have been engaged in a cyber cold war for more than a decade. Israeli teenagers blocked websites belonging to the Lebanese Shiite movement Hezbollah, provoking Palestinians and other Arabs to declare an e-Jihad. Those attacks consisted mainly of denial of service attacks and defacing websites, although embarrassingly for Israel these included over the years high-profile sites like those of the Knesset and Foreign Ministry. During Operation Cast lead in 2009, Hamas was probably responsible for an attack on Israel’s Amos 3 spy satellite. More recently, Israeli hackers took over an official Hamas website and uploaded Israel’s national anthem onto it.

Other cyber wars have erupted across the Middle East. Anonymous, a loose collection of so-called “hacktivists,” launched denial of service attacks against government websites in Egypt, Tunisia and elsewhere during the Arab Spring uprisings. In November, Anonymous turned its sites on the Muslim Brotherhood. “The Muslim Brotherhood has become a threat to the revolution Egyptians had fought for, some with their lives,” it declared in a video.

While Israeli credit card companies were handling the Saudi break-in, Turkish hackers were threatening to unleash a wave of attacks against French websites after lawmakers in Paris approved legislation that would ban the denial of the Armenian genocide.

They have already assaulted French websites, including that of Valerie Boyer, the French politician who introduced the law that could punish genocide deniers with jail time.

But that is small change compared to what hacker are potential capable of doing, say experts. Indeed, hackers now take the trouble to exploit human weaknesses to enter networks, for instance, applying for a job and using the interview to gain access to a company’s headquarters and physical access to a computer.

“These kind of things were once done by the CIA, but now they are being done by hackers. It’s becoming very, very hard to defend any organization including the army and intelligence units,” said Porat. “In the past most hackers used a single vector or two to hack into system. They use multi-vector attacks now.”

 Danny Dolev, a leading computer scientist and engineer at the Hebrew University of Jerusalem, said that Israel was as well protected as any heavily networked economy even if it remains vulnerable. Policy makers and defense officials have over the past year come to recognize the extent of the threat.

In August, he noted, the government created a National Cyber Directorate to coordinate activities of the agencies that deal with the issue and to secure infrastructure against cyber attacks. The exposure of credit card details will awaken the public’s attention, which is as critical as technology defenses.

“I’m glad in a certain way it happened because it will awaken awareness,” Dolev told The Media Line. “Awareness means being careful when you plug in a disk on key, being careful when you change a password and being careful when you put your information on a social network.”

Dolev expressed doubt that a lone hacker is capable of bringing down an entire economy, but he said they are capable of doing serious damage. “Let’s assume a single hacker enters the blood database and changes few of the blood types of the database,” he said. “This would be horrendous. It would not bring down a country but it could do a lot of harm. There is damage that would be significant.”

Related Content

Riot
August 31, 2014
Rioting resumes throughout east Jerusalem Saturday night

By DANIEL K. EISENBUD