Israel braces for annual cyber attack by Anonymous-led hackers

Friday’s offensive is no serious threat, provides great learning opportunity, tech expert says.

APRIL 6, 2017 06:38

Updated: APRIL 6, 2017 13:44

Cyber hacking (illustrative) (photo credit: INGIMAGE) — Cyber hacking (illustrative)

(photo credit: INGIMAGE)

As Israeli authorities and companies brace for an annual cyber attack expected this Friday, the country’s capability to thwart website defacements and data pilfering attempts will be put to the test.

“There is a nice twist,” Dudu Mimran, the CTO of Telekom Innovation Laboratories at Ben-Gurion University of the Negev and BGU Cyber Security Labs, told The Jerusalem Post on Wednesday. “It’s kind of a training for Israelis.”

The forthcoming attack, called #OpIsrael, has been coordinated by the Anonymous network of anarchic “hacktivists” since April 7, 2013 – timed for Holocaust Remembrance Day that year – in retaliation for the previous November’s Operation Pillar of Defense in Gaza. Although the 2017 #OpIsrael kicks off on a weekend and runs through all of Passover, when most government offices are closed, cybersecurity experts are confident that the country is no more vulnerable than in previous years.

Anonymous threatens cyber attacks against Israel in November 2014

“I think in normal warfare – physical warfare – it matters more than in cyber warfare,” Mimran said. “Cyber is mostly automated, especially in these types of attacks. The main idea is creating volume of attacks. The main way to deal with that is automated defense.”

Among this year’s several dozen publicly listed #OpIsrael targets are a variety of government web sites, news sites, social media pages and businesses. Joining Anonymous in the attack will be “AnonGhost,” an international network composed of hackers associated with pro-Palestinian hackers and “Red Cult,” a group of hackers associated with the Anonymous community that mainly operates against Islamic State.

While past attacks have caused no physical damage to Israel, #OpIsrael campaigns have resulted in temporarily crashing websites and preventing them from providing services, as well as hacking databases and leaking some information.

In Mimran’s opinion, the main threat posed by #OpIsrael is the fact that the attack “makes everyone busy,” due to all of the volume generated.

“When it makes everyone busy it gives slack to more serious attackers,” he said. “It opens up a window to more serious attackers. Still, to be honest, Israel and many other Western countries – but Israel in particular – are always under attack.”

Stressing that he is “pretty sure” Israel’s defenses are capable of handling #OpIsrael once again, Mimran said the campaign actually provides Israel with several positive opportunities alongside the bad.

“From a training perspective there is always a learning lessons from this kind of event,” he said. “Basically, when you are setting up defenses you are always doing exercises and penetration testing, but you cannot simulate a huge crowd trying to penetrate.”

The #OpIsrael attack therefore creates a unique scenario in which Israel can learn about its cyber problems, as well as how to mitigate them, he explained.

“It does not elevate any serious threat on Israel,” Mimran said.

Another opportunity he pointed out is the fact that this year there is supposed to be “a large group of non-sophisticated attackers joining the party.” As they do so, Israel will now have the chance to identify these hackers and get to know them, Mimran explained.

While cyber preparedness in Israel is generally high regardless of the day, for #OpIsrael, companies and authorities may boost their manpower or shut down some non-critical services in advance, according to Mimran.

“I would expect that most of the public relation damages will be on the small businesses,” he said, acknowledging, however, that the impact is difficult to predict.

By hacking into smaller and medium- sized businesses that serve larger enterprises, intruders could potentially find a path to those bigger companies, he warned.

Aviv Grafi, CTO and cofounder of the cyber security firm Votiro, likewise said he felt that based on previous years, most of the impact would be felt by smaller businesses. Grafi’s Tel Aviv-based firm develops and licenses security software solutions to help protect organizations from external cyber attacks.

“Most of the successful attacks are on smaller sites, smaller or medium businesses that don’t have any security in place at the time,” he said.

For the most part, Grafi explained, the #OpIsrael attacks have been avoided in the past, as hosting providers communicated with their customers and asked them to strengthen security mechanisms and apply mitigation techniques.

With their target lists are readily available online, the #OpIsrael organizers are asking hackers around the world to attack Israel’s news and government websites in particular. In general, Grafi said, the hackers either launch defacement attacks – changing visual elements of the site – or amplification attacks – or those that significantly pull away traffic from a site by denying services. For example, an attacker might disable a citizen’s ability to submit a document to the Interior Ministry online, he explained.

“The interesting thing about this operation happening this year on Friday is that most of the businesses are closed, so I’m not sure there will be any significant damage in this aspect,” he said.

The only comparative difference that attacked domains could likely encounter on a Friday versus on a weekday is a slower pace in site restoration time, according to Grafi.

Although the attacks in the past have not resulted in significant damage, Frances Zelazny, vice president of the Tel Aviv-based firm BioCatch, warned that it is impossible to predict what Friday’s events will bring.

“Even though perhaps this is an organized thing and we knew that it was happening, the nature of the attack is an unknown, and how that’s dealt with is emblematic of how general cybersecurity needs to be managed today,” she said.

In an era in which malware can reside on machines for up to 150 days without a user’s knowledge, Zelazny stressed that trying to prevent every single attack can no longer work.

“It’s not about building higher walls and higher fences,” said Zelazny, whose company uses behavioral biometrics for fraud prevention and detection, primarily in the banking sector.

Instead of favoring static security mechanisms, people’s mindsets need to shift toward embracing more resilient strategies that involve real-time detection and response, she explained.

"This #OpIsrael attack is interesting in the sense that it's a moment in time where they're trying to do something,” she added. “But in reality, usually these attacks don't happen this way. It's usually a more prolonged manner.”

In today’s typical cyber attacks, there is no immediate or direct correlation between the initial attack and the result, Zelazny explained. That being said, she warned that #OpIsrael should not be ignored, perhaps most importantly due to the message the attackers are trying to send.

"I think #OpIsrael is a demonstration of strength by the other side,” she said. “It's more of a show. I am not saying it shouldn't be taken seriously."

Yonah Jeremy Bob contributed to this report.

Israel braces for annual cyber attack by Anonymous-led hackers

Friday’s offensive is no serious threat, provides great learning opportunity, tech expert says.

Enough is enough, Hezbollah

Ramadan and Passover: Amid the violence, a sign of hope

The two-state obsession: It’s about constraining Israel - opinion

We’ve never faced a threat like this: We need to act now

Following Iran's attack, more US aid is needed for Israel