At the end of April, Fox News reported that Iran had used servers in the United States to launch an attack on crucial Israeli water facilities. According to the Ynet, the head of the Israeli Water Authority’s security department, Daniel Lacker, said “We have received a number of reports regarding a cyberattack on the... systems. No damage was reported during the incident.”
Fast forward: On May 9, The Washington Post reported (apparently based on leaks from Israel) that “shipping traffic at Iran’s bustling Shahid Rajaee Port terminal came to an abrupt and inexplicable halt. Computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility.”
It is widely believed that Israel was responsible, signaling to Iran that a cyber attack on civilian infrastructure would be met with fierce retaliation.
Recently, my son Yochai interviewed the CEO of Check Point Technologies, Gil Shwed, for an Independence Day Israel Story webcast. Israel Story is a podcast featuring unusual stories about Israelis, co-founded by Yochai and Mishy Harman. Shwed has been CEO for 27 years, since Check Point’s launch, almost unprecedented in the dynamic world of hi-tech.
Check Point Technologies provides cyber security for all digital platforms, including its original product, “firewalls” – innovative hardware and software products for information technology security, to protect networks, mobiles, cloud and data. Founded in 1993, it is a market leader and plays a key role in defending against hackers, both individuals and nations.
Check Point has a market value of some $15.5 billion, annual revenues of $2 billion and 5,400 employees worldwide. It is a rare example of an Israeli start-up that avoided acquisition and instead grew independently and has itself acquired a dozen other companies.
Check Point’s original patent was filed by Shwed in 1993 for a technology known as “stateful inspection,” a firewall technology that monitors the state of active connections and decides which network packets to allow through the firewall.
These are excerpts from Yochai’s interview, featuring Shwed’s views on a wide variety of subjects:
On hacking: “Right now hackers are finding new methods for malicious hacks. They have “phishing” sites [attempts to obtain sensitive information by disguising as a trustworthy site]. As our customers move work to workers’ homes, they need remote VPN’s [virtual private networks] – like a shipping company that moved from 8,000 virtual employees a day to 80,000. We enabled doctors quarantined at home to monitor patients remotely at a hospital, in a secure manner.”
On running Check Point from home: “I never wanted our intellectual property to leave the office, so I actually insisted in the past that we all work from the office. Now, we have about 3,000 employees who have to transition to a completely new work environment from home… Myself, I’ve never worked from home, I always like to go to the office… Now I’ve worked from home for five or six weeks.”
On being CEO for 27 years: “I began Check Point when I was 24. I was a software developer. I’ve learned almost everything, how to create the product, how to make it, how to work with customers, how to recruit, how financial markets work. Technology changes all the time, you cannot say, we’ve been great, market leaders, for 25 years – you have to reinvent yourself. I was a very hands-on person, but in the last five years I’ve moved to much more strategic management. A lot of it is, how to delegate and trust the people around you.”
On Check Point’s launch: “The idea for security technology, I got from my army days [in the legendary 8200 IDF unit]. I called my two future partners, told them, you remember my idea from two-three years ago? Here is an exciting market. Everybody is going to communicate. That’s where we start. It turns out we were right. The Internet became at least a thousand times bigger than we imagined in 1993. Without it, it would be a disaster – we would be locked in our houses, not knowing what’s going on.”
On his childhood: “I started to program when I was 10 years old, when I got my first computer. At the age of 12 I got my first job, and since age 14 I was a regular employee.”
On his educational philanthropy: “So, a subsidiary of Tel Aviv University takes kids from the age of around 13 and brings them to academic status – a midget vision of former President Shimon Peres. His vision was clear – he said we are at the top of our brain capabilities at the age of 13, 14, maybe 15, so why wait until someone starts their academic life at 23, 24, after the army, and starts to contribute to society when they are 30? So we started the program, originally called “Scientists of the Future.” I think it is creating a generation of people that can push society to its next boundaries, and not just in science, but social activists, professors, doctors, anything. And now after eight or 10 years we can see the first generation actually getting to that level.”
Following Shwed’s interview with Israel Story, I directed several follow-up questions to Check Point’s spokesperson, Gill Messing.
At the end of April, Iran used servers in the US to launch an attack on crucial Israeli water facilities. Without revealing classified information, can you tell our readers how Check Point is helping IDF cyber units to defend our country against hackers in Iran and elsewhere?
By definition, Check Point is a cyber security company and as such it secures all of its clients from cyber attacks. We have done so for more than 25 years and our client base includes around 100,000 customers of all sizes and types – governments, enterprises, medium and small business etc. we take pride of the fact that with our vast experience we are able to secure our customers from the fifth generation of cyber attacks, while most of the world still protects itself from the second and third generations of attacks.
In today’s world of cyber offense, attack tools which were used by governments are now used by hackers who can find them online or on the dark web. Today’s attacks are multi-vectored. A malware installed on your laptop can infect your mobile device and from this can reach your data stored in the cloud, for example. What we do is offer a consolidated, total protection architecture named Infinity, which provides the necessary level of security to all platforms at once. It is based on what we believe is most important – prevention, and not just detection. In the cyber world, when you detect an attack it’s already too late. We prevent these attacks from getting into the systems we protect.
During the pandemic, with many of us working at home, where cyber security is significantly less tight than at places of work, hackers have taken advantage to step up their attacks. Can you tell us whether Check Point has experienced this rise in hacking, and if so how Check Point has responded? Is there anything that can be done?
The pandemic surely created an unprecedented work culture and the needs for cyber security were never as crucial as now since everyone around the world moved to work from home. Working remotely means that there are numerous devices which needed to connect to a main network from a far, thus creating a potential new “infection chain,” a new attack surface for hackers. When everybody’s using their own private computers or mobiles to work – if they are not protected, you’re basically opening the door to your main network. This created a new challenge and I’m very proud of the fact that we enabled such a secured new culture of work around the world.
There are doctors who can now get access to their labs from home, food providers who can control their manufacturing from a far – thus keep on their daily operations, universities which continue their research and many more. At the same time, a new topic of interest generated new types of exploitation attempts. The growing interest around the coronavirus was used by hackers to trick people into making mistakes throughout this time and to this day. We are talking about more than 192,000 coronavirus-related attacks every week (mostly phishing attempts) and their topics correlate with the news – vaccines, masks and sanitary equipment, stimulus plans and lifts of restrictions. Our researchers publish (on our blogs) detailed reports on such attacks all over the world, and apart from securing our customers from all of these, we also generated some important tips for people how to avoid such attacks and be careful.
A saying goes, “Never underestimate the determination of a kid who is time-rich and cash-poor.” There are plenty of such hackers worldwide. Add to that nations’ military hackers – and you have a major threat to the orderly lives of innocent people. We are fortunate that in the technology of defending against hackers, Israel has long led the world. Let’s hope we can stay there. n
The writer heads the Zvi Griliches Research Data Center at S. Neaman Institute, Technion and blogs at www.timnovate.wordpress.com