Cyber Vandalism, Not Warfare!

Israeli cyberspace forced to deal with violent teenagers who’ve swapped spray cans with keyboards. The biggest threat they pose is that we confuse them with real cyber vigilantes

02821495884150044245.png

Israeli cyberspace had a rough day on Wednesday. It started with anonymous hackers targeting the websites of two hospitals – Tel Hashomer and Assuta. The hackers used the simplest tool at their disposal, flooding the websites with hundreds of thousands of queries, effectively exhausting their systems into crashing.

The hospitals were quick to reassure the public that the systems were unharmed and that no patient information was compromised, but that did not spell the end of Israeli cyberspace’s troubles.

By noon, the Israel Festival website had fallen pray to a cyber attack. The Dan Transportation website was downed by a different group of hackers in the afternoon and the early evening hours saw Haaretz newspaper’s website officially announce that it was down and out. By 7 pm, however, all was right again, with the exception of the Israel Festival website.

Cyber-wise, the day was mostly annoying and disconcertingly dangerous. The heads of information security at all of these website will certainly have to answer some tough questions and although no harm came to the systems themselves, it is hard to estimate the scope of the financial damage cause by the hack, although it is probably not too great.

Not coordinated warfare

Still, the last 24 hours join a string of stressful cyber days, which included the breach of websites like El-Al, credit card companies and the Tel Aviv Stock Exchange by “pro-Palestinian” hackers, which prompted a somewhat hysterical recommendation by the Bank of Israel to restrict access to overseas users.

All these well-publicized incidents are compounded by one under-publicized fact: Dozens of Israeli websites are attacked on a regular basis. At least two-three websites are downed every day and government websites – which are considered a prize target and as such enjoy the protection of particularly heavy cyber-“guns” – are subjected to hundreds, sometimes thousands, of attacks a day.

In light of the religious and nationalistic themes the hackers assert for themselves, describing these cyber attacks in terms of an apocalyptic battle between the forces of light and pro-Palestinian forces is easy. So is looking at Tuesday’s five attacks as a coordinated assault aimed at no less than annihilating Israel’s cyberspace.

But it wasn’t. This was not a professional military or criminal attack – despite the fact that there are elements out there that are perfectly capable of doing so. This was not a significant blow to Israeli websites either – despite the fact that the ability to mount such a strike exists. The hackers are not part of bodies which sport impressive means, measures, infrastructure, sophistication and motivation, or strategic capabilities. They are youngsters with basic capabilities and a lot of free time on their hands. That is their strength and there lies the threat they pose.

Lurking in the shadows

In the hacking sphere, whose one half bathes in the light of information security, while the other half is clouded by worldwide criminal activity, the kind of people Israel is dealing with are called “script kiddies” or “skids” – a snub meant to indicate that they are anything but expert hackers, rather they are inexperienced kids who utilize other people’s hacking tools to inflict some damage before moving on.

So just how bad is this damage? For organizations like the TASE and El-Al, which harbor valuable information on their operational system, the damage can result in millions in losses. This was not the case this time.

To illustrate, in 2011, HBGary Federal CEO Aaron Barr announced that he had exposed the identity of the leaders of the “Anonymous” hacking group, which is mostly famous for having no actual leadership to speak of.

“Anonymous” retaliated immediately: They hacked HBGary’s systems, stole their files and crashed the website. They then hacked into Barr’s Twitter and LinkedIn accounts and for good measure, they hacked his company’s email system and stole tens of thousands of emails containing personal, professional and classified correspondence, which they promptly leaked online. The damage amounted to millions of dollars. It was a crushing blow to the security company and that is what an ambitious criminal cyber assault looks like. But that is not what we are facing.

Know the hacker

So what are we dealing with? To discern that, we have to look at the nature of the targets and the damage inflicted.

The media still lends importance to the nature of the target as a whole, rather than to the focus of the attack. In the attack on the TASE for example, the target was not the stock exchange’s database – which hold information potentially worth billions of dollars, nor was it its infrastructure. The target was the TASE website, which provides investor information – the same information available on dozens of other websites.

The attack on Tel Hasomer Medical Center did not target the hospital’s strategic systems or database, but again – its website, which provides information on departments, doctors and office hours. El-Al’s website is not the air carrier’s database, the Israel Festival website is essentially an online program, etc.

In other words, those pro-Palestinian hackers did not break into the bank and rob it. They merely defaced the logo, hanging outside the door. The damage? Minimal.

The only exception here is Haaretz, whose website is a major part of its business. But here too, no actual database was damaged and it was back online in less than an hour.

So, what does the future hold? The prophecy was given to fools and novice information security specialists, but some things are easy to predict: The script kiddies are likely to keep targeting Israeli websites, we will eventually get used to the sporadic damage they cause, the media will lose interest and the hacks will eventually subside.

But the hacking itself has done a great service to Israeli cyberspace – they have, and will, force every organization to ensure that its information security experts are just that – experts. They may also compel the government to adopt stricter information security guidelines, so when Israel finds itself under a real cyber attack, a professionally honed, potentially lethal attack, we will be ready for it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s