For over a month now, Israel has been under cyberattack. It began with words and threats, which carry a hefty significance in and of themselves, due to their psychological impact, and because they prompt Internet activity from all levels to try to prevent the damage from such an anticipated attack.
The mass cyberattack is scheduled for this Sunday, the eve of Holocaust Remembrance Day here in Israel and a day of rest in many other countries. The day will give hackers plenty of free time to get comfortable in front of their computers and launch their computerized robots to try again and again to crash Israel's largest and most popular websites. The main objective is to disable access to these sites and to corrupt them, replacing them with images and slogans deriding Israel and the occupation.
According to Shai Blitzblau, the CEO of Maglan, Israel's premier cyber defense services provider, 13 hacker groups have already announced that they plan to take part in the projected attack, alongside hundreds of independent hackers who don't belong to any group.
The hackers have developed a software tool to prevent user access that involves a computerized robot and a list of close to 100 targets. The list includes all the government-operated websites. Members of the hackers' Twitter account can access the tool and download it. The robot includes an access code with which hackers can enter the government sites through a back door.
The attackers are touting the upcoming attack as the biggest cyberattack ever to be launched against Israeli websites. Their stated objective is to shut down the targeted sites, corrupt them and infect them with malware that will impact users at the central sites. An attack on these sites is liable to affect most Israelis, blocking our access to information and essential transactions like payments, tenders, and the like.
Over the last few weeks, hackers have publicly posted many Israeli email addresses and passwords, data that can be maliciously used to take advantage of weak points in information security.
A government service is in place to ensure the accessibility and strength of all government websites, but private and business sector sites do not enjoy such protection.
The planned attack will likely focus mainly on the large sites, but there will undoubtedly be plenty of hackers looking for the easy targets, who will crash the small, privately operated sites that don't have the proper defense mechanisms.
According to Uri Rivner, the head of the cyber strategy department at BioCatch, the hacker groups will employ two key methods. Beyond denying decentralized access to everyday users, the hackers will also try to hack into certain websites, using passwords stolen from content managers or infrastructure providers, and gain full control over the content displayed on those sites. In this way, they can infect unsuspecting users with advanced Trojan horses capable of intercepting credit card information, bank information and other sensitive data.
Rivner explains that the impact of the attack can be mitigated to a certain degree by blocking access from outside Israel. But such a move will not prevent the attack; it will only force hackers to enact mechanisms to bypass the block, like hijacking Israeli servers or computers or design robots that appear as though they are operating within Israel. So blocking external access does not provide a real solution.
Similar cyberattacks perpetrated by an underground group of Russian hackers in Estonia in 2007 and in Georgia in 2008 caused severe disruptions and crashed many websites, to the point where the entire Internet in those countries was down for several days.
In 2010, in an unprecedented organized effort, members of the infamous hacker group Anonymous crippled websites operated by banks and credit card companies like Visa and MasterCard as part of an ongoing battle against measures enacted to prevent the public from donating money to WikiLeaks, which exposes inside information on governments and large organizations, and in the name of freedom of expression online.
It should be noted that most cyberattackers are never caught, and it is very difficult to identify them if they take the necessary precautions to protect their identities.
These days, the hackers from Anonymous tend to choose targets that are either the subject of widespread scorn or that are themselves controversial. In 2012, Anonymous declared that it would attack the Chinese government in protest against the country's strict censorship laws. Other Anonymous activity included participation in the Occupy Wall Street movement, calls to eradicate the ongoing inequality in South Africa, a battle against the Iranian regime when it suppressed student protests, hacking into private intelligence companies that gather information for the U.S. government, and exposing the personal data of heads of giant corporations like Coca Cola and international banks. The perceived oppression of Palestinians can certainly serve as justification for the group to attack Israeli targets.
Since the attack is politically motivated, the national cyber bureau in the Prime Minister's Office and the various government technology units should in all fairness provide protection to all Israeli websites. In any case, the name of the game is cooperation among the various information security bodies, brainstorming and cross referencing the available information in efforts to block the expected attack. Cooperation is vital to the national cyber bureau, the civilian and military cyber units and the private companies dealing in internet security.
According to Defense Ministry Director-General Maj. Gen. (res.) Udi Shani, "The possible solutions to the cyber problem require us to cultivate the security industry and to give a little push to the smaller companies, with an emphasis on the start-up industry."
"We have to incorporate academia, and make use of academic research to devise solutions to these problems," Shani says. "Another important point is that we need close supervision on exports. The insights discovered by the alums of our technology programs cannot be allowed to expand without supervision, because it is a limitless range."
The cooperation on the topic of cyberwarfare has already expanded beyond Israel's borders. If enacted, a new European initiative will include search engines, energy suppliers and banks in the list of companies required to report all cyberattacks. According to sources in the European Union, the plan is to add some 40,000 companies to the list, including Google, Facebook and Twitter alongside less known companies from the transportation and health fields.
According to Neelie Kroes, a vice president of the European Commission, "External access to information could lead to significant financial losses and even to bankruptcy. We have to get organized."
Eyal Dali, the regional sales director of HP security products, says the problem of cyber threats and penetrations into databases is well known in Israel. The European plan is one possible step in that area. It will lead to a situation where Israeli companies and organizations that work with Europe will have to report all suspicious cyber activity, as part of the European outline, which will require them to equip themselves with tools to manage cyber threats."
Until there is actual national and global cooperation, which will bring hacker activity to an end, the Israeli market is working with Israeli security companies, which share information with each other on intelligence and prevention.
The CEO of web defense company Foresight, which protects most of the large websites in Israel, says that the company has set up a situation room specifically in preparation for the April 7 attack, which is monitoring all the websites under its service around the clock. The thinking is not limited to the here and now.
Maglan, which deals with developing operational tactics to combat cyber threats, has allotted 5 million shekels ($1.4 million) to practical research in the areas of cyber warfare and network intelligence, which could help in developing new operational tools and technological platforms to prevent cyberattacks.
The head of the cyber warfare program at the Institute for National Security Studies, Dr. Gabi Siboni thinks that the attack raises concerns of potential harm to operational systems in the industrial and business sectors.
"The civilian sector is not protected, but the cybernetic bureau has identified the problem in the civilian sphere and begun a process there. The defense there is far stricter and more complex. The bureau is looking into the information transfer mechanisms and issuing relevant guidelines for the civilian sector on how to protect itself. Undertaking such an endeavor is complicated, and involves regulation and legislation."
Wanted: A cyber investigator
Dr. Dorit Dor, vice president of products at Checkpoint Software Technologies, says that it is important for websites to admit that they are under attack, rather than concealing information.
"Even the big companies are learning that they are under attack these days," she said.
"Our national strength begins with protecting the entire industry and the state better. We are experts at defending ourselves physically, now we have to do a better job defending our information.
"There is a very thin line separating a financial attack and a political or nationalistic attack. These attacks make use of the most cutting edge technology, and they are usually characterized by real-time data analysis."
Last month at the Herzliya Conference, the Defense Ministry's Udi Shani said, "The biggest challenge facing us today is the web, not cyber threats. The web is a network that contains infinite space, enabling infinite types of attacks, as opposed to cyber threats, which represent only one component of the system. The web is comprised of storage, sustainable products like laptops, GPS devices and more. In defense circles, there is an inherent debate on why almost all systems are based on sustainable products."
"The answer is money," Shani declared. "If we want to build our own Israeli-made storage systems, and there are a few places where we do, we will find ourselves in an entirely different budgetary situation, beyond the issues of time and personnel problems."
At that same conference, the head of the National Cyber Bureau, Dr. Eviatar Matania, said, "The problem is not just security. There is an opportunity here for economic growth in Israel, and there is also a diplomatic angle — we must build infrastructure within academia and the industrial sector, build up human capital and cooperate with the defense establishment."
In order to do so, Matania suggests using national resources "like simulation infrastructure that would be available for the academia, the industry and the defense establishment to use."
"Academia plays a significant role in cyber research. The industry is the heart of the endeavor as the body that will bring financial opportunities by developing cyber defense products. The State of Israel cannot establish an advanced cyber defense mechanism if it takes illogical steps involving export oversight," Matania says.
"We must be very careful to overcome the problem of sensitive information leaks. We have to establish a defense perception for the State of Israel that will be flexible enough to last more than a year or two. We are currently in the final stretch of building national defenses in the area of cyber warfare. The threat is global and if we are wise enough to work in tandem with other countries, by enacting cooperation contracts, we will succeed in promoting Israeli industry in the fields of science and technology and attract investments to Israel."