As a group of hackers yet again released Israeli credit card information to the internet, some of Israel’s top cyber-security professionals were discussing ways to avert future cyber-attacks at the 12th annual Herzliya Conference. Among their conclusions: Israel needs to be proactive, not just reactive – and hit back at the hackers where it hurts.
Attacking hackers is one way to discourage them from attacking Israeli sites, said Professor Yitzchak Ben-Yisrael, who chaired a panel called “Cyber Warfare, from Theory to Practice.” Ben-Yisrael is Director of the Tel Aviv University’s seminar on Science, Technology, and Security, and chairman of a special government committee on cyber-security. “We need standards and rules in order to ensure that we remain protected,” Ben-Yisrael said. “It would be a mistake to concentrate solely on a defensive strategy without resorting to offensive action. Failing to attack would be like trying to battle suicide bombers with bus security guards, instead of striking at those who dispatched these terrorists.”
And terrorists they are, said Ben-Yisrael. “It’s important to understand that cyber-terrorism isn’t restricted to the internet. That’s too narrow a view. Cyber-terror is really just a method by which terrorists attempt to interfere with our daily lives, and our method of dealing with them must match their tactics” – by bringing the battle back to their court, Ben-Yisrael added.
It was a most appropriate sentiment for the central cyber-event of the day Thursday – yet another raid on Israeli servers, with hackers downloading and releasing the credit card information of 26,000 Israelis. The attack was coordinated by a group of Arab hackers called “Team Poison,” which has been active for years in anti-Israel hacking. The group directs “Opfreepalestein,” aimed at punishing Israel for what the group claims is Israel’s mistreatment of Palestinians.
In a recent message, “Anonymous,” as the hacker calls him/herself, justifies the recent attacks on Israeli hospital web sites. “I will be the first to admit/say… Yes.. I have attacked cancer research centers… Yes I have attacked centers that help disabled children in Israel….ButYou too attack Cancer Research, Disabled Services, Education… Basically, anything you stand for and I am leaking to the public, you are taking away from the people of Palestine,” the hacker wrote.
Two of Israel’s credit card companies – Leumi Card and Visa CAL – said in statements that initial investigations indicated that the information was mostly outdated, with accounts that had been closed.
Other speakers at the Herzliya Conference session, included RSA Israel chairperson Michal Braverman, both of whom discussed the ease with which hackers could steal information on wireless networks. Their recommendations: Stay off wifi networks that you are not certain are 100% safe (with secure passwords, etc.). Curt Aubley, CTO of Cyber Security Innovations and New Technologies at Lockheed-Martin, said that international cooperation could go a long way towards stopping cyber-terrorists, similar to the manner in which countries battle modern-day pirates.
Perhaps the most sober – and realistic, given recent events – presentation was given by Adi Sharabani, Security Architect and Strategist for IBM, who thrilled the crowd with a live demonstration of how easy it is to hack into computers – even ostensibly “secure” ones. The only real solution, he said, is backup – investing in systems that will store information in a safe place, replacing data that gets hacked. “There is no computer that cannot be ‘gotten to,’ he said. “Each organization must decide how much it stands to lose in the event of a hack, and how much it is willing to invest to protect against those losses.”