In the 1999 cult movie “Fight Club,” Brad Pitt’s group of urban terrorists plans to blow up the offices of leading credit rating companies. In the resulting chaos, Pitt’s character predicts, no one will owe anybody anything, because with the computers destroyed, no one will know who owes what to whom.
What Pitt’s character had in mind was a spectacular form of financial terrorism. But real-life online hackers don’t have to blow anything up; it’s enough for them to compromise records, even temporarily, in order to set off social unrest.
And in Israel’s case, delegates to a recent conference on financial security in the cyber-age were told, that could theoretically allow enemies to stage a major attack while the country is preoccupied with its financial mess.
Speaking at the conference, held at Airport City and sponsored by the Institute for National Security Studies, Science, Technology and Space Minister Ya’akov Peri said that most individuals were justifiably worried that hackers could steal their money or their identity.
But the threat to state security was even greater, he said. With modern societies so dependent on computers, a well-executed financial attack could cripple a country, creating chaos, riots, food shortages, and even civil war, as citizens try to get money from ATMs and banks that no longer work.
“Cyber-attacks can devastate organizations and even whole countries. It’s hard to overstate the serious consequences of an organized attack on the financial sector, which is based on mutual trust and accurate financial information, as well as on the availability of funds,” said Peri (Yesh Atid).
“As the potential for threats to the system have increased, along with society’s greater dependency on digital information, the danger has become a major strategic and operational challenge for individual banks and for the entire financial sector,” Peri said, adding that it doesn’t even take a coordinated and deliberate attack to ruin things. “Many hackers are not interested in the information stored on computers, but their activities can actually cause significant impairment to daily activities, because most processes are now controlled by computers.”
Peri, a former head of the Shin Bet security service, described some of the recent major attacks on the financial sector that have resulted in significant problems. Last September, for example, 15 of the 20 largest banks in the US were clobbered by hackers in a relentless DDOS (denial of service) attack – actually a very low-level hacking technique that attempts to bring a server down by overloading it with traffic. Security experts called it the largest cyber-attack in history, and in a number of banks, the hackers achieved their goals, knocking out service on sites temporarily.
However, what was most worrisome about that attack, said Peri, was that it wasn’t conducted by a collection of pimply-faced youths, but by a group calling itself “the Cyber Fighters of Iz a-Din al-Qassam,” which said it wanted to “bring down the American financial system” in revenge for the release of the trailer for “The Innocence of Muslims” movie, which the group said insulted Islam. Other terror groups are likely to try and undertake similar attacks to achieve their political goals, Peri said.
So how should Israel deal with the issue? Peri said that he had ordered his Ministry’s National Civilian Research and Development Office to make cyber-security “a top priority.” In addition, a special group will be set up that will work in conjunction with the National Cyber Authority to develop solutions to defend the financial sector.
Would that it were so simple. The business of defending corporate Israel is a major task, and the country has a long way to go before it can be considered “cyber-defended,” said Dr. Gabi Savyoni, head of the Cyber-Security section of the INSS and the master of ceremonies at the financial cyber-safety gathering. In an interview, Savyoni outlined the dangers to Israeli businesses. At risk, he said, were not just banks, but water companies, food manufacturers, drug companies, energy companies, and many other industries.
All it would take to shut down Israel’s gas distribution system, for example, was a well-aimed attack at computers that handle logistics deliveries from gas refineries to wholesalers, for example. An attack on computers at a company like Osem could paralyze the firm for days, with shortages of some of their products (from pasta to Bamba) ensuing. If hackers manage to get into the National Water Carrier, Israel could go dry very quickly.
And so on. “The civilian sector has not been defended adequately from organized cyber-attacks, unlike the security sector,” Savyoni said. “This includes factories and firms that produce for the security sector, as well as infrastructure organizations that are considered critical.” These, he said, are the “soft underbelly” of Israel, and are very attractive to hackers.
Surprisingly, he added, Israel has not yet evaluated the risks, and no organization has developed criteria to determine what businesses need to be defended sufficiently, and what exactly sufficient defense is. That is a job for the regulators, he said — and his group will do what it can to help the effort succeed.