Hackers seek to instill ‘fear and trepidation,’ says expert
People attacking sites here aren’t looking for Israeli data – but for Israelis to panic, says one expert.
The hackers who in recent weeks have attacked Israeli websites are not after data, says Israeli security expert Eyal Wachsman – and they harbor no fantasies of being able to erase sensitive data on government or IDF computers. What they’re aiming for is actually the same thing terrorists aim for when they conduct an attack – a “long tail” of fear and trepidation among Israelis.
And in order to beat them, Israeli sites need to fight fire with fire – instilling a feeling of failure among the hackers, making them feel that all the hard work they did in attacking Israeli sites was a waste of time, he adds.
“It’s psychological warfare, in the purest sense of the term,” says Wachsman, whose firm, Avnet, helps clients shore up their cyber-defenses. Avnet is the kind of company teenage hackers grow up to work for; among the company’s many services is something called “penetration testing,” in which, says the company, is “the process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others.” In other words, Avnet will carry out a hack attack on your site – exposing weaknesses before the “real” hackers find them, and giving you an opportunity to repair the holes.
But some attacks don’t require major hacking skills – and those are the kinds of attacks the anti-Israel hacker crowd prefers, because they don’t require many technical skills. “The most common form of attack in recent days has been the Denial of Service (DDoS) attack, in which sites, overwhelmed by connection requests, just shut down. These attacks have become very common all around the world, including in the U.S., where researchers are working very hard to find solutions,” Wachsman told Times of Israel.
DDoS attacks are very hard to fend off, because they don’t require a hacker to infiltrate a site; it’s sufficient to get tens or hundreds of thousands of computers to surf to the targeted site at one specific time in order to “kill” a site (it should be noted that many of the computers used in these attacks are “drafted” by hackers to participate without their owners’ knowledge, thanks to viruses that allow hackers to take control of some of a “slave” computer’s communication capabilities). Systems that are unable to handle the volume of connection requests simply shut down – and if there is a hole in security as well, the hacker can enter the system and put up their own “alternative” page, proclaiming their victory.
But, says Wachsman there are ways to stave off such attacks – and some of the best are made in Israel. “We have some of the best and newest technologies here to fight off DDoS attacks,” he says. “For example, technology developed by Israeli company Foresight is ideal for avoiding the consequences of such attacks.” Foresight offers several products to protect sites from attacks, including one that allows administrators to keep track of every click made by a user, cutting off those who appear to be up to no good – along with an always-on cloud-based backup system that allows sites that are compromised to recover within minutes
And that is exactly what’s needed to battle the main aspect of these attacks – the attempts by hackers to attempt to instill a feeling that they are in control, that Israel’s computers are poised to fall to an Arab cyber-invasion at any moment. “Hackers also have an Achilles’s heel in these attacks,” says Wachsman. “It takes a lot of resources to run a DDoS attack, and if hackers see that their resources did not result in the desired payoff, they are more likely to give up.” The hackers great reward is to see a frantic media interviewing Israelis who are panicked that they are about to “lose” the internet – and denying them tis prize, says Wachsman, is the best way to beat them.
The one bright spot of the attacks? “The sites that have been compromised now know that they have a problem,” says Wachsman, “and now they have an opportunity to fix things, before somebody does some real damage to their sites.”