How Israel Police computers were hacked: The inside story

A virus that shut down all police computers last week may be a harbinger of much worse to come, say experts

A policeman uses a computer to identify fingerprints in a laboratory at the police headquarters (Yossi Zamir/Flash90)
A policeman uses a computer to identify fingerprints in a laboratory at the police headquarters (Yossi Zamir/Flash90)

The cyberwar is already here, and Israel apparently lost the first round. After a suspicious file was found to have been circulating on police computers, the department decided to take all its computers offline last Thursday – and as of Sunday, full Internet connectivity had not yet been restored.

What’s worse, said Roni Bachar, head of Israeli security firm Avnet, is that police servers and computers may have been compromised for as much as a week. “It was only late Wednesday night that police realized what happened and ordered that computers be taken offline. Apparently the virus was also distributed to other government departments.”

It’s not clear when connectivity will be fully restored for police. According to Israel Police spokesperson Mickey Rosenfeld, “the department is taking cautious measures in transferring information between computers and servers in order to prevent any possible problems. Systems are being checked and databases are being evaluated,” in order to ensure that they are fully secure. As of now, there is “limited connectivity,” although a source in the Israel Police said that as far as she knows, Internet access is still banned throughout the department.

What was the purpose of the virus? Obviously not to shut down police operations, said Bachar; a week is a long time in the cyber world, and if the file — which has indeed been found to be carrying a virus — were meant to blow computer operations out of the water, that probably would have occurred by now. The purpose of the virus, Bachar said, was more likely to have been data collection. “The attack was not sophisticated or complicated in any way,” he said, and neither was the virus. “But it was very similar to other data-mining attacks that we at Avnet have dealt with in recent years.”

The pattern of the attack and the type of virus used were very similar to other cases of attacks which were found to have been sponsored by governments, Bachar said, and that was probably the case here. “At this point, I think we can be fairly certain that it was sponsored by a nation-state, most likely Iran.”

There were clear signs that the email and file in question were suspicious, raising concerns about the level of security in the department. The virus arrived as an email message with an attached .RAR archive; unknown attachments are a common method used by hackers to distribute their “wares,” and most computer users know to avoid such files. In addition, the message was sent from Gantz, of course, is the IDF chief of General Staff, and it’s unlikely he would be using a service like Gmail to communicate with Israeli officials.

Nevertheless, numerous people apparently clicked on the file, releasing the virus into the police department’s computer system, said Bachar. “Closing off the department’s computers to the Internet is a complicated matter, and police would have done so only if they felt that there as an acute need to go offline.” Among the measures police have reportedly taken to prevent future attacks is to ban any outside media — USB drives, CDs, etc.– from connecting with systems.

The incident represents a clear intensification of the cyberwar — and Israel is not as prepared as it should be, said Erel Margalit, the founder and managing partner of the Jerusalem Venture Partners investment firm, who has worked with dozens of firms with innovative security technology. In a letter last week to Prime Minister Benjamin Netanyahu, Margalit wrote that “the fear we have had of a cyber attack against strategic Israeli interests has come to pass,” and that “this attack is the latest in a series of cyber attacks on Israel in recent years. This is not the work of a single hacker, but of a high-level technology staff in a foreign country. This may be a virtual war, but it is dangerous and destructive.”

When at war, one must fight fire with fire, said Margalit. “I call on you, Mr. Prime Minister, to set a national goal of preparing Israel for future cyber-battles.” Margalit said that he had addressed this subject with Netanyahu before, and that since then the prime minister had announced the establishment of the National Cyber Defense Council, but much more was needed. Instead of the $13 million that had been allocated to the effort, Israel needs to be spending more — a lot more.

“The state must allocate a billion shekels a year in order to turn Israel into a world center of excellence and expertise in cyber-defense for national governments,” said Margalit. “Only the best efforts of the geniuses and entrepreneurs here in Israel and around the world will be able to organize a proper defense strategy.

“I am sure that many Israeli high-tech companies will be happy to take part in this complicated challenge,” Margalit added. “Let us in the high-tech community be part of this effort. Together we can prepare properly for the next sphere of world war, and ensure that when it does reach Israel, we will be protected and safe.”

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed