On eve of attack, Israel preparing for the cyber-worst

Top cybersecurity experts lay out how businesses, government — and ordinary Israelis — can protect themselves from ‘the largest Internet battle in the history of mankind’

Dr. Yitzchak Ben-Yisrael of the National Cyber Directorate at a recent conference (photo credit: Courtesy Yuval Ne'eman Workshop for Science, Technology, and Security of Tel Aviv University)
Dr. Yitzchak Ben-Yisrael of the National Cyber Directorate at a recent conference (photo credit: Courtesy Yuval Ne'eman Workshop for Science, Technology, and Security of Tel Aviv University)

Under the threat of what hackers swore would be “the largest Internet battle in the history of mankind,” Israel has been preparing for the past week for what many expect to be a massive attempt to swamp Israel’s Internet — bringing websites to a crawl, or even bringing them down.

The attack is set for Sunday, April 7 — coincidentally, or perhaps not, the eve of Holocaust Memorial Day in Israel. Computer system administrators and security experts have been shoring up network defenses, changing passwords, and ensuring that they have the Internet bandwidth to withstand an attack.

In their latest screed, the hackers behind the newest incarnation of #OpIsrael, the ongoing attempt to “wipe Israel off the map of the Internet,” appealed for unity in the hacker community, which needed to come together to attack Israel. “We can’t be consumed by our petty differences any more,” said the message, posted on hacker-friendly websites. “We will be united in our common interest. We will once again be fighting for freedom.” In a theatrical flourish (using a quote from the 1996 film “Independence Day,” which portrayed mankind fighting off a Martian invasion), the hackers state: “’We will not go quietly into the night! We will not vanish without a fight! We’re going to live on, we’re going to survive.”

While the attacks are aimed at government, bank, academic, and business websites (the hackers have published extensive lists of their targets), ordinary Israelis should take precautions as well — just in case, said the Israel Internet Association (ISOC), which is taking the threat so seriously that it will be operating a hotline (03-9700911) for people to report attacks, and will update its website throughout the day with status reports about what is going on in cyberspace.

The most important thing Israelis can do, said Nir Kapelushnik, ISOC’s CEO, is to shore up passwords — get rid of simple ones (like “abc123”) and choose complicated ones (at least 8 random letters/digits, mix capitals and small letters, no names or obvious terms, etc.); renew/update anti-virus software; upgrade and update to the latest versions of browsers; and stay away from suspicious links, attachments, documents, etc. “The upcoming hacking attack is liable to disrupt our day-to-day activities,” Kapelushnik said. “We do a lot on the Internet today, including sending and receiving mail, shopping, searching for information, and interacting with social networks. The measures we are recommending will hopefully keep the damage to individual Israelis to a minimum.” Those measures, he reminds us, will protect users from hackers, crackers, and cyber-thieves, even on “ordinary” days.

In truth, however, the real cyber-battle will be fought not on the computers of home — or even office — users, but on the servers that hold the websites of large companies, government agencies, financial institutions, and infrastructure, said Lior Tabansky, a fellow at the Yuval Ne’eman Workshop for Science, Technology, and Security of Tel Aviv University. The Workshop is headed by Prof. Yitzchak Ben-Yisrael, who also heads the National Cyber Directorate, which advises the government on matters of cyber-security and policy.

As such, the folks at the Workshop have a great deal of influence on how the government implements its cyber-security policy, albeit not in an official capacity. “We are advisers… and they usually take our advice,” Tabansky explained.

Tabansky believes that the upcoming attacks, although serious, are another case of “business as usual” for the hackers, who try daily to hack into Israeli computer systems — but almost always fail. “The really important sites are protected from the public Internet, and the chances that the hackers can penetrate them are next to nothing,” he told The Times of Israel. “Over the past weeks, site administrators in government and the private sector have been shoring up their defenses, making it much harder to guess passwords and invade sites. So it’s unlikely we’ll see that type of activity,” he said.

What the hackers will do, surmises Tabansky, is launch a massive denial of service (DDOS) attack, in the hope of grinding down servers to a slow crawl, and then halt them entirely. “Unless they have names and passwords, that is really their only attack strategy,” continued Tabansky. “Unfortunately, there is little a company can do to stop it, but it is not the major cyber-threat many people, especially in the media, believe it to be. It’s more of an annoyance, and if they do manage to intimidate sites into submission, the victory will be one of public relations.”

In fact, said Karen Elazari, another fellow at the Workshop, the best defense for many sites might be undertaken on their behalf — by the hosting company that keeps their site online. “According to information we have gathered over the past month, the large majority of the hackers planning to attack Israeli sites are located in North Africa,” Elazari explained to The Times of Israel. “In order to prevent DDOS attacks from these people, a hosting company could configure a site to reject all requests from IP addresses in specific countries like Tunisia and Morocco, or just close off Africa to the site for a week. Many of the sites targeted would probably not be affected too much by that kind of a cutoff, and it would probably go a long way to preventing a DDOS-based crash.”

But there is more bark than bite in hacker threats, continued Elazari; the propaganda the hackers are spreading about “April 7 #OpIsrael Day” as a global phenomenon is just false. “They claim to be associated with the international hacker group Anonymous, but it is clear to us that the hackers organizing this are run-of-the-mill, anti-Israel hackers from Arab countries, who run attacks like these almost daily. The operation has a self-proclaimed leader who, we believe, is located in Mauritania. ‘Leaders’ are a very un-Anonymous phenomenon, but they are very closely associated with Arab hacking efforts, going all the way back to the Second Intifada.

“We in the security industry have known about this for a month, and we have been spreading the word to network administrators and security personnel around the country on what to expect,” said Elazari. “So I imagine we are well prepared to handle these attacks. It’s likely, though, that users will feel a slowdown in Internet speed, because ISPs may have a hard time handling all the traffic that comes through their servers.” Unless, as she suggests, they cut off domains or IP address segments from where the attacks seem to be coming.

“Many of the organizations I have spoken with are looking at “attack day” as a challenge — a way to test their defense strategies in real time, and figure out how to better shore up their systems,” Elazari added. “The tactics the hackers are using are not new, and the strategy — to claim victories by overloading sites — is not new either. What’s different this time is the alleged scope and size of the attack, and the concern over it in the media. We’ll find out whether that concern was justified only sometime next week, when #OpIsrael hackers either manage to take down important Israeli sites, or the whole thing just fizzles.”

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed