Phony messages highlight dangers of ‘real’ hackers

Forget defaced web sites — the real cyber-security danger lies in hacker attempts to take over infrastructure

A text message sent by Hamas to Israeli phone numbers.
A text message sent by Hamas to Israeli phone numbers.

Some of the millions of attempted hacker attacks against Israel during the current Gaza conflict are annoying. Some are frightening. But some can be downright dangerous — attempts by skilled hackers to break into systems that control infrastructure, like electricity stations, water desalination plants, and computers that control traffic lights.

One expert even equated those threats to nuclear weapons.

Israelis this week experienced an example of infrastructure hacking. Many received messages on their cellphones supposedly from Hamas and Shabak (Hebrew for Israeli security services), warning that, among other things, a chemical plant in Haifa had been destroyed, and that terrorists were roaming the streets of Tel Aviv, prepared to shoot up a bomb shelter.

Since the start of Israel’s Operation Protective Edge a week ago to try to stop rocket attacks by Palestinian terrorists, Israeli websites have sustained 10 times the usual number of attacks, according to Isaac Ben-Israel, head of the Tel Aviv University’s Yuval Neeman Workshop for Science, Technology, and Security. If on an average day Israeli government and institutional sites are hit 100,000 times by hackers, he said, then “over the past few days, attacks have grown by 900%, with sites being attacked a million times a day.”

But those aren’t the attacks Israel has to worry about, said Ben-Israel. Even as Hamas has been trying to aim its rockets at strategic targets in Ashdod, Dimona, and Hadera — specifically, say security experts, the port of Ashdod, the Dimona nuclear reactor, and the main generating plant of the Israel Electric Company in Hadera — professional hackers have been trying to infiltrate the systems that control Israel’s infrastructure, hoping to disrupt the flow of water, electricity, transportation, and other critical systems.

“Infrastructure is where the main efforts of hackers are being directed,” said Ben-Israel. For example, “the train system in Israel is controlled by computers, and if hackers were to install a virus in those computers, they could cause a fatal collision between two trains traveling in opposite directions on the same track.”

There are amateur hackers — the “script kiddies” who use pre-written programs to try to find security holes in computer systems, but really don’t have hacking skills — and then there are the real hackers, said Dr. Tal Pavel, an expert on Internet usage and crimes in the Middle East. “If nuclear weapons were the ‘judgment day’ weapon of the 20th century, computer infrastructure hacking is the 21st century equivalent,” Pavel told The Times of Israel. “In some ways, the threat of hacking major infrastructure systems is even worse than the nuclear threat. Only governments can afford to purchase and deploy nuclear weapons, so you know who is attacking you and how to deal with them. But anyone can develop or buy their own super-virus, potentially capable of a cyber-attack that could shut down a country for days, create panics or riots, or release dangerous substances, such as gas and sewage, that can kill people in the victim country.”

That nearly happened in 2012, said Ben-Israel, when the Syrian Electric Army broke into the irrigation system of a kibbutz in northern Israel and shut it down. The group was able to get through to the irrigation system by taking advantage of a security hole in an older version of Windows that had not been updated. That was as far as the hackers got. “We got reports at the time that the entire water delivery system in the Haifa area had been shut down, but that turned out to be false,” Ben-Israel said. Nevertheless, the danger exists.

While infrastructure systems are generally well-protected — the Israel Electric Company, Mekorot Water Company, and Israel Railways all say that they employ the most up-to-date and comprehensive cyber-security technology — even well-guarded systems are not invulnerable to hackers. Over the past several days many Israelis have received text (SMS) messages from a variety of groups, including “Haaretz” newspaper, “Shabak,” and the “Al-Qassam Brigades” of Hamas.

A message purportedly from the Hamas group Monday said (in Hebrew), “The stupidity of your leaders has forced Israelis into shelters. We will not stop firing rockets until our legitimate demands are met.” On Sunday, a message from “Shabak” (in English) said “Suicide bomber sneaked into Tell Aviv and center targeting shelters. Beware of strangers in shelters.” Other messages reported attacks in Haifa and other areas with scores of Israelis dead.

All the messages were phonies, designed to further rattle the nerves of Israelis on edge after a week of relentless rocket attacks. While the real identity of the senders of these messages is not known, it’s clear they were able to hack into the Israeli cellphone network — with the messages sent not via SMS, which requires a database of phone numbers to send out mass messages, but with cell broadcast technology, in which all phones connected to a cellphone network automatically pick up the message. Hacking into these networks is not a difficult task, security experts say, and there are numerous web sites that provide specific instructions on how to acquire frequency information needed to broadcast on a cell provider’s network.

Fortunately for Israel, said Pavel, the countries most likely to attack in a major cyber-war are unlikely to be able to take on Israel’s electrical, gas, and water infrastructure. “Iran, Syria, and the other likely cyber-attackers are not China, which has billions of people and high levels of computer sophistication. Nevertheless, it’s certainly possible for Iran to get top-flight training for its hackers, raising their skills to the point where they can successfully attack Israel’s considerable cyber defenses.”

While the hackers get more sophisticated all the time, said Pavel, cyber-attacks against infrastructure are nothing new. “Just because we haven’t heard about something doesn’t mean it’s not happening,” he said. “Such attacks take place on a regular basis, but unless you are privy to the real-time events, you can’t know if an infrastructure failure is due to a hack attack or some other reason.”

Vigilance, he emphasized, is the only weapon available to those seeking to defend themselves.

Most Popular
read more: