The news last week that authorities were charging Russian and Ukrainian hackers for their roles in what is being termed the biggest financial data breach in history couldn’t have come at a better time for good guy hackers, who use their computer skills to plugs leaks in security systems that the bad guys use to steal information and money.
Those good hackers will be meeting this week in Las Vegas for the annual Black Hat USA computer security conference, with security professionals from all over the world — including dozens from Israel — sharing their ideas and tactics to keep data larcenists at bay.
Black Hat was started in 1997. Black Hat events are now held in several places around the world at different times of the year, but the American edition remains the largest; last year, over 4,000 security professionals attended, and even more are expected this year. The event is usually split into two components, Briefing and Training, which respectively provide information on the latest hacker tactics and practical ways to combat them.
In the past, the term “black hat” hacker had negative connotations with hackers bearing that title generally considered to be up to no good, as opposed to “white hat” hackers who hack for the public good. Today, black hat hackers are not necessarily hacking for evil reasons; although they may be using the same tactics that bad hackers use, they use them for the cause of cyber-defense. Suffice it to say that the Black Hat event in Las Vegas is being sponsored by the likes of IBM, Microsoft, the RSA security firm, and other mega-tech companies, who are presumably interested in stopping hack attacks instead of encouraging them.
At least a dozen Israeli companies are either presenting solutions or briefings at Black Hat, with representatives from top Israeli security and IT companies like Seculert, Cyber Ark, Radware, Versafe, and others. Altogether, a Black Hat organizer told The Times of Israel, “this year we will have more than 180 researchers and 20 tool developers providing more content than any year in the past. Put differently, we have utilized every square inch the fire marshall allows at Caesars Palace (the Las Vegas hotel where the event is to take place) to provide opportunities to engage with Black Hat’s best and brightest.”
Just in time, too. That the enterprise world needs security help, and fast, was again brought to the fore by last week’s hacker indictment. For three years, four Russians and one Ukrainian were able to invade cyber systems of some of the biggest companies in the US, if not the world, including for example the NASDAQ stock exchange, Discover Financial Services (issuers of the Discover Card), Dow Jones and JC Penney along with numerous credit card processing companies.
The 37-page indictment lays out in stunning detail all aspects of the conspiracy to steal credit card information, secure log-ins, and sensitive data using malware and social engineering (getting innocent users to click on links that would install Trojans and viruses); how the hackers hid their tracks; and how they made their money (American credit card numbers and ID information were $10 apiece, with bulk discounts available). The Justice Department was also able to get logs of conversations between the five, which shows clearly that this was a big business, not a bunch of kids messing around with the Internet.
One of the hackers (called “the moneyman” in the indictment), is Dmitriy Smilianets, founder of a well-known online gaming team. He was arrested recently while traveling in the Netherlands, and over the weekend was extradited to the US.
As cyber-defenders develop new tactics to fight data theft and invasion, cyber-attackers figure out ways to get around those defenses or find new vulnerabilities. The proceedings of Black Hat, it should be noted, are public, and anybody who can pay their way in (between $1,800 and $2,600, depending on when they registered) can attend, so it stands to reason that at least some less well-meaning hackers will learn about the new tools being presented and figure out ways to take advantage of them.
But it can’t be helped, according to Aviv Raff, CTO of Seculert, one of the Israeli companies that will be presenting solutions at Black Hat; because of the open nature of the Internet and the public availability of open source tools, companies have to take into account that they will be targeted, and be ready to defend themselves.
For that reason, said Raff, Seculert will be presenting a new version of its cloud-based advanced Elastic Sandbox technology. “It is impossible to stop attacks,” he told The Times of Israel. “The best defense is identifying the threat, isolating it, eliminating it, and closing up the hole that the hackers used to get in.”
That, he said, is what Seculert’s Elastic Sandbox technology does. The system checks botnets — the networks of computers that hackers hijack for nefarious purposes — for IP addresses associated with a system. If it finds one, Seculert knows that the system has been compromised and can begin the process of ferreting out the malware, cleaning up the targeted system and installing defenses to ensure that the same thing does not happen again.
Other companies take different approaches: For example, Israeli cyber-security CyberArk, also presenting at Black Hat, protects systems by shoring up privileged accounts, such as the log-ins used by administrators to get past security so they can work more quickly, or group accounts that provide too many rights on a system to users. Cyber-Ark eliminates the possibility that privileged accounts will be abused by identifying and choking off access to the accounts. Cyber-Ark sets up a policy on user accounts requiring the changing of passwords on a regular basis, as well as a “safe zone” for data to be managed when access from an account. The only data a user can manipulate is inside the safe zone.
At Trustware, they have developed a technology called BufferZone that creates an isolated virtual environment where online apps and other potentially harmful sources can run completely separated from the corporate network and data, neutralizing even threats that seep through other security tiers. And at Versafe, they have over a dozen solutions for everything from zero-day attacks to social engineering scams to mobile malware.
Black Hat is an important event for security-minded professionals and for the hackers that seek to achieve personal gain, whether monetary or otherwise, legally or illicitly. That the community is open — and that, as Raff said, there is really nothing anyone can do to stop hacking — is something Black Hat recognizes as well.
“The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world — from the corporate and government sectors to academic and even underground researchers,” the organizers say about the event, adding that “the environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge.”
In the cat and mouse game of cyber-security, those attending Black Hat are hoping that the good “black hat” hackers will stay ahead of the bad ones.
The Times of Israel covers one of the most complicated, and contentious, parts of the world. Determined to keep readers fully informed and enable them to form and flesh out their own opinions, The Times of Israel has gradually established itself as the leading source of independent and fair-minded journalism on Israel, the region and the Jewish world.
We've achieved this by investing ever-greater resources in our journalism while keeping all of the content on our site free.
Unlike many other news sites, we have not put up a paywall. But we would like to invite readers who can afford to do so, and for whom The Times of Israel has become important, to help support our journalism by joining The Times of Israel Community. Join now and for as little as $6 a month you can both help ensure our ongoing investment in quality journalism, and enjoy special status and benefits as a Times of Israel Community member.