Pages

13 February 2014

Information Warfare: Islamic Ahabs And the Israeli Whale


February 12, 2014:

The Israeli Defense Ministry recently revealed that it had been hacked and the extent of the damage done is still under investigation. While Israel has some of the best Internet defenses on the planet, the Defense Ministry was hit with an attack method that relied more on psychology than software skill. This method of attack is known as spear fishing (“phishing” as hackers spell it). Despite the Defense Ministry having software and user rules in place to block spear fishing attacks there are so many email accounts to attack and you only have to get one victim to respond to a bogus email with a vital attachment that must be opened immediately. In this case it was an email purporting to be from the Shin Bet (Security Agency) with an attachment requiring immediate attention for the specific individual who got the email and initially believed it was about something he was involved with. When the attached document file was opened a hacking program was secretly installed that sent the hackers the login data from the now compromised account. The automated defenses are supposed to block the actions of the hacker software that is triggered when the victim clicks on the email attachment, but hackers keep finding exploitable vulnerabilities to these defenses and this creates an opening, as least until that vulnerability is recognized and patched.

Normally the growing number of Internet based attacks on Israel (from 100,000 to a million a day) are foiled because Israel has one of the largest collections of Internet security products and service companies on the planet. The Defense Ministry has long been a user of many of those products and services. But with that volume of attacks even a miniscule chance of success adds up to a lot of hackers getting in. Israeli networks have some of the best “intrusion detection” software in the world which keeps monitoring inside networks for any unusual activity. This tends to catch any hackers who get in.

What apparently did the Israelis in (other than a careless Defense Ministry employee) during the current incident was the use of hacking software that used a new vulnerability. Called "Zero Day Exploits" (ZDEs), in the right hands these vulnerabilities/flaws can enable criminals to pull off a large online heist or simply maintain secret control over thousands of computers. The most successful hackers use high-quality (and very expensive) ZDEs. Not surprisingly ZDEs are difficult to find and can be sold on the black (or legitimate) market for over $250,000. A lot of these are sold from black market Internet sites based in Russia and anyone is welcome to buy.


Finding ZDEs is still a favorite activity for hackers. A growing number of countries encourage local hackers to find ZDEs. For example, China encourages and helps organize patriotic Internet users in order to obtain hacking services. This enables the government to use (often informally) thousands of hackers to attack targets (foreign or domestic) and find ZDEs or do other mischief. Government sponsored organizations arrange training and mentoring to improve the skills of group members. While many of these Cyber Warriors are rank amateurs, even the least skilled can be given simple tasks. And out of their ranks will emerge more skilled hackers, who can do some real damage. These hacker militias have also led to the use of mercenary hacker groups, who will go looking for specific secrets, for a price. Chinese companies are apparently major users of such services, judging from the pattern of recent hacking activity, and the fact that Chinese firms don't have to fear prosecution for using such methods. A growing number of Moslem software professionals and eager amateurs are finding out about this black market (for ZDEs and hacking software in general) and have the cash to buy high-end stuff. In the Islamic world successfully hacking into an Israeli network is a big deal that is a whole lot safer than the more traditional terrorism.

All nations with a large Internet user population have these informal groups but not all nations have government guidance, subsidies, immunity from prosecution, and encouragement to make attacks like China does. Another factor is events that cause highly publicized tensions between nations with large number of Internet users. This almost always results in the "hacker militias" of both nations going after each other.

The U.S. has one of the largest such informal militias but there has been little government involvement. That is changing. The U.S. Department of Defense, increasingly under hacker attack, is now organizing to fight back, sort of. Taking a page from the corporate playbook, the Pentagon is sending many of its programmers and Internet engineers to take classes in how to hack into the Pentagon. Not just the Pentagon but any corporate, or private, network. It's long been common for Internet security personnel to test their defenses by attacking these targets. Some "white hat hackers" (as opposed to the evil "black hat hackers") made a very good living selling their attack skills, to reveal flaws or confirm defenses. This resulted in standards regarding who was a qualified white hat hacker. This made it easier for white hats to get work and for companies to find qualified, and trustworthy, hackers to help with network security. There are still problems with certifying that former black hat hackers, especially those who have been prosecuted and jailed, are trustworthy enough to work for the good guys.

At the moment, the black hats are winning. While some sites (most financial institutions, some government agencies) are largely invulnerable to hacker attack, most networks are not. The Israelis are discovering this. As the scope of the losses becomes more widely known, that may change. The most successful hackers make use of Russian-based hacker resources. The irony of this is that it has led to sharp increases in sales for Israeli Internet security firms. At the same time Israel has become a favorite target for Moslem and leftist hackers worldwide. Some of this is pure anti-Semitism but a lot of it is the desire to score a victory, any kind of victory, against the most formidable target.

No comments:

Post a Comment