Gadi Evron on Cyber Warfare

Gadi_evron2Cyber warfare is playing a significant part of the conflict between Russia and Georgia. To get a better understanding of cyber warfare and the threat it poses to Israel, MediaBackspin editor Pesach Benson talked to Gadi Evron.

Evron used to run security for the Israeli government ISP and was formerly founder and manager of the government’s computer emergency response team (CERT). Last year, he assisted Estonia’s CERT when Russian hackers attacked numerous Estonian sites. Evron also blogs on internet security issues at Circle ID.

What happened with Georgia?

Not too much, technically. They attacked the websites with Distributed Denial of Services that caused the sites to be unreachable or crash. They just flooded them. The main sites, around one or two dozen, were hosted by the Georgian government.

The disturbing thing about the incident with Georgia is that regular people attacked. You can run simple tools downloaded off the internet. The tools were advertised on Russian sites. All these people thought they could get involved in something that really bothered them. They thought — due to patriotism, pride or any other motivation — they could use these simple tools and feel involved.

What’s at stake for Israel if hackers launch an organized, sustained attack?

Bank_online_2Any country out there faces a risk of online attack. The difference is whether the online attack is a smart one, attacking critical infrastructure. For example, Die Hard 4 was pretty realistic about the potential impact on air traffic control. That’s a worst case scenario.

In Estonia’s case, all their online banking, which is critical to their daily life, was targeted. In Georgia, the impact was more on the Georgia’s visibility on the internet and their ability to communicate with the world.

What can you tell us about the hackers?

Whenever there’s ethnic tension, like China-Taiwan or Russia-Georgia, or the Mohammed cartoons, people feel empowered on the internet. There are loosely affiliated ad hoc groups of people all over the place who launch these attacks. Of the hundreds of daily attacks, most aren’t politically motivated. More like an issue of money or a grudge.

Pro-Arab and pro-Israel hackers have been attacking unaffiliated web sites like banks, newspapers, an art site, etc. They’ll target a site for no reason other than it’s Israeli and it’s vulnerable.

The Estonian attacks were more organized than Georgia. It was like online rioting. We saw clear signs of organization, but we’ll never be able to definitively prove it was an ad hoc attack or a pre-planned state-sponsored attack.

I can definitely see how in the future, people will use the blogosphere to incite people to hack and online mob control. Someone in the future could potentially seed this info on the blogosphere and use it as a form of mob control.

How much would it cost someone to sponsor a hacker with the necessary equipment?

The cost is minimal and the time isn’t demanding. Anyone can be involved.

What lessons can be learned from all this?

Hacker05_2Instant response is critical. You can’t prevent bad things from happening, but once things happen, you can be judged on how you respond and bring things back to normality.

The second thing is that the internet is global. You can be attacked from all over the world. Many computers have been compromised by Trojans and botnets and can be used in global attacks. A computer infected with a botnet anywhere in the world can be controlled by a hacker without the owner’s knowledge. If you control 100 or one million infected computers, you have an army. You can issue a command and these computers will do what you want. This shows the importance of international cooperation.

And let’s consider one thing. The internet is perfect for plausible deniability. Let’s say your computer is used to hack into your neighbor’s and causes damage. Is it your responsibility or the hacker’s? Proving evidence in courts is mind boggling because it’s so hard to know.

If two countries are at war, is it legal for citizens acting on their own to attack the enemy country’s web sites?

That’s uncharted territory. Some countries have very clear computer legislation. If you attack or steal knowledge, you’re liable. But law enforcement has to be interested in such action and be able to trace the action and meet the burden of proof.

Now let’s say you could prove that a state-sponsored attack took place, how would you treat it? Is it grounds for war? On the internet, you may know who your enemies, rivals and opponents are, but you likely won’t have a clue is attacking you.

Should hackers be treated as enemy combatants?

I’d consider him a criminal. Enemy combatant’s a loaded term with many different meanings.

Georgia’s national websites were relocated to Google Blogger, while individuals used Twitter to share updates on the fighting. What does this say about the role of social media in warfare?

Mikheil_saakashvili_2I’m not a media expert. But it makes sense that whenever there’s warfare, aggressors would try to control the flow of info, and the internet is a natural extension of that. It’s the newest most advanced form of communication we have.

What can Israel learn from Georgia’s efforts to get its P.R. message out to the world in the face of all the hackings?

Georgia and Russia fought a media war, and they are experts. The whole media warfare has been extreme. If you go back and forth between American and Russian news sites, you can’t tell who is telling the truth. There’s possible evidence that Georgia lied about some of what happened to keep the media on its side.

One thing we can learn from Georgia and Russia is their ability to explain their situation and launch extensive PR campaigns. That’s what we lack and we’ve been clearly shown how the masters do it.

Are pro-Israel web sites outside of Israel also vulnerable?

There are web sites outside of Israel that have been hacked but I can’t think of any off the top of my head.

What is Israel doing to protect the integrity of its internet infrastructure?

I have no idea. The government is my former employer. You’ll have to ask them.

What precautions can Jewish web sites take?

They should start by putting security into their equation. Making sure their systems are updated, their software is updated and know their vulnerabilities. Anything that can protect against regular hackers will protect against hackers with motives. But the most important thing is to keep the operating systems and the programs up to date and other basic security practices.


Comments are closed.