« The cost of credit card security | Main | Economists say 2008 will be a year to forget »

Arab Israeli arrested for Cyber-Sabotage of Israeli Websites

We call ourselves Team Evil. We like to go around causing trouble..Yawn.

I got a call last week, first thing in the morning from a colleague Nissan Ratzlav-Katz - who does research and writes about Islamic terror. He asked me if I could comment on the recent arrest of an Israeli Arab who is being charged for hacking Israeli Web sites.

I could not actually remember the case - but with a little prompting it came back to me. It was back in July 2006 - the attackers googled for a known vulnerability in the Invision Power Board 2.1.x forum application. The proof of concept code was released on the Internet in April 2006. After running the exploit, the attacker could modify an HTTP header to run malicious code.

Nissan had some questions which I answered pretty much in real-time since he had a deadline for his article on Israel National News.

Q - How can you say a hacker group is "based in" anywhere (as was said of them in 2006)?

A - A hacker group will have a small core team of 1-2 people based in a particular geographical location. The attack originated from three networks, most of which are in Saudi Arabia.

Q - Was it true that most sites were back up in a day?
A - Technically, they were never down, the sites were defaced. The companies involved got first aid from outside consultants like Beyond Security (who were the first responders I believe) and the sites were restored to normal state up within the day.

Q - Have there been improvements on Israeli IT security since then?
A - No.

Q - Does the arrest tell us something about the ease of catching such vandals? The sophistication of the attacks?
A - The arrest doesn't say anything about the ease of catching hackers.

The attack on the server in question was done by exploiting vulnerabilities in an unpatched web application and defacing the Web site. A combination of public and homemade tools was used, indicating a higher level of technical skill by the attackers (Team Evil) than that usually seen by similar groups.

However, the tools are very simple and they succeeded because the Web application (Invision) was not updated with the latest security patches.

Q -What does it say about current Israeli IT security? Anything?
A- As a rule, most Israeli companies are better at buying security technology (and getting a discount from the vendor) than sustaining a business process of fixing application software bugs.

Most Israeli IT managers are fighting yesterday's security battles and have an attitude that security is their employees' problem not theirs.

The prevailing mentality and sloppy maintenance mean that Israeli IT managers are no better prepared than they were 2 years ago

Read the article on Arab Israeli Arrested for Cyber-Sabotage of Israeli Websites

Posted on January 6, 2008 7:37 AM |

Search


About

This page contains a single entry from the blog posted on January 6, 2008 7:37 AM.

The previous post in this blog was The cost of credit card security.

The next post in this blog is Economists say 2008 will be a year to forget.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.32