Some cyber experts believe that Shirbit attackers are Israeli "amateurs" • According to others, an enemy state is behind the attack • Almost everyone agrees on one thing: the motive is not financial
Cyber expert Einat Miron: "This is an attack designed to reveal extensive information about the country's residents."
The leaked documents against the background of the Shirbit building
The extortion case from the insurance company Shirbit continues to upset Israel.
Currently, Shirbit refuses to pay the ransom demanded by the hackers, and those in turn posted this morning (Sunday) on their telegram channel an offer for every Daqfin to come and purchase the documents they stole from Shirbit.
Is this a private initiative, Israeli or foreign, behind the hacker group "Black Shadow"? Is this an attack on the nationalist background of an enemy state? And most importantly - how can the next attack be prevented?
Is the pointing finger pointing at Iran is intentional?
The breach is often portrayed in the media as an act of foreign intelligence agents, with the finger of blame pointed in the direction of Iran.
But are these really such sophisticated burglars that a country stands behind them, and not amateur cyber people, maybe even former employees of Shirbit?
This question worries many factors in Israel who are engaged in the field.
An experienced source in the field (his name is kept in the system) who examined the findings, told "Israel Today" this morning: "This is a group established a month ago, which is run by amateurs, and its people understand Hebrew well. These people read Hebrew and understand the Israeli mindset. It seems to me that a country is behind the break-in, and I would not rule out the possibility that this is a former employee of the company or a factor that wants to take revenge on it for completely different motives. "
Former GSS man Erez Kreiner, who now works for the Saiser Information Security company, shares this line of thinking. "Anyone who understands hacking could have led such a hack.
There is currently no evidence of state activity.
In my opinion, there are elements in Israel who can easily reach the burglar, but that is not their job when it comes to civil society. "
According to Kreiner, the very raising of the "Iranian option" in the context of the hacking of Shirbit is not accidental, and may stem more from various interests and less from the sight of a "smoking gun."
Kreiner: "Why mention Iran? This is a good question. In fact, there is no proof that the person behind the break-in is an Iranian factor, or a factor on behalf of any country. In my opinion, all the options are on the table. There are all sorts of stakeholders From the outside, about the demands of the burglars - they are discovering amateurish conduct reminiscent of gang activity. "
Kreiner warns that if the burglar or burglars are from Israel, then in their current conduct they have crossed another red line that transfers the offense from the criminal category - to nationalism.
"For the benefit of the burglar, I hope he is not Israeli. Because in that case, selling the country to Iran is no longer an ordinary offense but an offense against the spying laws of the State of Israel. This is a completely different level of offense. In a person with a hacking talent somewhere around the globe, "he concludes.
"The crisis was handled incorrectly"
The experienced source who preferred to remain anonymous, says that "Shirbit and the state are making a huge mistake here. Get out immediately at the moment of the break-in, count everything you have, let people understand what exactly was exposed, what is going on outside. Unfortunately, the state came in here This one continues like gum, and is the one that gives the great visibility and noise in this affair. What is sad is that much more embarrassing content will come out than those that have come out so far, due to mismanagement of the crisis. When such a crisis happens anywhere else in the Western world "Everything - and the business is over. Here, the ongoing preoccupation with the crisis is only more harmful."
Dr. Harel Manshari, one of the founders of the Shin Bet's cyber network and head of the cyber department at the Institute of Technology, also agrees with the criticism of Shirbit.
"Shirbit does not act transparently in front of its customers. It should issue a message to its customers as soon as possible and clearly state what happened, and how they will help them from now on."
"The motive of the burglars is not financial"
According to Manshari, the motive of the burglars is not financial.
"I understand, the whole issue of money is a smokescreen. The burglars do not want money. They did not plan to return the information anyway, and their whole purpose in demanding the money was to embarrass the public."
According to Dr. Manshari, “The hackers are taking advantage of the reports and media coverage on the subject, and successfully amplifying the consciousness effect of the incident.
Due to the fact that elements on behalf of the state are involved here, in my opinion the burglars are not Israelis.
If they were Israelis, I think they would have already got their hands on them.
"I believe that this attack does not come from Israel."
Regarding the theory that these are elements on behalf of Iran, Dr. Manshari says: "It is exactly part of the same smokescreen.
"Appreciates that this is an enemy state"
Cyber expert Einat Miron, on the other hand, estimates that this is indeed an attack that is backed by a state.
"Despite attempts by some sources to present the attack as a ransom attack on the same day, it was clear that it was not a monetary motivation but an attack designed to reveal extensive information about the country's residents. The ransom demand, in its software and goals, proved that it was just a game. For attackers, the very scope of the demand, together with the schedules, is not feasible for implementation. "
According to Meron, "It was obvious that the attackers were toying with the idea of extortion. The assessment that emerges is that this is a group of attackers representing a hostile state. Their goal is to sow fear and terror among the company's customers, As personal information to identify with through services provided remotely. "
Meron estimates that the profile of the attackers' conduct is typical of countries such as Iran.
"They hold a huge volume of information, including access to the company's servers and 'Active Board' (which provides information on everything that is done in the organization). It can be assumed with high probability that the attackers' intention was not to make money, since the ransom demand was unreasonable The times, the execution, and the scope of the amount. "
Meron believes that the messages the hackers posted, including comments on some of the documents (sarcastic comments and emojis), show that they are amused by the public panic reflected in the media, when many realized that their personal details, photos, conversations and medical history were exposed to the public.
Meron: "Another seal of approval for the degree of sarcasm of the burglars was in the distribution of correspondence with the director of negotiations on behalf of Shirbit.
In general, a cyber attack is a function of 'when' and not of 'if'.
Therefore, there is empathy for any company dealing with this type of event.
At the same time, the sequence of failures, to the point of performing any action contrary to expectations or required, the arrogance and disconnection, as reflected in the media, the lack of understanding of the essence and magnitude of the incident - led to a greater crisis. "
How to prevent the next attack?
So what can be done to prevent the next attack?
According to Meron, "Preliminary preparation that takes into account triggers, involved teams, situation assessments and principled decisions, which are used as an anchor during event management, may be all the difference between coping and collapse."
Another material question that should be asked in this case in Meron's opinion is the responsibility of the Supervisor of Insurance.
"Did the inspector provide a requirements document that provides a satisfactory answer to such cases?" Miron asks.
"There are questions here that need to be asked: How can the inspector not efficiently and quickly conduct the inspections he performs on his inspectors? How does he allow an insurance company to employ a part-time information security person? Why does he not enforce his own regulation? These are many questions that require a thorough home inspection. "And not just on the subject of regulation."
