Niv Lillian Winon Ben Shoshan
01/11/2021
Monday, 01 November 2021, 10:23 Updated: 10:37
Iranian cyber attack on Israel - questions and answers
Three days after a cyber attack by a group affiliated with the Iranian government, the sites attacked are still unavailable - and the attackers have issued an ultimatum.
What motivates hackers?
Is it worth paying the ransom?
This is what is known at the moment
Share on Facebook
Share on WhatsApp
Share on Twitter
Share on Email
Share on general
Comments
Comments
The leaked database (Photo: screenshot, screenshot)
What happened?
Black Shadow, a group of hackers affiliated with the Iranian regime, broke into the Cyberserv site development and hosting company, which serves some of the sites of large companies in Israel, including the Dan and Kavim transportation companies, the Pegasus tourism site and the LGBT community dating site, Atref - and stole users' information And their personal details, such as email addresses and passwords.
More on Walla!
What was most difficult for Anna Aronov to understand after the birth?
In collaboration with JAMA and Estée Lauder Companies
Who is Cyberserve?
Cyberserve is a website development and hosting company from the Krayot.
The company has received a number of alerts in the past year from the national cyber array that its servers are at risk of hacking, but has not addressed the flaws.
The main problem is that the cyber array has no authority to enforce or require the repairs to be carried out, or to punish a company that does not bother to repair its defenses against hacking.
A draft of the cyber law is supposed to address this issue, and give the system punitive powers as well - but it suffers from its own problems.
The company has received a number of alerts in the past year from the cyber system (Photo: Oded Karni)
Who are these Black Shadow?
Black Shadow are a group of hackers linked to the Iranian government.
They became famous mainly last December, when they broke into the insurance company Shirbit, and stole customer information from there, including personal details and credit card details.
The group also broke into a car financing company.
In addition, the hacker group is known for its arrogant conduct, and its ransom demands.
The group is currently demanding a million dollar ransom in cryptocurrency (digital currency that can be converted to real currency), or that it publish the personal details of Atref users (see also the next section).
Has sensitive information been stolen?
On the face of it, no.
But this information may be sensitive in two respects: The information stolen, such as usernames, email addresses and passwords, may constitute access to other sites or services - if you use the same password or username for several sites, as well as some details can be used for more complex attacks on Someone whose information was among the stolen details.
The second aspect is more sensitive, because of the nature of the hacked site - Atref is a major dating site for the gay community, and the fear is that the leak of details may reveal sexual orientation of people who wanted to keep it a secret, and talk could have serious personal consequences for their lives.
Hacker group linked to Iranian government (Photo: ShutterStock)
Is it worthwhile or should I pay the ransom?
The policy here is similar to the policy of the war on terror - do not negotiate with terrorists.
The prevailing view is that paying ransom to hackers only encourages more activities of this kind, so it is best not to pay them.
At the same time, quite a few cases are known in the past where companies have chosen to pay the ransom, in order to get their files and information back.
Black Shadow are aware of the nature of the information in their possession, and hope that the panic component will make people pay them a ransom.
The general recommendation is not to do this.
Why do we not respond?
Why for example, do we not attack back and take the information taken?
Well, it does not work that way - databases are not a ball in a football game.
Once the information is stolen, it is hacked.
Digital information is easy to copy, and most likely the hacker group has kept copies of it on computers that are protected from hacking in a simple way - they are not connected to the Internet, or even to an external hard drive.
In short, the idea of "taking back the information" is simply not applicable.
The information was taken, and that's a fact that needs to be addressed.
The mere fact that there is no public response to hackers does not mean that we do not respond.
Israel and Iran have been waging a silent cyber war for years, including response attacks from our side (see also our major article on the subject in the magazine).
Israel's security bodies are conducting their own response to hackers, it is simply not in the public eye.
What does the cyber array do?
The National Cyber System is a body whose job is to protect Israel and its infrastructure from cyber attacks.
It also constitutes an advisory professional authority for civic bodies.
The formation warned the Cyberserv company about the failures in its defenses, but some argue that the formation is not doing enough, and more aggressive action should have been taken.
The current structure of the national cyber system is also a problem, as is its forceful relationship with the Privacy Protection Authority, which is the civilian body in the Ministry of Justice, in charge of protecting the privacy of us all, especially in the context of information security.
Israel and Iran have been waging a silent cyber war for years (Photo: ShutterStock)
How will the sites return to the air if the information is stolen?
Most web hosting companies have backups of the information, which like what we explained earlier, there are also copies of the information that are stored in locations that are not connected to the network, what is known in professional parlance as "cold backup".
Devices in the field require what is also called redundancy - that is, backup of several copies, just in case, and traditionally, also stored on a geographically remote site, to prevent a situation where information is damaged due to a physical malfunction (fire, earthquake, other disaster) or simply theft.
What do I personally need to do now?
If your personal information was on one of the hacked sites, it is advisable to exchange passwords on sensitive services (email, bank) especially if you used the same password for several sites, and any other site where you used the same password.
Beyond that, there is not too much to do on a personal level, just be vigilant: in the near future pay attention to suspicious and initiated inquiries in an attempt to extract personal information from you, including impersonating a body or person familiar to you, or trying to create a sense of security. For example, trips you made at one of the transportation companies).
It is recommended to change passwords in sensitive services (Photo: ShutterStock)
"The war right now is on the subject of consciousness"
"In previous incidents with the Black Shadow group, past attempts to negotiate with them have shown unreliability," said Mae Brooks-Kempler, a cyber expert and founder of the Safe Online community. In a war of consciousness against Israel.
Therefore, it can be assumed that this will not be the path chosen.
"" The options available to a company that has experienced a break-in are unfortunately limited, "Brooks-Kempler adds.
The war right now is on the subject of consciousness.
Avoidance of downloading the materials from the network and distributing them and supporting the victims first and foremost. "
technology
Privacy and security
Tags
Cyber
Atref
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WZZSMROPJ5KIZWBYQFT34CPMAM.jpg)
