David Shipman, an information security expert at ESET Israel, discusses the cyber attack against the Technion about three weeks ago, an attack that the National Cyber Authority determines originated in Iran.
Shipman points out that many groups are engaged in efforts to enter the computers of large bodies and organizations, and Iran itself has many groups. "Each one is engaged in a different field, energy, finance, etc. and their goal is to look for security holes and try to extract as much information as possible. Regardless of the method used, the job has the same ideologically motivated goals."
The group that hacked the Technion's computers and demanded a ransom is the MuddyWater group. Shipman says that it is a relatively quiet group, although it is also being monitored. After extensive activities, it is growing more famous, and this attack itself also has value in terms of the group seeking to have an impact and to demonstrate professional effectiveness.
Shipman points out that those demanding ransom are usually careful to be ambiguous and to engage in short-term activity, but in this case, the attackers used phrases such as 'the Zionist enemy', which proved the desire for publicity behind the attack, and also reinforced the understanding that there is no reason to accede to the demand.
Since the Technion does not hold particularly sensitive information, it was not possible to make critical use of the information extracted by the Iranian hacker group, as happened in the case of the Shirbit Insurance Company, whose customers' personal details were exposed. According to Shipman, the break-in was an act of prestige for the attackers and not much more than that.
That they managed to cause a shutdown at the Technion adds to their prestige. He emphasizes that such groups should not be underestimated, since after one successful attack, additional attacks can follow in more significant and sensitive places. "The group can get an appetite and look for new targets", he says. "If in two weeks, we hear about another break-in, we won't be surprised."
Shipman explains that the Internet is a kind of Wild West in that after a short explanation, any user can track down an address, scan it, and try to hack it. As we know, geographical distance is irrelevant and, therefore, can be carried out in Iran as easily as in Israel.
Apart from attempts to log in through passwords, it is also possible to identify an organization's online weaknesses and penetrate through email and other more or less complex ways that can be used to overcome primary defense walls.
The question, Shipman says, is what is done after the intrusion. That is, is the system protected even the moment after it is hacked? Does it know how to defend itself in a short time and not allow the hacker long-term access, does it know how to identify what the hacker has already done inside the computer, what information he lacks, and how to block him from continuing his activity?
Due to the lack of such in-depth protections, the reality is that despite basic protections, hackers still manage to get into computers, extract information, spread spyware files, and demand ransom from users.