September 9, 2013:
The growing number of Internet based attacks by a group of Syrian hackers, calling themselves the Syrian Electronic Army (SEA), has created a growing demand for Israeli Internet security products and services. That’s because SEA has been unable to do much damage to Israel and that’s because Israel has one of the largest and most successful collection of Internet security firms on the planet. This has long been known, but the SEA success at hacking high-profile media sites everywhere but in Israel has made Internet security (or the lack of it) a big issue. That, and the fact that security firms worldwide have recently been more successful at exposing the source (China and Eastern Europe) of major hacker organizations and the extent of their thefts in the past few years. Now everyone wants more protection, and one of the best sources can be found in Israel.
The SEA is headquartered next door to Israel and is loyal to the beleaguered Assad dictatorship in Syria. The SEA has been especially effective using spear fishing to hack into media sites. Despite most media companies having in place software and personnel rules to block spear fishing attacks, there are so many email accounts to attack and you only have to get one victim to respond for the SEA to get in (using the login data from the compromised account). The automated defenses are supposed to block the actions of the hacker software that is triggered when the victim clicks on the email attachment, but hackers keep finding exploitable vulnerabilities to these defenses and this creates an opening, at least until that vulnerability is recognized and patched.
The SEA has enough cash and expertise to know where in the hacker underground the latest and most effective malware attachments can be found and purchased. With that, it’s just a matter of modifying the malware package, buying the email lists (of media company employees), and the services of an illegal network of hacked PCs (a botnet) to transmit your spear fishing emails.
The SEA has another big advantage: Russia. One of the few (and most enthusiastic) foreign allies Syria has is Russia. That is where some of the most skilled hackers in the world operate from, and they do this by not attacking Russian targets and doing whatever the Russian government asks them to do. Apparently Russia told the Internet thugs they shelter to do what they can for the SEA and that has made the SEA far more effective than it would be if it just relied on its Syrian and Iranian members.
The SEA also exploits the fact that when it comes to Internet security that there are more people looking for vulnerabilities (that allow hackers to secretly get into someone else's computers) than there are people of equal skill trying to prevent this. There are some highly skilled people in this hacker community, and many of them spend most of their time developing software that will automatically seek out vulnerabilities. Called "Zero Day Exploits" (ZDEs), in the right hands these vulnerabilities/flaws can enable criminals to pull off a large online heist or simply maintain secret control over thousands of computers. The most successful hackers use high-quality (and very expensive) ZDEs. Not surprisingly, ZDEs are difficult to find and can be sold on the black (or legitimate) market for over $250,000. A lot of these are sold from black market Internet sites based in Russia.
Finding ZDEs is still a favorite activity for hackers. A growing number of countries encourage local hackers to find ZDEs. For example, China encourages and helps organize patriotic Internet users in order to obtain hacking services. This enables the government to use (often informally) thousands of hackers to attack targets (foreign or domestic) and find ZDEs or do other mischief. Government sponsored organizations arrange training and mentoring to improve the skills of group members. While many of these Cyber Warriors are rank amateurs, even the least skilled can be given simple tasks. And out of their ranks will emerge more skilled hackers, who can do some real damage. These hacker militias have also led to the use of mercenary hacker groups, who will go looking for specific secrets, for a price. Chinese companies are apparently major users of such services, judging from the pattern of recent hacking activity and the fact that Chinese firms don't have to fear prosecution for using such methods.
All nations with a large Internet user population have these informal groups but not all nations have government guidance, subsidies, immunity from prosecution, and encouragement to make attacks. Another factor is events that cause highly publicized tensions between nations with large number of Internet users. This almost always results in the "hacker militias" of both nations going after each other.
The U.S. has one of the largest such informal militias but there has been little government involvement. That is changing. The U.S. Department of Defense, increasingly under hacker attack, is now organizing to fight back, sort of. Taking a page from the corporate playbook, the Pentagon is sending many of its programmers and Internet engineers to take classes in how to hack into the Pentagon. Not just the Pentagon but any corporate, or private, network. It's long been common for Internet security personnel to test their defenses by attacking these targets. Some "white hat hackers" (as opposed to the evil "black hat hackers") made a very good living selling their attack skills, to reveal flaws or confirm defenses. This resulted in standards regarding who was a qualified white hat hacker. This made it easier for white hats to get work and for companies to find qualified, and trustworthy, hackers to help with network security. There are still problems with certifying that former black hat hackers, especially those who have been prosecuted and jailed, are trustworthy enough to work for the good guys.
Now the Department of Defense is paying to get members of its Internet security staff certified as white hats, or at least trained to be able to do what the black hats do or recognize it. While many in the Department of Defense have been calling for a more attack-minded posture, when it comes to those who are constantly attacking Pentagon networks, the best that can be done right now is to train more insiders to think, and operate, like outsiders. Meanwhile, the CIA and NSA have long had a special recruiting program that sought out black hats wishing to change sides. The vetting process was intense, and some of these guys (they are mostly guys) were always kept under surveillance, just to be on the safe side.
At the moment, the black hats are winning. While some sites (most financial institutions, some government agencies) are largely invulnerable to hacker attack, most networks are not. As the scope of the losses becomes more widely known, that may change. The SEA has made spectacular use of Russian-based hacker resources. The irony of this is that it has led to sharp increases in sales for Israeli Internet security firms. Israel has been an arch-enemy of Syria for over half a century and the SEA is putting a spotlight on why Syria has been losing this battle for so long.