Information Warfare: The Haifa Hack Comes Up Short

Archives

June 12, 2013: Israel recently revealed that in early May pro-Assad hackers working for Syria attempted to take control of the water system in an Israeli city (Haifa). The effort failed, although the attackers had reasonable expectations that they might succeed. That’s because earlier this year an American Internet security firm set up three honey pot servers to measure the extent that hackers are attacking SCADA (supervisory control and data acquisition) and ISC (industrial control system) targets. The response by hackers was surprising and scary, and the hackers going after Haifa apparently knew this. But the Israelis also knew of the danger and took precautions.

A honey pot is an Internet server (PC a Website is running on) that looks real but is carefully monitored to record everything an attacking hacker does. This way, computer security researchers can collect information on the Internet criminals and have a better chance of stopping them and hunting them down. It's not practical to put the monitoring software on every site. Bank and high-security government servers have substantial defenses that monitor any (well nearly any) penetration and shut down if any unauthorized entry is detected. This doesn't help to identify attacking hackers but all these sites want to do is remain secure, not play cop.

The honey pot SCADA/ISC servers attracted 39 hacker attacks over a 28 day period. While the attacks came from 14 different countries, 35 percent were from China, 19 percent from the U.S., and 12 percent from Laos. The attacks were more aggressive and determined than anticipated and indicated that there are a lot of people out there looking for vulnerable SCADA/ISC sites and seeking to get in and, it seems, determine how to best sabotage the site. The Syrian hackers had plenty of individuals and groups in the hacker underground they could have bought SCADA attack tech and knowledge from.

At the heart of modern industry are the ISC and SCADA systems which control motors, sensors, alarms, pumps, valves, and other essential equipment. Water systems are among the most common SCADA systems. The successful hack of SCADA systems allows the attacker to take remote control of these systems. Options for the attacker are things like turning off safety systems in a nuclear reactor, opening or shutting a dam’s overflow sluices, opening oil pipelines to contaminate sea or land, or shutting down water supplies and sewage systems for large numbers of people.

The honey pots have proven useful in finding out what tools and techniques the bad guys have. This makes it possible to build better defenses. Honey pots also make attackers uncomfortable and less confident that any server they are hacking into is not rigged to catch them. However, the hackers know the honey pots are out there and the technological war of wits continues. The software engineers that design defenses keep making the honey pots more convincing. As a bonus, they add elements to non-honey pot servers to make a knowledgeable hacker hat think it's a honey pot. A bonus, as it were.

Computer security firms have found that developing new honey pots, that are cheaper to create and run, and more difficult for attackers to detect, are a good investment. If nothing else, it makes hacking a lot more difficult and nerve wracking. Israeli firms have been world leaders in developing Internet security software and testing it. Moreover, Israel knows it is the target for hackers motivated by money (stealing valuable tech) and ideology (anti-Semites). So it’s no surprise that the many recent Internet-based attacks on Israel recently have failed.