Israeli tunnel hit by cyber attack
By DANIEL ESTRIN
The Associated Press | October 28,2013
An electric power station is seen near the coastal city of Hadera. When Israel’s military chief delivered a high-profile speech this month outlining the greatest threats his country will face in the future, he listed computer sabotage as a top concern, warning a sophisticated cyberattack could one day bring the nation to a standstill.
HADERA, Israel — When Israel’s military chief delivered a high-profile speech this month outlining the greatest threats his country might face in the future, he listed computer sabotage as a top concern, warning a sophisticated cyberattack could one day bring the nation to a standstill.
Lt. Gen. Benny Gantz was not speaking empty words. Exactly one month before his address, a major artery in Israel’s national road network in the northern city of Haifa was shut down because of a cyberattack, cybersecurity experts tell The Associated Press, knocking key operations out of commission two days in a row and causing hundreds of thousands of dollars in damage.
One expert, speaking on condition of anonymity because the breach of security was a classified matter, said a Trojan horse attack targeted the security camera system in the Carmel Tunnels toll road on Sept. 8. A Trojan horse is a malicious computer program that users unknowingly install that can give hackers complete control over their systems.
The attack caused an immediate 20-minute lockdown of the roadway. The next day, the expert said, it shut down the roadway again during morning rush hour. It remained shut for eight hours, causing massive congestion.
The expert said investigators believe the attack was the work of unknown, sophisticated hackers, similar to the Anonymous hacking group that led attacks on Israeli websites in April. He said investigators determined it was not sophisticated enough to be the work of an enemy government like Iran.
The expert said Israel’s National Cyber Bureau, a two-year-old classified body that reports to the prime minister, was aware of the incident. The bureau declined comment, while Carmelton, the company that oversees the toll road, blamed a “communication glitch” for the mishap.
While Israel is a frequent target of hackers, the tunnel is the most high-profile landmark known to have been attacked. It is a major thoroughfare for Israel’s third-largest city, and the city is looking to turn the tunnel into a public shelter in case of emergency, highlighting its importance.
The incident is exactly the type of scenario that Gantz described in his recent address. He said Israel’s future battles might begin with “a cyberattack on websites which provide daily services to the citizens of Israel. Traffic lights could stop working, the banks could be shut down,” he said.
There have been cases of traffic tampering before. In 2005, the United States outlawed the unauthorized use of traffic override devices installed in many police cars and ambulances after unscrupulous drivers started using them to turn lights from red to green. In 2008, two Los Angeles traffic engineers pleaded guilty to breaking into the city’s signal system and deliberately snarling traffic as part of a labor dispute.
Oren David, a manager at international security firm RSA’s anti-fraud unit, said that although he didn’t have information about the tunnel incident, this kind of attack “is the hallmark of a new era.”
“Most of these systems are automated, especially as far as security is concerned. They’re automated and they’re remotely controlled, either over the Internet or otherwise, so they’re vulnerable to cyberattack,” he said. Israel, he added, is “among the top-targeted countries.”
In June, Prime Minister Benjamin Netanyahu said Iran and its proxies Hezbollah and Hamas have targeted Israel’s “essential systems,” including its water system, electric grid, trains and banks.
“Every sphere of civilian economic life, let’s not even talk about our security, is a potential or actual cyberattack target,” Netanyahu said at the time.
Israeli government websites receive hundreds and sometimes thousands of cyberattacks each day, said Ofir Ben Avi, head of the government’s website division.
During Israel’s military offensive on the Gaza Strip last year, tens of millions of website attacks took place, from denial of service attacks, which cripple websites by overloading them with traffic, to more sophisticated attempts to steal passwords, Ben Avi said.
Under constant threat, Israel has emerged as a world leader in cybersecurity, with murky military units developing much of the technology. Last year, the military formed its first cyberdefense unit.
Israeli cybersecurity experts say Iran and other hostile entities have successfully hacked into Israeli servers this year, and that Israel has quietly permitted those attacks to occur in order to track the hackers and feed them false intelligence.
Israel is also widely believed to have launched its own sophisticated computer attacks on its enemies, including the Stuxnet worm that caused significant damage to Iran’s nuclear program.
Bracing for serious attacks on Israeli civilian infrastructure, Israel’s national electric company launched a training program this month to teach engineers and power plant supervisors how to detect system infiltrations.
The Israel Electric Corp. says its servers register about 6,000 unique computer attacks every second.
“Big organizations and even countries are preparing for D-Day,” said Yasha Hain, a senior executive vice president at the company. “We decided to prepare ourselves to be first in line.”
The training program is run jointly with CyberGym, a cyberdefense company founded by ex-Israeli intelligence operatives that consults for Israeli oil, gas, transportation and financial companies.
On a manicured campus of eucalyptus trees across from a power plant in Israel’s north, groups are divided into teams in a role-playing game of hackers and power plant engineers.
The “hackers,” code-named the Red Team, sit in a dimly lit room decorated with cartoon villains on the walls. Darth Vader hovers over binary code. Kermit the Frog flashes his middle finger.
In another room, a miniature model of a power station overflows with water and the boiler’s thermometer shoots up as the role-playing hackers run a “Kill All” code. The exercise teaches employees how to detect a possible cyberattack even if their computer systems don’t register it.
About 25 middle-aged employees attended the first day of training last week. The course will eventually train thousands of workers, the electric company said.
CyberGym co-founder Ofir Hason declined to comment on the toll road shutdown, but said the company has seen a number of cyberattacks on infrastructures in recent years.
The country is especially susceptible because Israel has no electricity-sharing agreements with neighboring states, and all of the country’s essential infrastructure depends on the company for power.
“We’re an isolated island,” he said.