Israeli businesses hit by wave of hacker extortion
The cost to victims can be anywhere from a few thousand shekels to hundreds of thousands of dollars.
Several financial institutions and businesses have recently fallen victim to extortion by organized crime rings and independent hackers, which has cost these victims anywhere from a few thousand shekels to hundreds of thousands of dollars.
Various ruses are used, but a common tactic is infiltrating a company's computer network or an employee's cell phone, stealing a file to prove a system breach, and threatening to leak sensitive documentation unless security software or consulting services are "bought" from the perpetrator.
Most of the victims don't file police complaints, preferring to use private security firms to find the security lapse. Large companies, which by law are required to report such incidents, assume police don't have the manpower to deal with such extortion. Thus, they feel compelled to pay for the software, even though it can often be easily downloaded from the Internet.
Cyber extortion has become more common mainly due to its simplicity, said Dr. Nimrod Kozlovski, an expert on Internet law and digital culture. "It's very easy to track cell phones and infiltrate corporate networks using Wifi technology," he told Haaretz on Monday. "Penetrating employee accounts is terribly simple. And it's easy to locate passwords and documents in organizational networks, send the company a classified item, and blackmail it - especially since victims don't know the extent of the breach."
It's clear the activity is widespread and involves many separate groups, Kozlovski continued. He also said, however, that while breaking into accounts and websites is easy, the method with which large financial organizations are being extorted matches organized crime patterns.
"Although much of the criminal activity, like scanning websites and breaking into Facebook and email accounts, is amateurish, large companies have been blackmailed through internal IP addresses to arrive at inside documents and attempts to extort senior officers," he said.
Kozlovski claims police have the technological ability to address the problem, which he said has "turned into a plague," but they lack the manpower, budget, and prioritization to deal with it properly. "This type of crime requires a different perspective, setting up sting operations, special investigative methods, monitoring network activity, and dealing with such cases in real time," he said.
Joey Peleg of the Israeli Cyber Defense Institute said the problem is much more widespread than people realize, mainly because companies usually pay up rather than go to the police. "Any digital system can be taken over, from a pacemaker to a car or any other electronic device, and certainly computers," he said.
"The police can't help," he added. "They don't have enough money, despite being excellent people who put their heart in their work. At best they find a pedophile here and there. Thus a lot falls on the ordinary citizen."
Peleg said the main victims are small and medium-sized businesses that have no real concept of information security and rely mainly on free antivirus software. But even the biggest companies have insufficient security, he said.
"Smart phones are the danger," he added. "Here, there's no good defense system that has proven itself. The next big attack will come via mobile phones."
One person in the information security field said the police's problem isn't just money. "They have nothing even close to the knowledge" that hackers do, said the source.
Another expert opined that "small businesses give in to extortion because it simply doesn't pay to invest huge sums of money in information security companies."
Boaz Lev, a former senior police officer who now lectures on computer crime worldwide, insisted that police are capable of dealing with cyber extortion. Nevertheless, he admitted, whenever a client asks him how to handle such extortion, he responds, "Don't be right, be smart. And giving in to the extortion is being smart - unequivocally."
Israel Police said that its investigations of computer crimes are carried out by a team of skilled professionals who are deployed throughout the country. "The police recognize the importance of developing a system to deal with this issue, which is on our daily agenda. The development of such a system requires the allocation of many resources, and we are in discussions about this issue with the Public Security Ministry."