Monday, January 16, 2012
[Disclaimer: I am no techie and have no particular expertise with computers or the programs that run them.]
Over here you learn to thank G-d for slow news days. You know, the kind of days where the media can put its cluelessness on display for the amusement of the crowds.
The problem is that not everyone gets the joke.
As we become more and more reliant on computers in our day-to-day lives, the prospect of someone with malicious intent gaining access to our computers is, admittedly troubling.
But let's put things in perspective, shall we?
First, let's differentiate between two different kinds of cyber-attacks; hacking and virus. Yes, the two bump up against one another - and slightly overlap, but they are as different as petty vandalism and chemical warfare.
Hacking is all about finding a weakness in a computer's security system and finding a way in (most often to do mischief and/or steal information).
Viruses are computer programs that can replicate themselves and spread from one computer to another. Even though it is not necessarily accurate, for the sake of this discussion, I'll toss other types of 'malware', such as adware and spyware programs, into the virus pot even though they don't have reproductive ability.
As I mentioned earlier, the two bump up against one another, and actually overlap, with programs such as 'Trojan horses' which are designed to be carried past security barriers and unwittingly placed onto target computers.... and from where they can start broadcasting information outward (a direction of information flow that most security firewalls doesn't pay much attention to). Thus, a malicious virus is able to accomplish much the same result as a hacker.
To demonstrate the potentially devastating result of a well executed virus, look at the stuxnet virus (that many attribute to Israeli computer scientists) which attacked computers that controlled essential equipment within Iran's atomic program. That is the real deal, and is terrifying to contemplate someone returning the favor.
But over the past couple of weeks we've seen screaming headlines about foreign hackers breaching the security safeguards of several Israeli institutions.... as if this were the equivalent of stuxnet.
What the media doesn't seem to understand (or can't be bothered to distinguish for their readers) is that there are varying degrees of seriousness to any cyber attack.
For instance, a hacker gaining access to, and publishing, the credit card numbers and personal information of several thousand Israelis is bad. But not terrible.
The banks involved immediately realized what had happened, replaced all the compromised cards, and took steps to lock the door through which the hacker had accessed the information.
They also quickly realized that while some of the compromised information was current, a lot of it was quite out of date. Clearly the hacker had accessed a secondary data storage facility which hadn't been updated in awhile. That's likely the reason for the relatively lax security.
The banks/credit card companies found the breached door and put a stronger lock on it. End result; better security. A good thing.
The next round of headlines (today) dealt with another cyber attack on the websites of El Al Airlines and the Tel Aviv Stock Exchange. And if anything, the Media is screaming even louder than with the credit card breach.
Now here's where the media gets it wrong. Hacking a website is not (usually) the same as accessing the inner workings of a company's data/infrastructure command and control centers.
Here's a cartoon that best explains this:
See the difference?
Hacking the website of these two very visible symbols of Israel is a lot like spray painting graffiti on the front of the Knesset. It is a national embarrassment that it could happen. But the people and stuff inside were never in any real danger.
Yes, El Al customers who enjoy the convenience of checking flight schedules and such via the website were inconvenienced. And the company almost certainly lost a bit of revenue from the tickets that would have been purchased online instead of through the more costly call centers. But I wouldn't hold my breath waiting for an announcement that a single El Al plane has been grounded, or even delayed as a result of the attack.
Same goes for the Tel Aviv Stock Exchange. I promise you that trading continued as usual despite the results of the trades not being displayed on the TASE website.
So is it a shame that hackers are able to take down prominent Israeli websites? Yes. Will it force website administrators to put stronger locks on the doors? Yes. Will it result in better security on high profile websites? Yes.
Is this really worthy of every Israeli news site's screaming headlines? No.
But considering that there isn't anything more pressing to report... I guess we should count our blessings.
Posted by David Bogner on January 16, 2012 | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference People... Chill!:
It probably improved the El Al website. For some reason, it just was not organized the way I would find information so I used the method of brute force and found this gem.
I want to applaud with Chef Segev!
Posted by: lrg | Jan 16, 2012 6:03:04 PM
Print media are losing circulation and money to the competition of the internet. Any chance to make the internet look bad will not be missed.
Posted by: Freddy | Jan 16, 2012 9:45:15 PM
As a "computer guy" I would caution you to not rely too much on the "CIA poster" analogy. You see, although a web site is (hopefully) published on a separate machine than (for example) a database containing credit card transactions (or worse yet, state secrets). It is not impossible -- in fact, I would wager it is only moderately difficult for an accomplished hacker -- to take control of the web server, install your own software and connect to other machines on the same physical or logical network.
In an ideal world, sensitive materials would never be on the same network segment, but we live in a highly-imperfect world. You write it "is a lot like spray painting graffiti on the front of the Knesset". I would suggest it's more akin to spray painting graffiti in the Knesset plenum... sure, no one was hurt, but it should be a great concern someone was physically inside the building!
Posted by: ProphetJoe | Jan 16, 2012 10:08:23 PM
Oh yes, if the hack leads to push El Al's website and its technology into the 21st century, then it was way past time and probably worth it. If it means El Al will stop sending me SIX emails, 4 of them superfluous, for every booked ticked, then Amen. If it means that I'll be able to step back and forth pages during the booking process until the payment and check-out, then double Amen.
But something in the way that this company facilitates Twitter & Co. tells me they're not quite there yet. And you know what, it's such a pity.
But: I won't ever book through an agency OR choose another carrier. No way.
Posted by: a. | Jan 16, 2012 10:53:44 PM
As a very interested and geekily-inclined wife of a geek/hacker/security expert: agreed. It's never great when something like that happens, but all things considered, it wasn't as big a deal as the news seemed to be trying to say it was.
Also, I've been reading you for something over a year now, and the fact that this wasn't your first xkcd reference makes me like your blog even more; when I read about the hacking, that strip was the first thing I thought of, so seeing it here was great :)
Posted by: Shira | Jan 17, 2012 4:54:00 AM
I wish I had a David Bogner app, so when I have a freakout over something so non-freakout-worthy, I could activate my app (your sound reasoning orchestrated by windchimes and waterfalls) and be all like, "Ahhhh."
Posted by: Erica | Jan 17, 2012 5:05:47 AM