It’s been a busy week here in Israel. With security “experts” spreading FUD about the the coming infocalypse, management types all around the country entered a national state of panic. So after all this is over, it’s time to look back at what we had and what we can learn from this.
Prelude to the storm
For weeks prior to April 7th, various (mostly Arab/Muslim) “hacking groups” have been threatening to “Wipe Israel from the Internet” – why anyone thought this is even possible still remains a mystery, with Israeli ISP bandwidth in the Tbps range, at least an order of magnitude more than even the largest DDoS volumes to date.
All that didn’t matter to security experts, who were quick to warn of anything between critical infrastructure failing to internet being slow, and the mass media that devoted and incredible amount of attention to the issue. One “security company” even suggested users uninstall their browser on April 6th and re-install on April 8th, a suggestion that in my opinion earns them a triple face-palm.
The actual storm
Come late afternoon April 6th local time, the #OpIsrael hash-tag went into overdrive, in data centers around the country admins stood ready to repeal the evil haxorz and news reporters just waited for some juicy headline, and then 6 hours later a government website went offline for a few minutes.
Yep, that’s about the most important thing that happened.
Sure, there were some websites defaced, most are various SOHO business PR sites, that were probably broken into week prior to the OP. In some cases the defacement was so lame that it amounted to implanting a page on the server and just pointing the twitter link to it without affecting the website itself.
The level of amateurism was so high that among the chosen targets were a not-for-profit organization that arranges various fun activities for children with cancer, both Jew and Arab, a left leaning news paper – Haaretz and Machsom Watch a human rights organization.
As the op has passed, I think we have all learned a valuable lesson. We – the INFOSEC community – need to look deep down and admit that many have over-hyped this thing for all the wrong reasons. The panic that has been created was unwarranted and driven by PR and marketing considerations, was it worth it? What we may have created here is a situation where the boy cried wolf too many times, when the time comes we won’t have the credibility we so need. As far as public education goes, we should have seized this opportunity not to spook people, but rather to educate them of the dangers lurking online, to make them more aware and less gullible, instead they were driven into a scare without any real advice on what to do. The real challenges before us, I think, will be dealing with the sudden interest by management in information security and finding ways to help ensure that the public in general is better protected than it is today.
The first challenge will probably revolve on driving the management away from costly DDoS prevention technologies towards what the organization really needs and wise security practitioners should take advantage of this position in the short term.
The second challenge is much harder, I leave it to you the community to figure out.