Israeli techie says it takes a cyber hacker to catch a cyber hacker
Tuesday, March 11, 2014
Israel is a country at the forefront of cyber security technologies.
That’s no big surprise, considering the number of Israeli soldiers trained in the art of cyber-warfare. When they leave the military, many of them get jobs protecting business, infrastructure and commerce from the kinds of attacks they themselves knew as soldiers.
But one Israeli techie learned all about the vulnerabilities of cyberspace way before army age.
“I believe cyber security represents a threat, honestly, even more than most of the threats that you can think of,” says Israeli cyber expert Nir Gaist.
Gaist is just 25, but he's been involved with cyber security since he was 10, when he was hired to help banks protect their systems — by hacking into them.
“There was no large bank in Israel where I didn’t transfer actual money between bank accounts,” he says.
By the time he was 14, he took a few phone calls from Bill Gates. Not shockingly, they discussed cyber security.
Gaist is part of a brave new world of technology, but there’s still often a human touch: take cyber bank robbery.
Hackers will send a banker an email that looks like it’s from their boss. It’ll include a link to a website that looks exactly like the bank’s homepage. But, as Gaist explains, the email actually lets the hacker in the bank's system.
“If this employee is even a simple cashier in the bank, this employee has some access to many accounts, many customers, to actual money in the bank,” Gaist adds.
It’s not news that computer hackers are stealing stuff through the internet.
But Gaist predicts the future will bring cyber attacks on things you might not even think were connected to the internet. He says computer experts can access just about anything, even critical infrastructure, like power grids, that are supposedly disconnected from the open web.
“We can control traffic. We can control nuclear facilities. I can tell you that we can control water. We can control food. We can control almost everything by using cyber infrastructure,” he says.
To prove his point, Gaist sat down in front of two laptops to show how easy it can be.
Gaist's fingers raced over one of the keyboards at warp speed, as if he were born doing this stuff. He wrote malicious code — an endless stream of numbers and letters — like a scene from The Matrix. Then he sent it to the second laptop, protected with a popular anti-virus program.
The program popped up to say it had caught the virus.
So Gaist made a simple cosmetic change to the code. Wherever there was a 9 in the code, he substituted “six plus three.” That’s it. Then he sent the virus to the protected laptop again — and it was infected.
“As you can see, the firewall didn’t mention anything during this attack,” he says, even though the computer claimed to be protected.
Antivirus programs work by protecting your computer from a list of known threats. Every time a new virus is unleashed on the world, antivirus companies have to scramble to add those threats to their lists. Gaist’s company, Nyotron, is developing software that does the opposite. It monitors your computer’s normal activity to find any actions that are out of the ordinary. So the idea is to detect viruses as they're created.
The failure to prevent 9/11 has been attributed to a failure of imagination — intelligence services not being able to predict something of that scale ever happening. Gaist says to predict cyber threats, you need the imagination of a kid, and the intimate knowledge of cyberspace that only a kid has.
“The older generation did not grow up with a computer in his room. I did. I have a computer from age of 4 or 5. I start developing [at the] age of 6. I didn’t know what it means and how effective I can be,” he adds.
Kids are known to mess around without really understanding the consequences of their actions. In cyberspace, this can present serious challenges. Our finances, our governments, our energy supplies, even our lives are dependent on digital. And cyber-genius kids are easily able to hack into unprotected systems.
“The 6-year-old boy of today, he already knows what is hacking, he already knows how precious and how powerful this knowledge is. I think that there are very young kids today who can cause damage, not like a nation, but not very far from it. So, they want the world to know about their talent. They enjoy the glory and the fame,” Gaist says.
Gaist’s message is basically this: governments have a lot to learn from their cyber-savvy youth. Or, in other words, it takes a kid to catch a kid.