Hacked: Cyber Attack Reveals Worrying Flaws in Israeli Online Security
Hackers briefly take control of one million Israeli websites, but stopped from implanting ransomware
As many as one million Israeli websites, including those of major banks and telecom companies, were hacked over the weekend.
The websites in question were only offline for a short period of time, replaced with text reading "Jerusalem is the capital of Palestine #OpJerusalem".
But several Israeli programmers warned that the assailants were trying, and nearly succeeded, to get visitors to the hacked sites to download malicious software to their computers. Had the scheme succeeded, it could have theoretically enabled the hackers to bring parts of the Israeli economy to a halt, according to activist hacker Yuval Adam in remarks to The Times of Israel.
The assailants were able to get as far as they did by exploiting flaws in a popular accessibility platform used by many Israeli websites. By law, Israeli websites providing public services must provide special accessibility to those with disabilities.
Nagich, which means "accessibility" in Hebrew, provides advanced accessibility plugins, and counts among its customers McDonalds, Coca-Cola, Bank Hapoalim, and Israeli telecom companies Partner, 012 Mobile and Golan Telecom. Unfortunately, Nagich had neglected to take some basic security measures, allowing the hackers to take control of its customers' websites.
Ran Bar-Zik, a developer at Verizon Media who helped halt the cyber attack, sharply criticized both Nagich and the million customers that were effected for their "incredible negligence, about which warnings have been sounded in the recent past."
The victimized websites had all failed to take what are today basic online security precautions, such as properly protecting their DNS records and encrypting sensitives files on their servers.
"Even this simple action is apparently beyond the capabilities of Israeli internet sites," Bar-Zik wrote, adding that "the State of Israel, the cyber nation, got off very easy. The hackers could have caused billions in damage instead of mere vandalism."