A cyber attack on the financial information of thousands of Israelis has exposed a weak spot in the country's security firewalls online.
Using the name OxOmer, a hacker posted in early January what he claimed were 400,000 Israeli credit card numbers, including security codes, passwords, email addresses and phone numbers, information he got from Israeli commercial websites.
The scare turned out to be far less damaging than the hacker claimed, officials at the Bank of Israel said just 20,000 active credit cards were compromised. They were cancelled, they said, before too many illegal charges piled up, but some Israelis were shaken up.
Dafna Levanon, Tel Aviv Resident:
"It's not just the money. Hackers can steal your identity and play with your personal life."
It's still unclear who the hacker is – he identified himself as a Saudi citizen and member of the Wahabi hacking group XP. But an Israeli blogger on his trail says he's a 19 year old from the United Arab Emirates who is studying computers in Mexico.
Whoever the hacker is -- one thing is clear: politics led him to launch his cyber attack on Israel. After posting two more batches of credit card information and a computer virus, the hacker urged Arab-Muslim hackers to join him in what he called his quote "war" on Israel.
Hamas leaders praised the cyber attacks as a new form of resistance.
But Israeli officials condemned the hacking incident, calling it a form of "cyber-terror." It came just weeks after an announcement by Prime Minister Netanyahu that he will form a separate authority for fighting cyber-terrorism.
Kadima lawmaker Ronit Tirosh is playing a key role as the chair of the Science and Technology committee.
MK Ronit Tirosh, Kadima Party:
"I think that Israel always lived among enemies and lately we even have more enemies and the platform of cyber gives them the opportunity and the chance and the ability to connect with many, not genius guys, but hackers. Some of them are against Israel, but some of them it’s fun for them. And they can take the knowledge from them or the cooperation and they can do very easy. They can try, at least, try to hurt Israel."
Israeli consumers are no more vulnerable to having their personal and financial information stolen than citizens in other advanced, western countries. The private sector in general tends to be the weak link in any country's security system. But critics say Israel should be different. It has developed some of the most advanced technologies and methods for securing its institutions of government, defense forces, water and electricity supplies. So now the push is to use existing technology from the public sector in the private sector and to couple that with legislation to force companies to better protect the sensitive information that consumers put online.
Tirosh is leading the charge – her committee is drawing up new regulations and laws to fight financial cyber attacks. The Bank of Israel, she says, will need to provide better oversight than it does today.
MK Ronit Tirosh:
"The public, and also businessmen, they are not aware enough that we are living in another era. This is a very different era and the threats are totally different. We should be prepared for it. We should learn the new language. And we need tools - I don't know how many, but some of them are from laws and regulations and we are going to help them."
Tirosh plans to call on the cutting edge high-tech companies operating in Israel to help provide some of the new security solutions.
The American company, Symantec, which uses Israeli security innovations, may be one that the government turns to. The firm tracks cyber attacks in real time all over the world, provides ways to stop worms and retrieve stolen information.
Guy Maor is one of their top security specialists.
“This was definitely a terror attack. They wanted to harm the name of the state of Israel and harm the people of the state of Israel. That was the motivation behind it. They did us a great favor actually, basically by getting us more prepared for the next time. We’ll be more protected because of this early alarm.”
But not everyone is willing to elevate the financial hacking incident to the level of cyber-terrorism.
Yael Shachar, Cyber Terror Expert, IDC College:
It’s between “hacktevism” and cyber terrorism. I wouldn’t even consider it terrorism, because terrorism terrorizes, this doesn’t terrorize. It’s a commercially based operation. I hesitate to use the word cyber terrorism for anything less than actual terrorism, and something like this is just a little bit too routine to get people too worried.
Shachar says the popular crime of hacking for financial gain causes inconveniences, but can't shut down a country. The real danger are cyber attacks that can damage Israel's defense systems, transportation or vital resources.
On a scale of one to ten, Shachar says Israel is well protected in those vital areas.
"In comparison to the United States, I’d give it about a nine, at least. That’s mostly because we are much smaller a country, it’s much easier to protect it and we’ve been under threat for longer and we have the mentality to protect it, which the US, it’s all outsourced."
But clearly more protection is still needed in the commercial sector. OxOmer struck again on Monday. Teaming up with a hacking group called "nightmare," he caused temporary disruptions on the websites of the Tel Aviv Stock Exchange, Israel's national airline, EL AL and a few more banks. No damage was reported, but many believe this won't be the last time they'll hear from the hacker.
Jordana Miller, JN1, Jerusalem