Pages

Sunday, October 27, 2013

Israeli road system hit by cyber-attack (updated)

As far as I know, this is unprecedented:

HADERA, Israel (AP) — When Israel's military chief delivered a high-profile speech this month outlining the greatest threats his country might face in the future, he listed computer sabotage as a top concern, warning a sophisticated cyberattack could one day bring the nation to a standstill.

Lt. Gen. Benny Gantz was not speaking empty words. Exactly one month before his address, a major artery in Israel's national road network in the northern city of Haifa suffered a cyberattack, cybersecurity experts tell The Associated Press, knocking key operations out of commission two days in a row and causing hundreds of thousands of dollars in damage.

One expert, speaking on condition of anonymity because the breach of security was a classified matter, said a Trojan horse attack targeted the security camera apparatus in the Carmel Tunnels toll road on Sept. 8. A Trojan horse is a malicious computer program that users unknowingly install that can give hackers complete control over their systems.

The attack caused an immediate 20-minute lockdown of the roadway. The next day, the expert said, it shut down the roadway again during morning rush hour. It remained shut for eight hours, causing massive congestion.

The expert said investigators believe the attack was the work of unknown, sophisticated hackers, similar to the Anonymous hacking group that led attacks on Israeli websites in April. He said investigators determined it was not sophisticated enough to be the work of an enemy government like Iran.

The expert said Israel's National Cyber Bureau, a two-year-old classified body that reports to the prime minister, was aware of the incident. The bureau declined comment, while Carmelton, the company that oversees the toll road, blamed a "communication glitch" for the mishap.

While Israel is a frequent target of hackers, the tunnel is the most high-profile landmark known to have been attacked. It is a major thoroughfare for Israel's third-largest city, and the city is looking to turn the tunnel into a public shelter in case of emergency, highlighting its importance.

The incident is exactly the type of scenario that Gantz described in his recent address. He said Israel's future battles might begin with "a cyberattack on websites which provide daily services to the citizens of Israel. Traffic lights could stop working, the banks could be shut down," he said.

There have been cases of traffic tampering before. In 2005, the United States outlawed the unauthorized use of traffic override devices installed in many police cars and ambulances after unscrupulous drivers started using them to turn lights from red to green. In 2008, two Los Angeles traffic engineers pleaded guilty to breaking into the city's signal system and deliberately snarling traffic as part of a labor dispute.
The earlier cases had insiders messing with traffic signals, but in this case the attack came - seemingly - from the Internet. It is possible that the Trojan Horse was introduced via USB key or CD-ROM, which might mean that the tunnel wasn't a target, but that it was software simply looking for -say - a certain type of surveillance camera that is connected via Wi-Fi or Ethernet.

If it was a cyberattack from the Internet, the bigger question is, why would any of Israel's cyber-infrastructure be accessible from the Internet?

It is unclear what the goal of the hackers was. If they were after the cameras, then it is possible that they only planned to do surveillance but either their mistake or their discovery caused Israel to shut down the tunnel out of caution.

(h/t MtTB)

UPDATE: Carmel Tunnels denies the story.