Hacker test almosts plants false report on TASE website
Beyond Security's fictitious statement: Oil was discovered at Dizengoff Center. The stock exchange denies the hack.
Israeli start-up Beyond Security conducted an exercise to penetrate the website of sensitive organizations, including the Tel Aviv Stock Exchange (TASE), Mekorot National Water Company, Israel Police, IDF, municipalities, and a book-seller e-commerce site. The exercise took the form of fictitious messages that were immediately deleted, and not put on the air. Beyond Security stated, "Every beginning hacker can penetrate sensitive websites, alter information, mislead the public, and cause heavy losses and major breakdowns." The hacking exercise for the TASE consisted of a report that oil had been discovered at Dizengoff Center in Tel Aviv. The fictitious report was immediately deleted, and did not leave Beyond Security's premises. The altered TASE webpage could be disseminated via e-mail or forums, as a link to the TASE website. Anyone using the link will reach what appeared to be the TASE website, and will have no way of knowing that it was not. The address would be identical and the fictitious information would appear genuine. Anyone directly entering the genuine TASE website, rather than through the link, will not see the altered information. It is possible to alter information on the IDF, Israel Police, and commercial websites, so that surfers will have no way of knowing whether the information was genuine or not. Beyond Security hacked into the Israel Police's database of stolen vehicles. The company also entered a municipality's online payment database. At the book-seller's, Beyond Security demonstrated how it could change prices and delivery addresses on transactions that had already taken place. Beyond Security randomly selected the sites to be hacked in order to emphasize the company's assertion that hundreds of government and commercial websites are vulnerable. Two criminal break-ins have occurred in recent months: one into the Israel Postal Authority's computers, and the other into Bank Leumi's (TASE:LUMI) computer system. Beyond Security cofounders CEO Aviram Jenik and CTO Noam Rathaus claim that Israelis tend to ignore network break-ins. Jenik says, "The ways to break in are known, fast and easy, and the potential damage is immense. After our demonstrations, instead of the companies closing the breaches, they threaten us with lawsuits." TASE spokesman Ofer Simhoni said in response that no break-in of the TASE website had occurred. "No planted text ever appeared on our website. It was only seen by those receiving that page via e-mail, and then only temporarily, thanks to the ongoing maintenance of the site." Mekorot stated in response that an external security company had recently tested its website, and found no faults of the kind mentioned. Mekorot added that its website and computer operating systems were completely separate. The company asked for the results of the hacker test in order to deal with the problems uncovered. A police spokesman stated that the Israel Police website was an unclassified site intended for public use. The police and its storage site, Tehila, work hard to upgrade the system's defenses and prevent break-downs. The matter would nevertheless be urgently examined.
Reproduced from an article published by Globes [online]
© Globes [online]
The original article can be viewed here:
http://www.globes.co.il/serveen/globes/docview.asp?did=785361&fid=942
Permalink Bookmark Digg this story
