At a wedding hall in the south of Tel Aviv, cyber professionals, hackers and other proud geeks convened this week to attend Microsoft’s first BlueHat cybersecurity conference in Israel.
The two-day event, hosted by the Microsoft Israel R&D Center, entertained participants with hacker-themed workshops like how to create a device that can switch off any TV anywhere or how to physically unlock – “hack into” – a real lock. It also asked participants to compete on a mission to hack into the cloud of a purpose-built miniature model of a nuclear reactor plant. A team from cybersecurity company Check Point Software Technologies won the first stage of the competition, managing to pass the perimeter of the plant. Flashing lights and an alarm indicated the reactor’s defenses had been breached.
“Anytime there are technological advances, these are accompanied by threats,” Bharat Shah, corporate VP of Microsoft’s C+E Security Division who attended the event from the US, said in an interview. The invention of the train led to train heists, he said, and postal fraud accompanied the development of the postal service. “Technological advances are good, but they pose also a lot of challenges.”
Digitalization offers tremendous benefits to economies and individuals, he said, and fear of security breaches should not be allowed to halt its progress. “It is a battle we must win,” he said.
Microsoft invests around $1 billion annually in cybersecurity and research and development globally, he said, with a significant part of the research done at its R&D facility in Israel. Microsoft has also acquired three Israeli cyber security companies, Adallom, Aorato and Secure Islands, to stay ahead of the game, he said. Machine learning and cloud analytics will help attain better detection going ahead, he said.
Security breaches worldwide are growing ever more sophisticated. At the end of 2015 hackers shut down power in the Ukraine. In February 2016 more than $80 million was stolen from Bangladesh’s account at the Federal Reserve Bank of New York and U.S. intelligence services have blamed Russia for hacking attacks during the 2016 US election campaign.
Microsoft has previously held such BlueHat events at its headquarters in Redmond, Washington, where it hosts hackers and cybersecurity professionals.
At this week’s event in Tel Aviv, Costin Raiu, leader of the Kaspersky Lab team that researched the inner workings of Stuxnet, Duqu, Flame and Gauss cyberattacks, among others, explained how discovering a larger threat comes down to painstakingly putting together enough “dinosaur bones.”
It’s an art form, Raiu said. Cybercrime hunters start the process by building the skeleton, separating the few interesting bones from the thousands of samples, and ultimately determining which ones are related. His presentation included examples of how he has been employing these techniques in an attempt to discover who is behind the master hacker group Wild Neutron.
“It doesn’t take just one bone to find a big dinosaur. It takes a lot of bones to understand what the monster looks like,” said Raiu. “When we find something small, we don’t immediately write about it without any solid proof. It takes a lot of research to understand what it’s a part of. What we do when we discover something is we wait. We try to collect more samples, and when we have a good picture of what’s going on, we publish it so you can read about it.”
To analyze those samples, Raiu said he takes a variety of approaches including “to get into the mind of the attacker and try to think exactly what will help the attacker, and how they would approach the problems.”
On the second day of the Microsoft BlueHat IL conference, US cybercrime investigative journalist Brian Krebs was the “Mystery Keynote” speaker.
Krebs said he has found a common theme in the backgrounds of many teenage hackers, based on interviews with them. While many were brought up in physically or mentally abusive families, but more commonly, they came from privileged and wealthy families. They grew up with the internet, with their parents absent, and online they were introduced to cybercrime forums, which provided them with the communities they lacked in real life. Soon they were earning more than their parents.
“Whether we want to acknowledge it or not, we live in the era of cyber supervillains,” said Krebs. “In today’s world, teens wield so much more power than they once used to. They have a deep understanding of computers, networking and programming. Some are solving problems that companies don’t even know they had. However, left to their own devices, things can also go terribly wrong.”
“Upwards of 90 percent of kids who are caught go back to what they’re doing,” said Krebs. “It’s a lucrative industry, and they know how to do it very well.”
The hacks get more and more extreme, he said, to enable the hackers to experience the same “high.”