This post is also available in: עברית (Hebrew)
During the last few weeks, the media headlines kept us informed about the triple data leak from the Elector application – an app developed by a private company, which holds the complete Israeli voters’ data and used by the Likud party. In spite of the identification of the first vulnerability, the activity continued and the data leakage persisted. There was no regulating force to control and put an end to this leakage – the data remained open to the public.
Is it possible, at all, to cope with such challenges in a world where the information about almost each and every one of us and about our fields of interest are out there on the internet?
Guy Mizrahi, a serial entrepreneur who has already founded several cyber companies, claims in a special interview to iHLS, that the Elector app leakage of the voters registry is a genuine problem. Mizrahi: “This software was based on the lowest information security standards, and it is obvious that there was not any adequate planning from the cybersecurity point of view, and no suitable resilience test was ever made.”
Mizrahi is the Chairman of the Cyber Steering Committee of the InnoTech Tel Aviv Expo – the innovation and technology event of iHLS Group for HLS and Cyber which will take place at Tel Aviv Expo in November.
A hacker and intelligence specialist, Mizrahi is the VP Cyber at Rayzone Group, which develops intelligence products for governments. In the past, he co-founded Cyberia with Amir Tetelbaum, a company which was later defined as the IAI cyber lab. He was head of the cyber team in Elbit Systems, and beforehand had served as a consultant at the IDF Intelligence Corps.
According to Mizrahi, “the amount of data leaked during the Elector affair and the character of this data consist of a long-term problem, and in fact, this was not the first time that this data has leaked. Unfortunately, the State of Israel has proved that it did not want to or know how to secure our data, and this stance is transferred to the organization that it transfers the data to.”
He asserts that not only that the system collapsed at the moment of truth, but the system was also not planned as a protected one. “This database handed to all the political parties has been leaking and dripping for years, only less publicly. This time it was simply exposed in a very shameful and even irresponsible way. Unfortunately, this is not the only time the data has leaked.”
“The only time when the State actually judged severely the thief of the Israeli citizens’ data was following an investigation by the Law, Information and Technology Authority, and it took five years to investigate and detect the source and identity of the responsible for the leak and the disclosure of information. There were no investigations in any of the other cases.”
Mizrahi adds: “The simplicity characterizing the disperse of citizens information by the State and its negligence in securing this information is, to my opinion, criminal. As far as I understand, the Israeli database law applies to this information. If so – the authorities can act against the ones who held such a database without supplying the adequate defense. Have we ever heard about such an investigation? I haven’t.”
Undoubtedly, he said, a new approach is required by all the relevant actors – the Cyber Security Authority, the Law, Information and Technology Authority, and, of course, the negligent organizations (the State, the Likud party, Elector company).
However, a new approach by the regulatory agencies is not necessarily the solution. “Regulation is there, through the database law. Some lawyers claim that even the GDPR (the strict European regulation regarding privacy) is relevant in this case. The problem is more in the aspects of enforcement and punishment – when would someone do something against the ones responsible for the situation. Indeed, even today, in spite of all the media publications, we still do not know whether there is any investigation.”
Sharing personal information about people, along with the information existing on the web, might bring about attempts to influence elections results. What could be done in order to prevent such manipulations? Mizrahi evaluates that “attempts to influence the elections have occurred in the past and will take place in the future. I think it’s possible to produce investigative and deterring arrangements to counter some of these attempts.”
He added that “there is widespread use of avatars (imagined identities) in order to gain influence. The more effective the action, the more noise it produces, and this noise can be investigated. Past research in this subject are available, and there are many organizations and companies that are capable of detecting and halting fake news, avatar use, etc.”
Evaluating future cyber threats, Guy Mizrahi thinks that even now, more than 25 years after the emergence of the defensive cyber realm, and despite the huge resources invested in it, you can still find the oldest vulnerabilities in the book.
“Historically, with the advent of Web2.0 and the use of each and every one of us as a content producer,” he said, “a new offensive vector has appeared. Our virtual lives are exposed, and not sufficiently secured by technology, and this is the point where we return to the aspect of ‘education and awareness’. While in the past we said “don’t trust the users”, nowadays we understand that the user must take part in defending himself and the services he is using.”
According to his assessment, the vector of the “human factor” attack (attacking us, the users) will gain more momentum, and new and more effective methods will emerge in an attempt to manipulate people.
Israel is considered a world leader in cyber technology. Will this comparative advantage prevail? Mizrahi thinks that “Israel is abundant with creative and smart people, who receive instruction in the IDF and learn technology from a very young age, and then learn how to attack and defend it. This advantage will prevail as long as the State keeps encouraging people to engage in technological realms.” However, he warns, the real problem is currently the lack of quality human resources, and their scandalous cost. “Enormous salaries that in the past, CEOs could only dream of, are now offered to beginner analysts. This way it will be very difficult to find a genuine justification for cyber investments in Israel, while it will not be possible to develop technology abroad,” he warns.
Interested in learning more about cyber innovation? Attend i-HLS’ InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020 at Expo Tel Aviv, Pavilion 2.