The Battle for Your Computer E-Book

Table of Contents

Cover

Title Page

Copyright

Preface

From territorial commando to cybercommando

A wonder called Stuxnet

Birth of an entrepreneur

Acknowledgments

SECTION 1: What Is Cybersecurity?

CHAPTER 1: The New Gold—Cybersecurity 101

The battle over data

Gold on the cloud

The Internet of Things

Notes

CHAPTER 2: The Keyboard War—How Global Militaries Exploited the New Domain

The new Trojan horse

Hacking public opinion

Notes

CHAPTER 3: “Hello, It's Me, a Nigerian Prince”—New Crime

Fraud

Extortion

Hacktivism

Notes

CHAPTER 4: The New Money—Catalysts of Cybercrime

The dark web

Bitcoin

Notes

SECTION 2: Cybernation

CHAPTER 5: The Pioneer—The Story of Check Point

Before cyber was fully cyber

Notes

CHAPTER 6: The Love Letter That Leaked—From Personal Security to Systems Security

Sanctum: Firewalls for browsers

“You idiot!”

Imperva: A firewall for websites

The man who walked away

The love letter that leaked: CyberArk and the digital wallet

Cyber: A booming market

Notes

CHAPTER 7: From Security to Defense—The Cyber “Iron Dome”

The turning point of 2010

Paradigm shift

From inertia to growth

Notes

CHAPTER 8: The Best Defense—“Daddy, What Do You Do?”

The birth of an idea

Rise and fall

CHAPTER 9: From Crisis to Crisis—Israeli Cyber Grows Up

Safe browsing: Island & Co.

The massive switch to networks

Is the bubble about to burst?

Notes

SECTION 3: Offensive Cybersecurity

CHAPTER 10: Reaching Through the Darkness: NSO and Zero‐Click Disruption

The cyberblacklist

The birth of a revolution

The breakthrough

Notes

CHAPTER 11: In the Right Hands—The Israeli Companies That Stretched the Boundaries of Possibility

Candiru: The covert company

Surveillance van hacking: The story of Intellexa

Notes

CHAPTER 12: Criticism of Offensive Cybertechnology

The enemy of offensive cybertechnology

Bad publicity

Between privacy and security

The sales dilemma

Notes

CHAPTER 13: Selling to the Good Guys—Regulation, Self‐Criticism, and “Clean” Offensive Cybertechnology

The Israeli regulator

Offensive cyber as a geopolitical tool

Final reflections

SECTION 4: Building a Cyberstate

CHAPTER 14: The Israeli Silicon Valley—Small State, Big Data

Notes

CHAPTER 15: Unit 8200—Secrets of the IDF's Success

“We've got to go up a notch”

The story of Unit 8200

Unit 81: Making the impossible, possible

Cyberintelligence: Challenges and opportunities

Building the Israeli military's cybersecurity apparatus

The ARAM Course

From offense to defense

The key to success

Overcoming any obstacle

The old boys' club

Closed club?

Notes

CHAPTER 16: A Professor and a Hacker—Academia and Cybersecurity

CHAPTER 17: Free Hand or Bear Hug—The State's Role in the World of Innovation

The Yozma Program: Government‐funded venture capital

The innovation and bureaucracy authority

Capital of the Negev, capital of cybersecurity

Just keep out of the way

The prime minister's agenda

Notes

CHAPTER 18: Small and Nimble—Being a Small Island‐Nation in the Middle East Is Not Such a Bad Start

Hackathons lead to global thinking

The “American Dream”

Backs against the wall

Two degrees of separation

Notes

CHAPTER 19: “Bro”—What Makes Israel's Culture an Incubator of Cybersecurity Innovation?

The “Jewish genius”

The culture of mutual assistance

The pioneers

Our ambassadors abroad

Notes

CHAPTER 20: The Cybersecurity Industry Snowball Effect—Elements of the Israeli Ecosystem

Made in Israel venture capital

Venture capital discovers the cyberindustry

Venture capital and offensive cyber

The entrepreneur community's fund

The well‐trodden path

Angel capital

International corporations

From start‐up nation to exit nation

Importing knowledge

Living the good life?

When Israel gains kudos

“Israel is one of our advantages”

Cybertourism

The cyberstate: The secret sauce

Notes

Conclusion: Where Is Everything Going?

Bring me people: The challenge of human capital

What's

cyber

in Yiddish?

Where are the women?

The Israeli offensive cyberindustry: Beginning of the end?

What's next? From small companies to major corporations

“There are too many cybercompanies”

Will there ever be another Check Point?

With all due humility

Notes

The Ten Commandments of the Budding Entrepreneur

Index

End User License Agreement

Guide

Cover Page

Title Page

Copyright

Preface

Acknowledgments

Table of Contents

Begin Reading

Conclusion: Where Is Everything Going?

The Ten Commandments of the Budding Entrepreneur

Index

Wiley End User License Agreement

Pages

iii

iv

vii

viii

ix

x

xi

xii

xiii

xv

xvi

xvii

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

25

26

27

28

29

30

31

32

33

35

36

37

38

39

40

41

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

75

76

77

78

79

80

81

82

83

85

86

87

88

89

90

91

92

93

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

117

118

119

120

121

122

123

124

125

126

127

128

129

131

132

133

134

135

136

137

138

139

140

141

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

165

166

167

168

169

171

172

173

174

175

176

177

178

179

180

181

182

183

185

186

187

188

189

190

191

192

193

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

279

280

281

282

283

284

285

287

288

289

290

291

292

293

294

295

296

297

298

299

THE BATTLE FOR YOUR COMPUTER

ISRAEL AND THE GROWTH OF THE GLOBAL CYBER-SECURITY INDUSTRY

Copyright © 2023 by John Wiley & Sons, Inc. All rights reserved.

Original edition © Sella Meir Inc. 2022. This translation © 2023 John Wiley & Sons, Inc., published under license from Sella Meir Inc.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per‐copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750‐8400, fax (978) 750‐4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax (201) 748‐6008, or online at http://www.wiley.com/go/permission.

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762‐2974, outside the United States at (317) 572‐3993 or fax (317) 572‐4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging‐in‐Publication Data is Available:

ISBN 9781394174157 (Cloth)

ISBN 9781394174164 (ePub)

ISBN 9781394174171 (ePDF)

Cover Design: Wiley

Cover Image: © ElenVD/Getty Images

Preface

It was one of the toughest days in my life. I was sitting on the bus, replaying the last two years in my mind. After endless preparations and six grueling months of boot camp, I walked into the military doctor's tiny clinic and was given the news I'd been dreading: I was being kicked out of the Egoz Unit.

With the benefit of hindsight and age, this might not sound like such dramatic news, but as a young guy with his whole future ahead of him, it was the collapse of a dream. I'd dreamed of joining this elite special reconnaissance unit in the Israeli army since I was in high school. But during a shooting exercise, I'd forgotten to use earplugs and got stuck with a nonstop ringing sound in my ears. I did my best to forget about it because, as an Egoz soldier, I'd been told to overcome any difficulty, whether physical or psychological. Right at the start of my service, I'd promised myself that whatever obstacles I faced, I'd cross them and storm the finish line of our training course—but now I started to worry that avoiding treatment might permanently damage my hearing. I went for a checkup and the doctor gave me two heavy blows: first, there was no cure, and second, there was no way I could remain in combat.

After several hours of being thrown around on buses, I got back to base. I'll never forget that moment: my commander ordered me to change into my fatigues immediately and join the platoon for a routine fitness session. I changed and ran to join the exercise, which I'd always been one of the best at: rope climbing. I tried to shimmy up the rope, but I just couldn't lift myself. I tried again and again, but it was no use. Not even my commander shouting in the background—“Arvatz, get on with it!”—could pick me up an inch. I had zero motivation and zero energy because I knew it would be pointless and useless to try: I was on my way out of the unit anyway. I burst into tears.

Little could I guess this painful moment would change my life for the better.

From territorial commando to cybercommando

I was transferred to the Egoz Unit's human resources branch, but I was absolutely convinced I had so much more to give the army somewhere else. After three months of basically driving everyone around me crazy, I was finally transferred, in June 2009, to Unit 8200 in military intelligence.

Unit 8200 is the IDF unit responsible for gathering signals intelligence (“SIGINT”) from cell phones, computers, and suchlike. I was still a soldier in uniform, with ranks and commanders, but in many ways I felt like I'd landed in a different army. Until then, military service had been mainly an experience of self‐abnegation, endurance, and discipline. But Unit 8200 placed a completely different emphasis. Creativity, initiative, and critical thinking suddenly took center stage. Only one thing stayed the same: the mission was above all else.

What on earth did I have to do with computer technology? In high school I'd decided I had no interest in anything to do with computer science (I cared much more about physics and social activities), but suddenly at the age of 20, I now found myself devoting my every day and night to it. The human fabric at Unit 8200 was also totally unlike anything I'd known. When I arrived at the unit, I got assigned to Michal—who now lives in Silicon Valley as the CMO of a major startup—and she helped me fill the gaps in my knowledge because I hadn't gone through a proper training course before joining. What struck me immediately about Michal, like all the soldiers in the unit, was not only her extraordinary intelligence, but also her incredible passion for technology and for every new opportunity she could create to gather high‐quality intel. I stuck my head in my books, but it all felt so strange to me.

Back then, Unit 8200 was under the command of Brig. Gen. Nadav Zafrir. Unlike his predecessors, he had not climbed up the unit's ranks, but rather came from the special command forces. Zafrir has always been a charismatic leader, a visionary and creative thinker. I once took part in a meeting he chaired and I pitched him one of our ideas. His sharp mind, attention to detail, and vision were striking. Maybe it was thanks to the refreshing perspective that he brought to the unit after gaining most of his military experience in other units, but he understood that in order to remain the tip of the spear of intelligence technology, 8200 would have to undergo a strategic shift.

Besides embracing new modern management methodologies, such as ways to measure the quality of intelligence, Zafrir redefined the unit's focus. Instead of intercepting telephone traffic and digital communications, we pivoted to focus much more on cybertechnologies and intelligence derived from active cyberoperations. We understood that since cyberspace was developing at a dizzying speed—more and more information transferred between computers was no longer “open” and vulnerable to interception, but sent in encrypted form, and sometimes never left computers at all—we urgently needed to shore up our ability to scoop intelligence from there.

This strategic shift set the course of the rest of my training and military service, and probably also my personal future. I became a researcher of computer networks and how they are used, and I learned more and more about cyberattacks and about how to defend against them. I understood that, unlike the picture I had in my head, cybersecurity was not all about sitting in front of a computer and writing lines of code from morning to night. It was a fascinating world of technology, offensive operations, and defensive action, open only to those who were willing to dedicate themselves to studying it in depth. It was a field I didn't think suited me at all when I was in high school, but it soon turned out to be one of the most captivating worlds that I could choose to work in.

A wonder called Stuxnet

In 2010, in the middle of my military service, the world witnessed one of the most significant cyberevents in history: the Stuxnet cyberattack. Stuxnet was a computer worm (a secret program used to penetrate computers) that was launched to hijack and remotely control software developed by Siemens—a program that operated industrial systems, including centrifuges. The worm was able to wriggle between computers plugged into the same network, and at each computer it reached, it checked whether it had this Siemens program on it. If it could not detect it, it left the computer untouched and spread onward. As soon as Stuxnet reached a computer with the right program, it kicked into action: it extracted the list of industrial machinery that the program could operate, identified the centrifuges, and sabotaged their operations to make them spin furiously, far beyond the recommended settings. Stuxnet arrived in disguise: as the centrifuges spun out of control and heated up, Stuxnet made sure that everything would look normal on the operations manager's computer screen.

Stuxnet was discovered by researchers from cybersecurity companies in June 2010, and by July, the worm's existence was public knowledge. In August 2010, the security company Symantec reported that around 60% of Stuxnet‐infected computers were in Iran, suggesting that Iran was the target of an attack by the worm's developers. Only then did the scope of the damage at Iran's nuclear facilities come to light; according to estimates, thousands of Iranian centrifuges had been permanently destroyed. The worm astonished cybersecurity researchers, who scrambled to investigate it and its spread.

The experts were also astonished by the technology behind Stuxnet. Whoever had programed it had identified no fewer than four security flaws in the operating systems of the computers that controlled the centrifuges, and the worm had exploited them to glide between computers without getting any authorization to access them and without getting caught. Exploitable vulnerabilities (a subject we explore later in the book) are a rare commodity in the cyberworld. Such vulnerabilities can sell for millions of dollars on the black market, and an attack exploiting four different vulnerabilities is almost unheard of. Moreover, the computers that this worm attacked were equipped with antivirus programs, but none of them managed to detect Stuxnet because it had camouflaged itself to look like an inoffensive, legitimate program.

The researchers' conclusion was unambiguous: Stuxnet was a weapon created by a state actor to attack the Iranian nuclear program. Such capabilities could only have been the work of many years of research by some of the world's finest cybersecurity experts. Stuxnet could only have been developed by a state actor with major cyberabilities and extensive resources. It was assumed that the United States and Israel, which were already known as supremely capable cybersuperpowers, were behind the attack on Iran. Stuxnet was simply the next stage of an international conflict that had now spilled into cyberspace. Instead of sending troops to Iran by land, air, or sea, a state had launched a computer program to destroy large swaths of its nuclear program. Whereas in 1981, Israel sent warplanes to Iraq to destroy its nuclear reactor, thirty years later, a bunch of people sat at their computers in an air‐conditioned room and dispatched a computer program to do essentially the same thing in Iran. Years later, according to media reports, U.S. officials confirmed that Stuxnet had been developed by researchers from the United States and Israel.

Stuxnet left me with my jaw on the floor, and it was all anyone talked about in the hallways of Unit 8200. It was a stunning feat, practically science fiction, far more staggering than any cyberattack I had ever known or heard about. Stuxnet was not the first cyberattack by a state actor, but it was the first to use such high‐level technologies and the first to destroy industrial machinery on such a massive scale. It also made the penny drop, for me and for many others, that cyberspace was now a fully fledged new domain of warfare.

Birth of an entrepreneur

After I finished my army service, I started studying law and accounting at Tel Aviv University, where I met my future business partner, Guy Nizan. We discovered that we both came from cybersecurity backgrounds—and cared much more about entrepreneurship than our studies. I brought my experience from reconnaissance cyberattacks at Unit 8200. Guy had served in a unit responsible for defending the Israeli military from cyberattacks and already had experience as a professional consultant for organizations that wanted to keep themselves safe. Opening a cybersecurity company was a natural step for us.

After a failed attempt to launch a cybersecurity consultancy for organizations in Africa, we spotted another opportunity. During a vacation at the Sea of Galilee, Guy started chatting with a family on holiday there. They got to the subject of Guy's cybersecurity experience, and the parents said how important it was for them to give their children early exposure to the cyberworld. Guy didn't wait around, and on the drive home he phoned me and said, “Arvatz, I've got an idea for our next business. We'll set up a company to teach cybersecurity to kids.” As the more realistic partner, still reeling from the failure of our previous company, I was skeptical. “I'm with you,” I told him, “but I won't believe in an idea till I see the bank's cleared the first client's check!”

We worked hard. We built a course and created promotional materials, and this time, we saw results immediately. There was incredible demand for our content from schools, pupils, and parents, and we cashed in our first check quicker than expected. We realized that we'd put our finger on a real need, and that was how we founded Cyberschool. We sold dozens of courses and workshops for young people, mainly in Israel and the United States, and two years after founding the company, having taught computer technology and cybersecurity to hundreds of students, we sold the firm. Straightaway, we linked up with Gal Ben‐David, one of my old Unit 8200 comrades. We had run a few projects together and had great chemistry. On the day I got out of Unit 8200, I went up to him and said, “Just you see, one day we'll do something together.” He laughed. He still had three years of military service ahead of him, and starting a company wasn't even on the horizon for him. But then, a few months after he got out of the army, the three of us founded IntSights.

By founding IntSights, we boarded the roller coaster known as a “startup.” We started a journey of setbacks, tensions, and sleepless nights, along with loads of achievements that filled us with pride. Along the way, we were joined by many investors, who believed in us and trusted us with their money, and by many talented and dedicated employees, who kept pushing our company forward. Within six years, IntSights had hundreds of clients all around the world and employed some 200 people, including over 100 in Israel itself. At this point, we decided that it would be best for IntSights to become part of a cybersecurity company selling a bigger range of products, and we sold the business to Rapid7, an American company, for $350 million.

Being an entrepreneur, at least in the first few years, means being in full‐time survival mode. I felt like I owned every success, and every failure was my fault. But looking back, there were undoubtedly many major factors that contributed to our success, and the supportive environment for innovation and cybersecurity in Israel deserves full credit. My partners and I met many cyberentrepreneurs along the way who had taken a similar path to us and generously shared advice from their own experiences. Specialist cybersecurity investors pushed us ahead. Israeli clients who loved adopting new cybertechnologies streamed our way, and we made countless new connections with distributors and clients, thanks to Israelis with expertise in the field. We were also helped by Israel's global reputation for cybersecurity, in terms of both the sheer number of startups developing software to protect organizations from cyberattacks and in terms of its ability to export expert consultants. This opened up plenty of doors for us, and gave us tons of credit from both clients and the market.

I owe thanks to the closest people around me for joining me on this journey: to Smadar, my wife and life partner, for her unwavering support throughout the whole writing and innovation process, and especially for all the evenings and weekends when I was away from home and she took over everything that had to be done; to my dear parents, to whom I owe everything; to Guy Nizan and Gal Ben‐David, my partners on this business journey, who held me tight in moments of crisis and deserve full credit for so much of what I've learned and many of my successes. I thank the “reading forum” that gave me priceless words of advice: Ami Even, Liran Gabbay, Meital Levi, Eti Arvatz, Dana Eldar, Guy Finkelstein, Gideon Klugman, Gal Genut, and Amir Hozez. I also want to thank Rapid7 for allowing me to focus on writing this book while still working at the company.

Running throughout this book is my astonishment at the colossal global success of the Israeli cyberindustry, along with recognition of the State of Israel's major contributions to my own personal success. I wrote this book to explore the roots of the cyberindustry's success and to take a glimpse at what the future holds for the State of Israel and its people in this field. I am sure that it will interest colleagues in the cyberindustry, but I wrote it in a friendly and accessible way to make it enjoyable for all readers. Section 1 provides a general introduction, suitable also for readers who are not personally familiar with the industry, and then I hope you will all enjoy diving into the book and learning more about one of the most fascinating and important fields in modern‐day Israel—and the whole world.

Acknowledgments

I owe an enormous debt of thanks to the people interviewed in this book. They all generously dedicated their time to me, sharing with me their experience and insights in confidence. For understandable reasons, some of these interviewees asked to remain anonymous and so are not shown. The others are listed chronologically, by the years they entered the Israeli cybersecurity industry.

Brig. Gen. (Res.) Isaac Ben‐Israel

Director, Blavatnik Interdisciplinary Cyber Research Center, Tel Aviv University

Gil Shwed

Founder and CEO, Check Point

Shlomo Kramer

Founder and CEO, Cato Networks

Brig. Gen. (Res.) Pinhas Buchris

Former commander, Unit 81 and Unit 8200

Gili Raanan

Founder and Managing Partner, Cyberstarts

Alon Cohen

Founder and CEO, nsKnox

Amichai Shulman

Co‐founder, Imperva

Mickey Boodaei

Founder and CEO, Transmit Security

Michal Braverman‐Blumenstyk

General Manager, Israel Research & Development Center at Microsoft; CTO, Microsoft Security division

Nir Zuk

Founder and CTO, Palo Alto Networks

Emmanuel Benzaquen

CEO, Checkmarx

Esti Peshin

General Manager, Cyber Division at the Israel Aerospace Industries

Shalev Hulio

Founder, NSO Group; Founder and CEO of Dream Security

Israel Grimberg

Managing Partner, Team 8

Ofer Schreiber

Senior Partner, YL Ventures

Sagi Bar

Founder and CEO, Cyber Education Center

Michael Shaulov

Founder and CEO, Fireblocks

Kobi Samboursky

Co‐founder and Managing Partner, Glilot Capital Partners

Lior Div

Founder and CEO, Cybereason

Assaf Rappaport

Founder and CEO, Wiz

Brig. Gen. (Res.) Ehud Schneerson

Former commander, Unit 8200; Founder and CEO, Paragon

Eyal Benishti

Founder and CEO, Ironscales

Ofer Bin‐Nun

Founder and CEO, Talon

Liron Tancman

CEO, Rezilion

Dan Amiga

Founder and CTO, Island

Aviv Gafni

Founder and Managing Partner, Hyperwise Ventures

Barak Perelman

Founder and CEO, Indegy

Yevgeny Dibrov and Nadir Izrael

Founders, Armis Security

Hed Kovetz

Founder and CEO, Silverfort

Shira Kaplan

Founder and CEO, Cyverse Capital

Sagi Dagan

Executive VP for Growth and Policy, Israel Innovation Authority

Nir Falevich

Former Cybersecurity Sector Lead, Start‐Up Nation Central

Tony Velleca

Founder and CEO, CyberProof

Jay Leek

Founder and Managing Partner, SYN Ventures

Alon Kantor

Founder and CEO, Toka

Ron Reinfeld

CFO, Morphisec

Noa Zilberman

Co‐Founder, Odo Security

Gal Glickman

Founder and CEO, Insanet

Brig. Gen. “Y.”

Commander, Unit 8200

Amitai Ziv

Tech Reporter, Tech12

Dino Boukouris

Founder, Momentum Cyber

Richard Stiennon

Founder and CEO, IT‐Harvest

SECTION 1What Is Cybersecurity?

CHAPTER 1The New Gold—Cybersecurity 101

December 23, 2015, was just another typical winter's day in the Ivano‐Frankivsk Oblast of western Ukraine. It was late afternoon, near the end of a normal working day at the Prykarpattyaoblenergo power station, which supplies electricity to local residents. One of the maintenance workers took a quick glance at a screen, and for a moment, it looked like a ghost had taken over his computer: the cursor started moving around by itself, and windows started popping open without anyone touching the computer or the keyboard.1

It was immediately clear that the mouse wasn't just glitching: someone was moving it on purpose. The cursor started clicking on the programs that controlled the electric circuit breakers and opened them, to interrupt the flow of electricity. The consequences were clear: for every circuit breaker that was opened, thousands of people lost power at home, at the height of winter. The maintenance worker threw himself at the computer, trying to seize control of the cursor—but it was no use. The computer didn't respond. And then suddenly, the computer was locked and the password was changed, so that he could not log in at all. In the end, the electricity supply was cut off at around 30 substations, and hundreds of thousands of Ukrainians were left without power.

For six dark, frozen hours, the electricity company's technicians labored to get electricity flowing to people's homes again. In normal circumstances, they would have been able to take control of the substations' computer systems and work on them remotely, but whoever was behind the attack on the main power station had also scrambled the software that allowed the technicians to work on them remotely, so they had to physically visit every single one of the dozens of substations and fix all the damage by hand. It would take over a year for Ukraine to finish replacing all the damaged components and for all the power stations in the district to return to normal operations.

The attackers did not stop at causing major disruption to Ukraine's electricity supply. They wanted to keep the electricity cut off for as long as possible. At the same time as paralyzing the substations, therefore, they launched another assault: a telephony denial‐of‐service attack. They unleashed a blitz of automated phone calls to the electricity company's customer service center to block incoming calls from customers phoning to report problems.

This was a well‐planned attack, which combined the remote hijacking of computers with the destruction of systems and tactical diversions. The result was that over 200,000 Ukrainians had their electricity cut off at the peak of winter and the power company's operations were disrupted for months on end.

Even though the incident affected tens of thousands of homes, none of the actions that caused it took place in the physical world. If you had walked around this Ukrainian electricity company's power station on the day of the attack, you would not have seen anyone breaking into the facility or hitting the “off” switch. The attackers accessed the company's computers by implanting them with malware—malicious software. The orders to open the circuit breakers were sent remotely, over the internet, and the substations were destroyed with code sent from the electricity company's own computers. In other words—this whole story unfolded in cyberspace, but it had dramatic effects on the physical world.

Cyberspace is the virtual space that is created by connecting computers around the world to each other via the internet or smaller networks. Just as every house has an address, which can be used to deliver mail, on the internet, every computer has an address that other computers can use to send it information. This ability to send and receive information creates a platform that facilitates all the other actions we perform every single day from our computers or cell phones: buying or selling goods, interacting on social media, building all sorts of creative projects, and so on.

Computers have been a part of our lives for nearly 100 years, but cyberspace, the realm in which computers are all interconnected and send each other information, emerged only in the late 1960s. Until then, the only way to connect two computers was to physically connect them with a networking cable. Bob Taylor was a computer scientist at the Advanced Research Project Agency (ARPA, later DARPA) at the U.S. Department of Defense, the agency that led information technology research. For his job, Taylor had three computers, which he used to communicate with three different research institutions. Whenever he wanted to make contact with one of them, he had to switch to working from the computer connected to that specific one. Taylor thought there had to be a way to connect all these computers to each other, so that he could use just one computer to communicate with the rest. The idea of ARPANET, a network of computers capable of communicating with each other, was born.2

ARPANET entered development. By October 1969, researchers had managed to send part of the word login from a computer at University of California, Los Angeles (UCLA) to a computer at Stanford University, and by November of that year, a network of four computers had been created. ARPANET would soon be connected to a similar network in the United Kingdom, and together, they would become the internet we know today, which connects computers and networks from all around the world into a single network through which they can communicate with each other. Users quickly understood that the internet let them do so much more than just communicate, and this new network became a platform for information sharing, commerce, and creative projects.

The word cyber comes from the Greek kybernetes, which has its root in the word meaning “govern” or “navigate.” But unlike other spaces that you might navigate—land, air, and sea—in cyberspace, the physical and geographic space between any two computers has practically zero significance. Every computer connected to the internet can, in a matter of seconds, receive information from any computer located on the other side of planet Earth.

This platform, connecting computers all over the world and erasing geographic distance, has sparked one of the most dramatic revolutions in human history, accelerating globalization even further. Whereas the Industrial Revolution made it possible for people to reach faraway countries in a matter of hours, the Cyber Revolution now makes it possible to meet virtually with anyone else, anywhere in the world, in a matter of seconds. Whereas the former technological breakthrough let people send each other messages using Morse Code on large and cumbersome machines, this newer breakthrough has made all of us walk around with sophisticated gadgets in our pockets, capable of sending all sorts of messages to anyone else on the planet with a similar device.

But the Cyber Revolution goes much further than any particular technological invention: it has made the developed world redefine what it considers the most valuable commodity on the planet, and it isn't gold.

It's the new gold.

The battle over data

Throughout history, certain commodities have always been considered especially valuable. Whoever controlled them, their extraction, and their trade routes controlled the world, and they drove countless conflicts and wars. In the Middle Ages, it was spices: demand was high because meat was salted for preservation, making its taste difficult to bear without seasoning. Supply was low because spices were grown mainly in Asia, and transporting them, whether by land or by sea, was a long and dangerous business. Gold has always been considered valuable. Originally used to make jewelry and other luxuries, it later became a means of exchange; during the Industrial Revolution, when it was discovered that petroleum could be refined and used to power vehicles, petroleum came to be known as “black gold.” The richest man in history, John Rockefeller, made his fortune thanks to his control of the petroleum market and his discovery of cheaper and more efficient means of refining it. In later years, states that controlled oil reserves would gain extraordinary geopolitical power.

The Cyber Revolution has created a new kind of gold: data. Many of today's cyberattacks are connected to the dramatic ascendancy of data.

In late 2020, Iranian hackers managed to pull off a cyberattack against Shirbit, an Israeli insurance company. In a major security breach, scans of customers' ID cards, credit card details, personal medical information, and lots of other data leaked into hands that were, according to assessments, Iranian. Shirbit put out a statement confirming a “data leakage incident”—a vague description that might have covered anything from the minor theft of some documents to a massive hack. Having won several government contracts, Shirbit provided insurance for many public sector workers, whose details were now in hostile hands. The damage was twofold: besides the blow to Israeli national morale, knowing that foreign hackers could breach databases with intimate information about state employees, this information was vulnerable to exploitation in the wrong hands. It would be easy for criminals to impersonate the people whose details had leaked, or else to exploit information about their personal needs (specifically, their health) to contact them and offer them “services,” like new insurance programs, charge them—and then disappear.

The hackers initially demanded a ransom of $50 in Bitcoin—around $1 million—to not release this data, but after 24 hours, they doubled it to $100 in Bitcoin. When their demand was ignored, the ransom kept shooting up, hitting $200 in Bitcoin within a week. The insurance firm decided not to pay the ransom, apparently assuming that it could not trust the hackers not to publicize the stolen materials anyway. There are organized hacker groups in the world that operate like real businesses and invest in their reputations for “trustworthiness,” such that whoever coughs up really does get “protection” for their data. In the attack on Shirbit, however, that didn't seem to be the case.

Israel's National Cyber Bureau—the national authority responsible for providing cybersecurity for Israel's critical infrastructure—was involved in this incident, and it is safe to assume that its officials instructed Shirbit not to cooperate with the hackers. Whereas Shirbit ended 2019 with profits of 26 million NIS, in 2020, its profits crashed to less than one million NIS. The attack on Shirbit caused shockwaves in the Israeli economy.

As the CPO of IntSights at the time, I received calls from dozens of desperate customers. They knew that Shirbit held lots of data about them, including contracts and confidential information about shared clients, and they understood that the hack had exposed sensitive information that was theirs, too. They saw us, an intelligence provider, as the right address to work out how much commercial damage this incident had exposed them to. Among the clients knocking on our door were other insurance firms that worked with Shirbit and other banks that feared that customers who had insurance policies with Shirbit had shared their bank account details with it—details that had now leaked.

We opened an operations room at IntSights and manually pored over the leaked files, searching for information that belonged to our clients. The incident made clear to us not only the importance of top‐notch cyberdefense, but also our need as a company to keep developing technologically. In the long run, the Shirbit hack pushed us to develop new technologies that would analyze information leaked in ransomware attacks and find files belonging to our customers. As in every highly publicized cyberincident, our customers quickly understood that our most basic data could be a powerful weapon in the wrong hands.

Gold on the cloud

Until not long ago, we (or our parents) wrote documents, letters, and accounts by hand, without any easy way to edit them, and they took up lots of space in our homes and offices. Computers, however, let us type up documents quickly and conveniently, with memory drives that can store thousands of files. Thanks to the ability to search for text and easily classify files, it is easy to find a specific string of text in a pile of documents.

One of the major changes caused by the accelerated development of computing was that people realized that it was much easier to create and store information digitally than by other means. Computers have thus become humanity's main storage space for personal and commercial data—from documents to images, correspondence, games, shopping, and more. Over 92% of households in the United States now own at least one computer.3

This process was accelerated in several stages, as the internet became accessible to all. In the first stage, the internet allowed for anyone to open a website and upload information accessible to anyone surfing the internet. This shifted lots of information that used to travel through newspapers or billboards to cyberspace. The invention of email led many people to abandon postal services and start sending all their correspondence digitally. In the second stage, websites started letting visitors upload their own content. This process was very limited at first, with forums that let internet users publish and reply to messages, but this gained major momentum when social media networks entered the scene and Facebook was opened up to the general public in 2006.

The next leap in the Cyber Revolution came with the development of cloud computing, which pushed internet users to upload their data to servers connected to the internet instead of storing them on their own devices. A server is a computer that is not designed for human use, but rather provides services needed to store vast amounts of information in a single place. The world of computers is divided into servers and terminals, connected through home or organizational networks or through the internet itself. Servers store all kinds of information that is available online. They are usually physically located on server farms all around the world, and as long as there is an internet connection between them and our own computers, information can be extracted from them in seconds. When you enter a news site, for example, you are effectively going to a server and asking it for information from the site you want to reach, and your web browser—your gateway to the internet—opens up that information for you in a readable format.

But your browser can also offer you so much more. Actions that we used to perform on our computers, like creating documents, sending emails, or saving files, can now be done using our computers; not on them, but on the cloud. The cloud stores the software that runs these operations and saves them, and it also helps to relieve pressure on computers' processing capacity. But its biggest advantage has to do with software updates: providers no longer have to worry that their software might not work on particular computers, and end users no longer have to bother installing software updates because providers can simply update their programs and send the upgraded versions straight to the cloud, without them ever needing to reach the end users' personal devices.

The story of one of the pioneers of cloud computing begins with Drew Houston, a student at the Massachusetts Institute of Technology (MIT). During college, he found himself having to write and edit the same documents on many different computers. The problem was that he kept forgetting his USB drive with all his files. To solve this problem, instead of starting over with every file from scratch, he started emailing himself the latest documents, so that all he had to do was download them onto the right computer. But as he started working on more and more documents, it became increasingly hard to keep track of all his documents and the latest versions in all these emails.

The straw that broke the camel's back came when his computer charger caught fire one day and completely destroyed his hard drive, erasing all his documents without any backups.4 Houston looked around for a good solution but couldn't find anything decent, and so he decided that it was time to develop his own solution: he saved all his files on a main computer, which was connected to the internet, and then whichever computer he sat down to work from, he was able to “pull” the latest files from this device and work on them. Having revised the files, he saved the latest version back on the main computer. This way, the latest version would always be available online, so that even if the computer he was working on was destroyed—everything would still be backed up.

Houston realized that he was not the only one grappling with this problem and he set up a company to provide a similar solution to anyone who needed it: a massive virtual box for documents, where anyone could drop files. Dropbox was born. It went public in 2018, with a market valuation of $8.2 billion.

Like Dropbox, the market was soon filled with companies based on the idea that everyone's computer files could be saved on servers connected to the internet, collectively known as the “cloud,” instead of on personal computers. This makes the latest versions of files accessible from any computer with an internet connection, so that if your personal device breaks down and all your files get erased, everything will still be saved on the cloud.

The world soon came to understand the advantages of cloud storage, and Dropbox was confronted with challengers, such as Google Drive and OneDrive. There soon developed other services, such as Amazon Web Services and Google Cloud, that let software developers save and run their programs on the cloud. Photos can also be saved on the cloud, with services such as Google Photos. In short, people have started transferring more and more of their information from their personal devices to cyberspace.

As this trend intensified, people began to understand the immense potential of access to this data. The technological units of the Israel Defense Forces (IDF), where I served at the time, also understood that intelligence material was increasingly stored there and that getting a hold of it would require a whole different kind of effort.

If you know what someone likes eating and wearing, what their political opinions are, and who their families are, you can start finding patterns, managing massive reams of data, and running countless social experiments. This ability allows the companies that control this data to analyze and predict human activity better than ever before. It is easier to target advertising or offer services based on a seller's “familiarity” with a buyer's habits. Data about preferences and opinions—content that people post online regularly—is worth a lot of money to advertisers. Information contained in commercial files uploaded to Dropbox or similar services may be highly sensitive and deal with a company's business plans. Such data, which can include sensitive financial details, such as credit card numbers, is worth buckets of money to competitors. For this reason, the more personal and commercial information exists in cyberspace, the greater the demand for security solutions to keep this information safe. The dependency on these solutions is only deepening, and individuals and companies are increasingly willing to pay top dollar for them.

The result of this whole process is that the value of data is constantly rising. Advertisers are willing to pay huge sums for precise information about customers to sell them products more easily. Private individuals and companies are willing to pay up to store their files conveniently. During the Industrial Revolution, coal and petroleum powered trains, generated electricity, and fueled factories, but now during the Cyber Revolution, it is data and the quest for it that drives companies to develop services to store and easily access data, which then make them some of the world's biggest and most successful companies. As of 2022, for example, four of the five most valuable companies in the world sell products that include services for users to upload and store their information online. Google's stated mission, as one of the biggest technology giants of all time, is to organize the world's information and make it universally accessible.

Data has become the “digital gold.” And just as pirates used to hunt real gold, the pirates of the modern world—hackers—are hunting this digital gold. Any information that they can steal, they sell to the highest bidder in the black market of cyberspace: the dark web, which we explore in Chapter 4.

Corporations have started to make a fortune from selling this information to advertisers and other third parties, and so in the name of privacy and people's ownership rights over their own data, many democratic states have started passing laws to curb the exploitation of this data. Companies are legally required to take strict steps to prevent their customers' personal data from leaking, and they risk getting slapped with fines if they negligently fail to protect it. Shirbit, the Israeli insurance company, was fined nearly 11 million NIS (around $3 million) by Israeli authorities for breaching regulations.

One of the best known laws in this regard is the Global Data Protection Regulation, or GDPR, which came into force in the European Union in 2018 and imposes fines and data protection standards on corporations that store user data. The biggest‐ever fine for violations of the GDPR was imposed on Amazon by the EU regulation in Luxembourg. Amazon was accused of exploiting its users' personal data without consent to show them targeted ads and was fined €746 million. The EU regulation in Ireland slapped another massive fine on Instagram. Having exposed the email addresses and phone numbers of its platform's underage users, Instagram was fined €405 million.5 The messaging giant WhatsApp also entered the list of history's biggest GDPR fines when it too was penalized the amount of €225 million by the regulation in Ireland after being accused of not providing its clients transparent information about the information traffic between its platform and other Facebook subsidiaries.6

But unlike what you might expect, regulation has not cooled the market. On the contrary. This modern gold rush has generated vast amounts of gold, and unlike other precious materials, where rising supplies meant falling prices, this bonanza of digital gold has caused prices to rise, precisely because information is more valuable when there is more of it. It can be squeezed for more and more value, stored in more advanced ways, and analyzed with new techniques to extract more and more benefit from it, move it around, and use it in ways that can practically breach walls, cripple power stations, and topple states. A gold rush has given way to a rush to control as much data as possible.

The Internet of Things

In 2015, Andy Greenberg stepped into his white Jeep Cherokee and started driving through St. Louis. After a short drive, he boarded the freeway and sped up to 110 kmph. Suddenly, as Greenberg gripped the steering wheel with both hands, the AC switched itself on and started running. The radio started blaring, and no matter what buttons he hit, he couldn't turn it off or down. The wipers started swishing, and Greenberg couldn't see anything but cleaning fluid covering his windshield. And then finally, his gearbox was disabled. He repeatedly slammed his foot on the brakes, but it was no use. Greenberg had to swerve off the road, straight into a ditch.

Throughout all this time, two security researchers, Chris Valasek and Charlie Miller, were sitting in Charlie's living room with their laptops. Greenberg's Cherokee was connected to the internet through the cell phone network, and Valasek and Miller managed to hack the car remotely, send it orders, and gain full control of the vehicle. They hijacked not only the AC and multimedia system, but also the engine, the door locks, the steering wheel, and the brakes.

Luckily for Greenberg, he was in the loop on the experiment. Valasek and Miller were security researchers and had no intention to hurt him, only to illustrate the dangers of connecting vehicles to the internet and to raise public awareness by having Wired, the technology magazine where he worked as a reporter, cover the experiment.7 Nowadays, vehicles are increasingly being manufactured with internet connections and with computers that control their many functions, such as the ignition, the gears, and the brakes. This system allows for vehicles to be sent software updates over the internet.

These information researchers proved that not just personal computers, but any other machine with computing capabilities and an internet connection could be hijacked remotely. The global trend today is to add computing capabilities and internet connectivity to an increasing range of products—fridges, home lighting, traffic lights, and even satellites—creating what is called the “Internet of Things,” or IoT.

The IoT lets users remotely gather information about their devices' components and operate them. For example, if your home AC unit is connected to cyberspace, it can send you information about the temperature at home and let you operate it from your smartphone. In effect, this whole shift began when the first telephone was connected to cyberspace. It might sound almost trivial nowadays, but the idea of the smartphone—of which Apple's iPhone is the flagship product—is to add computing capabilities to a telephone, so that it can perform almost any task you might run on a computer, including tasks that require an internet connection. What the car experiment in St. Louis proved was that any device that connects to cyberspace exposes itself to cyberattacks.

What the Internet of Things means is not only that many more devices can be connected to the internet, but that this connection creates a reciprocal relationship between all connected devices. They can all transfer information to each other, analyze it, and follow any instructions it contains. A smartphone, for example, can operate a vacuum cleaner; a camera can send information to a computer or the cloud. This shift has been so revolutionary that some claim that the Internet of Things is the next revolution after the Industrial Revolution and the Cyber Revolution. But whether this is a brand‐new revolution or simply an outgrowth of the Cyber Revolution, nobody can deny that our lives will look different once everything around us is interconnected and able to communicate, and we can operate any device by tapping the screens of the phones in our pockets. Imagine a fridge sending your phone an alert when you run out of milk, a public toilet that sends a signal when it needs a deep clean, or a wardrobe that uses a daily weather briefing from your phone to recommend an outfit.

But the most sensational benefits offered by this new technology come hand‐in‐hand with their most alarming dangers. If a traffic light system is connected to the internet, then sophisticated hackers can plug in, play around with its sequences, and cause an accident. If home cameras are connected to the internet, then strangers can also connect to them. In our work at IntSights, we saw a dramatic rise, starting in 2017, in darknet forums where hackers were interested in hacking objects connected to the IoT—especially cameras.

As this modern gold rush produces more and more gold, it is becoming increasingly urgent to shield it from bandits. The need to protect our many devices from getting breached has become essential and impossible to ignore.

Notes

1.

Kim Zetter, “Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid,”

Wired

, March 6, 2016, available at

https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

2.

John Markoff, “An Internet Pioneer Ponders the Next Revolution,”

The New York Times

, December 20, 1999, available at

https://archive.nytimes.com/www.nytimes.com/library/tech/99/12/biztech/articles/122099outlook-bobb.html

3.

“Computer and Internet Use in the United States: 2018,”

Census.gov

, April 21, 2021, available at

https://www.census.gov/newsroom/press-releases/2021/computer-internet-use.html

4.

Jon Ying, “Meet the Team! (Part I),”

blog.dropbox.com

, February 5, 2009, available at

https://blog.dropbox.com/topics/company/meet-the-team-part-1

5.

Pete Townshend, “The 5 Biggest GDPR Fines and Why They Were Issued,”

Smartframe

, September 23, 2022, available at

https://smartframe.io/blog/the-5-biggest-gdpr-fines-and-why-they-were-issued/

6.

Data Protection Commission, “Data Protection Commission Announces Decision in WhatsApp Inquiry,” September 2, 2021, available at

https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-whatsapp-inquiry

7.

Andy Greenberg, “Hackers Remotely Kill a Jeep on the Highway—With Me in It,”

Wired

, July 21, 2015, available at

https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

; see also YouTube report:

https://youtu.be/MK0SrxBC1xs

CHAPTER 2The Keyboard War—How Global Militaries Exploited the New Domain

After the attack on the Ukrainian electricity company, with which Chapter 1 began, Ukraine was quick to accuse Russia of leaving 200,000 of its people without power for hours on a freezing winter's day. Experts agreed that the evidence pointed to Russia, which made sense in the context of its relations with Ukraine. This book was completed as the war in Ukraine still raged with full force, and nobody could predict when and how it might end. One thing, however, is clear: for years now, cyberspace has been a domain of war between Russia and Ukraine, just like the other traditional domains of war.

Humanity's most familiar domain has always been land. That is where humans have always lived, settled down, evolved, and fought their wars. But early in its development, humanity also discovered the sea as another important domain through which people and goods could be moved. Maritime warfare—whether organized or as piracy—intensified as a result. The invention of the airplane by Wilbur and Orville Wright in 1903 created another brand‐new domain of human activity, which was swiftly harnessed for warfare.

Cyberspace confronts humanity with a challenge similar to the challenges posed by land, air, and sea. On the one hand, human living standards are soaring beyond all recognition, just as the discovery of the traditional domains opened up new opportunities, but at the same time, humanity has also become exposed to countless new dangers. Criminals have begun to spot the commercial potential of cyberattacks, and this new form of crime has spiraled.

In 2013, government infrastructure in South Korea was targeted in two major cyberattacks: the first was in March and paralyzed three media channels and two banks for several hours; the second followed in June, hacking the website of the presidential office and nearly 70 other government sites.1 The U.S. cybersecurity firm McAfee, which investigated the first (March) incident, concluded that the attack was the grand finale of a long and covert espionage campaign aimed at obtaining military information about South Korea and the United States. The clues pointed to a group of hackers from North Korea.