JERUSALEM — Hours before Israeli Prime Minister Benjamin Netanyahu spoke at a cyber-tech conference last week to laud his country's cybersecurity skills, Israel's defense ministry admitted it had been hacked.
An email about Ariel Sharon, the recently deceased former prime minister, that appeared to have been sent by the Shin Bet security service had been planted with malware by hackers. Within hours, 15 computers at the defense ministry were compromised. It was a spearfishing attack — going after a certain specific vulnerability to bring down the whole system.
"What's funny about it is that this sort of attack, the whole idea of spearfishing, was something people talked about years ago but wasn't really a big deal, a big method used by hackers, until Israel started doing similar stuff to Iran like Stuxnet — well allegedly — and everyone realized how powerful these sorts of attacks could be," said Omri Ceren, a 37-year-old freelance computer expert who spent years working at some of Israel's largest cybersecurity companies. "Basically Israel let the devil out of the box, and now they've convinced the whole world that they're the only ones who can save them from this new hell."
The Stuxnet attack targeted specific computers at Iran's Natanz nuclear facility and caused its centrifuges to spin wildly out of control. It is perhaps the most famous act of cyberwarfare to date. But in the years since, governments and the global industry have recorded increasingly sophisticated attacks.
"The landscape of the cybersecurity world is changing because the nature of attacks are changing. What we see now are tailored attacks for companies, not broad, sweeping attacks that used to go after anyone. It's the difference between carpet bombing and targeted missiles," said Gadi Tirosh, general partner of Jerusalem Venture Partners (JVP), one of Israel's leading venture capital funds. "And the more specific the attack, the more specific the cybersecurity you need."
Cybersecurity, an umbrella term that covers everything from defending against hackers to collecting intelligence online, is now a $60 to $80 billion-dollar global industry, according to Eviatar Matania, the head of the Israel National Cyber Bureau.
"Israel's share in the global cybersecurity market is 50 times higher than our global portion in the world," he said, explaining that while Israel makes up 0.1% of the global population, they have cornered up to 10% of the global cyber security market, roughly $5 to $7 billion dollars annually.
Perhaps that's why global firms like JVP and IBM made sure to make a splash at an annual cybersecurity conference held last Wednesday in Israel. Executives from JVP announced a contest for the best new startup idea, with a grand prize of $1 million dollars, and IBM partnered with Israel's Ben Gurion University to announce a new center of study cybersecurity skills. Symantec invited Israel's best hackers to race against each other in an imaginary hackathon. Throughout the day, business suit-clad executives could be seen checking the scoreboard and then slipping their cards to the hackers with the best scores.
Many at the conference were quick to try and explain why Israel was globally renowned for its cybersecurity expertise. While Netanyahu opened the conference with five reasons he thought Israel was at the forefront of the field, conference participants streamlined the speech to one main point.
"We're the best at defending because we invented the attacks," said one hacker, who went by the name of "Robomob." "Where do you think I started? In the IDF. I enlisted, I learned the systems, and now I'm going to get a payday from one of these companies that want me to teach them how to defend themselves."
The IDF's cyber defense forces, known as Unit 8200, has grown to be one of the largest in the Israeli army. Within Israel's high tech companies — especially those focusing on security — nearly everyone is a graduate of the unit.
"We definitely look to hire from there. They are well-trained and at the forefront of what is happening in the cyber community," Tirosh, of JVP, said. "The best defenders used to play offense, isn't that what they say?"
Daniel Jammer, the owner and founder of an international cybersecurity company called Nation-E, said he chose to move his company from Switzerland to Israel several years ago because of the reputation of Israel's cybersecurity community.
Jammer, whose company focuses on protecting the energy sources of their clients, said that "no country understood security like Israel."
"The more you are being challenged the better you get at it. That's why so many of us come here. Israel, maybe sadly, has the most experience with being attacked so we know they can best defend," he said.
For hackers like Robomob, the logic is slightly flawed.
"I think Israel sometimes plays a bit too much with this 'Oh, poor us' sort of thing. Like everyone should feel bad because we are probably attacked more than any other country," he said. "But let's be honest here, we also probably attack more."
As he shook a few business cards out of the pocket of his hoodie he added, "What's that thing you say in the U.S. about supply and demand? I think it applies here."
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.