Tag Archives: Computer Emergency Response Team

IL-CERT finally picking up speed

It’s been a long time since I talked about IL-CERT. My personal story with the IL-CERT (or lack thereof) started somewhere in 2009 when I was dealing with some incidents that affected constituencies in multiple countries – Israel included (which were part of my background research for my Cyber[Crime|War] talk).

It then picked up some speed when I started meeting people with similar interests and vision here in Israel, and we started to discuss how should a CERT be built, given the current situation (a government CERT with minimal constituency and no civil coverage, and an academic CERT that only covered a small part of the universities). There were a lot of toes to step on, and we were trying to map out the dance floor before rolling out to our crazy dance. It also started my own personal research into the CERT world, and led me to meet some great people from the FIRST community.

Incidents came and went, rants were made, I let the project simmer, and almost die completely as we were entangled with bureaucracy, politics, and legal issue.

And then came Stratfor. And then the hackers that broke into a few sites and stole “400,000” credit cards (actually less than 19,000). And then a quick chat between one of the people I trust in this industry – Aviv Raff, who joined into the CERT effort recently. We quickly decided – seeing how the local media addressed the incident, that this would be the right time to get proactive and leave the trolling and waiting-for-something-to-happen aside.

A quick and efficient site was set-up, some scraping of the data that was leaked, a secure lookup system for people to check if they are exposed to the incident, and we were up and running (even in English now). Haven’t had that much fun in some time.

Leaving the usual trolling aside (how come people are great with “you shouldn’t have done this or that”, and really suck at actually doing anything…), we had over 5000 unique visitors to the site in a matter of hours, and some great feedback from people who used the site. Thus far it still is the best and most secure way of checking if you were impacted (don’t even get me started on all the scammers that are asking for your emails to see if it’s on the list or not…).

Hopefully, this is the real start of the IL-CERT. At least I know that we finally picked up the challenge and did something about it.