Jewish Groups Try to Stay One Step Ahead of Anti-Semitic Hackers
JNS.org – When hackers from a group called Moroccan Islamic Union-Mail defaced the website of Congregation Beth Am Israel in Penn Valley, Pa., in July 2014, the synagogue chose to look forward rather than dwell on the result of the cyberattack.
“We rebuilt our site and have worked with our domain provider to strengthen security, with an eye toward preventing future hacks,” Rabbi David Ackerman, leader of the congregation, told JNS.org.
The defacement of Beth Am Israel’s website—meaning that the website’s usual content was replaced with propaganda through videos and statements—is part of a new-age trend in anti-Semitism. In particular, the Anti-Defamation League’s (ADL) audit of anti-Semitic incidents that took place throughout America during 2014, data that was released in March 2015, identified a spike in cyberattacks by overseas hackers on synagogues, schools, and other Jewish institutions.
ADL said that in 2014, anti-Semitic hackers from the Arab/Muslim world targeted a Jewish high school in Albany, N.Y.; four Jewish institutions belonging to the Union for Reform Judaism in Colorado, Massachusetts, New Jersey, and Georgia; a synagogue in Plantation, Fla.; and universities in California, Oregon, Utah, Missouri, Massachusetts. While past hacking efforts against Jewish institutions have primarily focused on the Israeli-Palestinian conflict, the more recent attacks have been carried out in the name of the Islamic State terror group, according to ADL.
Jonathan Vick, ADL’s assistant director for cyberhate response, recommends that Jewish leaders “safeguard their databases, websites, e-mails, and other digital information against the ‘hacker-frenzy’ environment that now exists around the world.”
“If Sony, Target, and Home Depot can fall victim to hackers, so too can Jewish organizations,” Vick told JNS.org. “Simple steps can help prevent loss of data and other risks associated with doing business in the online environment.”
Vick said that those steps include having websites hosted by a reputable company that offers top-of-the-line security; never hosting websites on a personal server or on an institutional computer; having administrators regularly review the logs of who is visiting an institution’s website and Facebook page; and monitoring other unusual developments as they arise. Additionally, he suggests checking the Zone-H.org website, which provides a bulletin board where viewers can see firsthand what hackers have done to others.
Complicating the prevention of hacking, Vick said, is the fact that it is not easy to compile statistics on the phenomenon.
“It is difficult because you are relying on either the institutions reporting it or the hackers bragging about it, and neither of those are reliable barometers,” he said. “There are the bulletin boards on what we call the ‘brag websites’ that we monitor, where the hacker groups post their forays and the numbers are escalating. Either Jewish institutions are being targeted or the defacements against standard businesses include some sort of anti-Semitic statement.”
In the aftermath of the hack on Beth Am Israel, Ackerman said it was “very reassuring to know that the ADL was monitoring our situation and that they knew of the group that had attacked our website.”
Vick said it can be unclear whether particular anti-Semitic hackers are coming from the U.S. or overseas.
“We’re not aware of any identifiably domestic hacker groups involved, but when you are dealing with a collective, it is very difficult to say there are none of them in the United States,” he said. “They do readily identify themselves as being offshore, but there is no real way to confirm where they are.”
What specifically is motivating anti-Semitic hackers?
“One is the political environment in the Middle East,” Vick said. “You have groups that envision the U.S.-Israel friendship as being threatening. Then you have radical groups who are against anybody that is not of their belief system. And there is the outright anti-Semitism that clearly exists out there. It is really a storm of factors that have made it different than it has been in the past.”
ADL holds a cyber-security webinar sponsored by synagogues and other organizations from across the Jewish denominational spectrum to give guidance, point out areas of concern, answer questions, and discuss matters such as e-mail security and social networking. On its website, ADL also offers a written guide on these issues titled “Protecting Your Jewish Institution: Security Strategies for Today’s Dangerous World.”
“It is not just about protecting the institution,” Vick said. “It is also about being targeted as a community.”
Yet not all hacking attacks pan out as planned. The global hacking network known as Anonymous has had very limited success with #OpIsrael, an annual campaign to carry out a “cyber-Holocaust” and remove all traces of the Jewish state from the Internet.
Anonymous most recently threatened a “cyber-Holocaust” for April 7, 2015—eight days before Yom HaShoah, Israel’s Holocaust Remembrance Day. The group stated, “We are Anonymous. This is a message to the Zionist entity: We are coming to punish you for your crimes in the Palestinian territories.” But only a few Israeli websites were successfully hacked.
Nevertheless, ADL suggests that Jewish institutions be vigilant about Internet security procedures. According to ADL, organizations should contact their Internet service provider and/or website hosting company to discuss what measures are in place to protect against hacking; have a back-up version of their website and keep that version’s content up to date (weekly or monthly); and modify website content to remove personal information such as e-mail addresses, Facebook pages, Twitter handles, home addresses, and phone numbers wherever possible.
Vick said although hacking-prevention techniques have not yet matched the capabilities of the threats themselves, “technology is starting to catch up, as is the government, which is now paying more attention to hacking events overseas.” Vick said he consistently works with the FBI on this issue.
“Anything can be hacked,” he said. “Caution is the watchword. It only takes one incident to create a huge problem.”