Ehud Tenenbaum ("the Analyzer") was only eighteen-and-a-half at the end of 1998 when he achieved his fifteen minutes of fame by breaking into the US Pentagon computer. The Tenenbaum trial has continued ever since and the defense is now entering its plea.
In the meantime, it turns out that Tenenbaum has adapted himself to the Zeitgeist by serving as technical manager and security consultant in the 2XS company, which for its part cooperates with an anonymous organization, called the Israeli Internet Underground (IIU).
The goal, part commercial and part patriotic, includes marketing the security services of Tenenbaum’s company to Israeli web sites. Are you worried that Arab hackers will break through your security wall? Here is your salvation.
"We can protect you"
The “Globes” site was one of hundreds of sites that received e-mail from the IIU a few days ago, along the lines of, “We have discovered security problems on your site...at least one of the site’s services contains a bug, through which your site can be broken into and damage caused. We call upon you not to let this happen. We can protect you from attacks by malicious hackers belonging to Islamic groups. All you have to do is download a security report from our site, free of charge, including repairs for the security defects.” The letter is signed by a “White-hatted Hacker Group” (hackers intending to warn of security defects, not steal information, A.M.).
So you are alarmed and enter the site. There you find a list of several hundred sites “in which security faults were discovered” – a real economic Who’s Who. There is also a list of sites already broken into, including educational institutions, such as the Kibbutz Seminar and the Open University in Jerusalem, and various religious web sites – behold and beware. After you have been properly horrified and have decided to save yourselves by hiring the security services of 2XS, you will be asked to sign a statement absolving the company of liability for the information collected for it by the IIU.
Ex-hackers
Why is this necessary? For reasons of legal liability. The IIU claims, “Our aim is the good of all the Israeli companies.” The idea for the statement came from 2XS. It is important for a security company to emphasize that it has no link to the IIU’s activity. Do they really cooperate with hackers, while washing their hands? “They are ex-hackers,” corrects 2XS manager Sharon Weiss. “They claim they have information about a massive attack on Israeli sites in the coming weeks and came to us to offer a solution.”
Ehud Tenenbaum explains that the IIU doesn’t really break into sites. “These guys are serious people with a worthwhile purpose. They want to protect Israel, not attack it. They trace general problems. For example, if a given site relies on a certain version of a server known to have many bugs, it is vulnerable to break-ins. You don’t have to break in to find that out; it is enough to go online and examine the server. That is not an intrusive scan.”
2XS is nevertheless in need of honesty. Tenenbaum writes in an e-mail: “I can’t say that IIU has done anything illegal, because I am not sure, but 2XS will definitely not assume responsibility.” In conversation, he says, “Although we share their goals, we can’t accept responsibility for the way they get the information. Publishing a list of web sites is a little vulgar and overly aggressive; we would have confined ourselves to a personal e-mail. That’s the way hackers are, though. Our legal department told us straight out – don’t be part of the process. That’s why we published a statement, clearly saying that we are not responsible for the information.”
Well, this is at least a pretentious sales trick, if not something worse. How much do 2XS’s security services cost? Ladies and gentlemen, a one-time offer. “At the moment, at least for the coming week, the solution is provided for free,” in Tenenbaum’s cautious wording.
”Globes”: What happens later? Meanwhile, you have a list of potential customers.
Tenenbaum: ”We’re not forcing anyone to work with us in the future.”
To sum up the package, you get half a service, based on half-information (general information), collected using unorthodox means, from which 2XS is careful to disassociate itself. Tenenbaum himself says, “What they have done is very nice, but not so clever.” All those involved, however, take an oath in the name of patriotism, the one and only excuse, covering everything. Whom can this help?
”We are a young company with good intentions. We work with complete sincerity. It’s not a gimmick. We’ve received hundreds of thank you letters,” avers Tenenbaum.
Gall
One of the recipients of the alarming letter was Dapey Reshet web site founder and Internet journalist Ido Amin, who claims, “When companies sign the declaration, they give the Analyzer a comprehensive authorization to any sites whatsoever. I regard this as unmitigated gall, all the more infuriating because it is done in the name of patriotism. If Israeli Internet people want to do something patriotic, they should unreservedly condemn the childish and immoral attacks on the Hezbollah sites. These actions brought in their wake counterattacks that paralyzed half of Israel’s e-mail system for several days running. The spirit of the Internet is free speech, even if you don’t like the photographs shown on the Hezbollah sites.”
Adv. Samuel Tzang, representing Tenenbaum, told “Globes” he was unaware of this activity by Tenenbaum. “I’m not involved in it,” Tzang said. “I’m only working on the criminal case.” Asked by “Globes” if Tenenbaum is permitted to work on safeguarding sites or break-ins, Tzang replied, “As long as this activity takes place within the law.”
Published by Israel's Business Arena on November 15, 2000