Last weekends hacking of three websites of Boulder synagogues and a rabbinic group was not only not unusual, it was likely to happen sooner or later, according to Carl Hartman, North America managing director for Applicure Technologies, a website security provider headquartered in Israel.
Unfortunately for most websites, [hacking] is way too easy. Theres a lot of really insecure code out there on the Web.
Hartman says of the 100 million websites, about 90% are hackable.
Hackers have automated the process. They use tools to find vulnerabilities and when they do, they know what to do and can perform the attacks en masse.
A hacker claiming to be Waja (Adi Noor) hacked the Bonai Shalom and Har Hashem websites last Saturday by removing their everyday content and posting anti-Semitic messages. These included associating the Jewish community with a terrorist organization.
The Boulder Rabbinic Councils website was also attacked by Waja.
All three websites were designed and maintained by Customer Paradigm, a Boulder-based company. Owner Jeff Finkelstein likens the hacking to defacing a building by painting swastikas on the walls.
The game [for hackers] has changed a bit from years ago when hacking was fun and games, says Hartman.
Now, he says, its backed by organized crime whose goal is to steal customer or product proprietary information for financial gain. However, that doesnt mean its the only hacking done today.
There are still hackers who do things for political or religious reasons and those attacks are easy, Hartman says.
My guess is the [Boulder synagogue] website attacks were done using SQL ejection, which is the number one type of attack on the Web.
All you need is a little technical knowledge.
Hartman says to think of it this way: people build houses to showcase their things (website). They install windows for sunlight and fresh air (allowing others to view their sites). But then they put locks (anti-spam, anti-viral software) on the windows and doors to prevent an intruder from crawling through the hole.
Some people even build fences around the yard for additional protection (to protect against phishing and other malware). But very few people have an alarm system on their homes.
Thats the next layer of security that would protect the back end of a website, he explains.
People dont realize the magnitude of the threat to website content and I think education is important.
Finkelstein says he has increased security measures for those Jewish websites and is in the process of going through server logs hoping to find any traces that could lead him to the hackers.
The Boulder Daily Camera reports that it will be extremely difficult for authorities to identify the person or group of people who hacked and defaced the sites. Its fairly easy to hide ones tracks, especially for someone who knows how to break into a website in the first place.
The Federal Bureau of Investigation and Boulder police are working on finding the responsible party.
We appreciate their understanding of the seriousness of this matter and we know that they are fully investigating this, says Amy Stein, community director of ADLs Boulder office.
ADL is committed to working with our Jewish community in Boulder on issues of safety and security throughout the year, not just around the High Holidays or after an incident such as this.
As for Har Hashem and Bonai Shalom, both synagogues say their sites were quickly restored and they were not distracted from the work they do in the community.