Israeli cyber-security experts discuss zero-day exploits, virtual money laundering techniques

General Partner, JVP

Last week’s Pentagon report disclosing the breach that allowed Chinese hackers to infiltrate some of America’s most advanced weapons systems reveals the U.S.’s gaping online vulnerabilities and compels U.S. leaders to make cyber-security an issue of national priority.

Given Israel’s ranking as the world leader for cyber-security by Switzerland’s International Institute for Management Development in their 2013 World Competitiveness Yearbook, I spoke to two of Israel’s preeminent cyber-security entrepreneurs, ThetaRay chief executive Mark Gazit, and Jerusalem Venture Partners partner Yoav Tzruya, to learn more about the growing threat of cyber-espionage, and available countermeasures to protect America’s critical infrastructures. I met with them at The Israel Conference, which took place last week at L.A.’s Luxe Hotel.

Above: Jerusalem Venture Partners partner Yoav Tzruya.

Funded by Tzruya’s JVP, ThetaRay is a cyber-security firm that uses “extremely big data” to protect financial institutions and critical infrastructure, like nuclear plants and transportation systems, from “strategic, high-level” cyber attacks, according to Gazit. Tzruya said these attacks have direct and indirect costs of $100 billion and $400 billion a year, respectively.

Above: ThetaRay chief executive Mark Gazit

Wearing satellite cufflinks, Gazit emphasized that while computer virus behavior is easy to identify, the modern cyber-security professional has to be prepared to combat a much more insidious threat: the so-called “zero-day exploit.”

A zero-day exploit is an attack that targets an undiscovered flaw in a software program and then implants malicious code into the application, which gives the hacker access to the selected user’s privileged information. Zero-day attacks are especially problematic because each one is unique and tailored to exploit a specific software vulnerability, making them more difficult to detect.

“It’s like looking for a needle in a huge haystack, and you don’t even know what the needle looks like,” said Gazit.

The infamous Stuxnet attack on Iran’s nuclear program incorporated four different zero-day attacks, for example. Also, this past April, researchers discovered that a vulnerability in Internet Explorer 8, had allowed hackers to launch a zero-day attack on the U.S. Department of Labor website, targeting employees with access to sensitive information about nuclear technologies.

Tzruya says that hackers sell their zero-day exploits on the black market through “Darknets,” or anonymous networks of computers where IP addresses are never revealed, at costs ranging anywhere from $50,000 to $250,000 per program, by his estimates. The market for these cyber-weapons includes rogue nation-states, terrorist groups, and crime syndicates, he said.

“If you want to take down your competitor’s website, you can do that today for hundreds of dollars,” he added.

Tzruya also highlighted the recent Liberty Reserve virtual-currency-money- laundering scandal to illustrate how Darknet forums can enable cyber-criminals to execute “monetary and non-monetary transactions.”

“But how do you turn virtual currency into real currency?”

“You have a partner in a non-regulated market, like a country that is less regulated than the U.S. domestic market, and they actually turn the virtual currency into money for a commission.”

The conversation shifted back to ThetaRay and I asked both men how the company identifies cyber-attacks. Tzruya said that they detect threats by first determining the “layer of the network,” which can be TCP- or-IP-based. Then the security expert must track where the attack originated and the amount of data delivered through the exchange. The problem is, he said, that more sophisticated attackers are aware of standardized defensive mechanisms.

Ultimately, to properly secure an organization’s network, Tzruya asserts that the security application must sample “thousands of parameters on a millisecond level” to establish a clear picture of the system’s normal processes. By identifying normal operations, the scan is then able to isolate even the slightest operational anomaly, which typically indicates the presence of a cyber-attack.

He compared ThetaRay’s algorithms to the ones used by governments to monitor telecom networks for the task of identifying terrorist cell communications.

I asked Gazit if ThetaRay had any American customers. “We don’t disclose customers or the methods we use to protect our customers,” he said. Tzruya said details about ThetaRay’s funding are also confidential.

With $900 million in assets under management, JVP is one of Israel’s preeminent venture capital firms, according to Tzruya. Alternative asset research company Preqin ranks JVP as one of the top 10 venture capital funds in the world. Last month, JVP launched Israel’s first cyber-security incubator in Beer Sheeva, right next to the Israel Defense Forces Telecommunications Division’s new campus.

Back to Perspectives