How easy is it to catch hackers

ON THE TRACK OF THE HACKERS

Avi Kravitz is a whitehat hacker from the very beginning and is therefore one of the good guys in international cyber warfare. With his start-up "Cyber ​​Trap" he goes on the hunt for cyber criminals - with great success.

A hacker attack is like a bank robbery with invisible perpetrators, ”says Avi Kravitz with eyes wide open. He is visibly excited when he rolls up his biggest cybercrime case to date for Forbes Austria. “This mission has changed me a lot, especially my way of thinking,” is his introduction to a criminal case that takes place in real life. From 2009, Kravitz worked as a whitehat hacker for a leading international company for information and application security. “At the time, I was paid to show our customers where the weak points in their IT security measures were. So-called cybersecurity stress tests are used to simulate an attack on a company's IT structure, for example, in order to be prepared for an emergency. From 2011, I was responsible for our incident response team and was responsible for management and emergency management in the event of acute hacker attacks, ”he explains. When a large German stock corporation was systematically cleared out by a Chinese attacker at the end of 2011 - with the highly sensitive data and information stored there endangered - Avi Kravitz was called for help. The cyber crime thriller took its course. “Our task force teams have used all resources to keep the hackers out, forensically processing the case and finding out what exactly happened,” he continues.

Avi Kravitz is the cover of the October 2016 issue.

Attacks of this kind are no longer uncommon on the World Wide Web. It was not until the beginning of September that a hacker attack on Vienna-Schwechat Airport made headlines: Unknown people are said to have attempted to penetrate the airport's system with several attacks, according to airport director Günther Ofner in official media reports. In this case, the IT security system prevented worse and the attackers missed their target. The airport's homepage was not paralyzed, nor were they able to access other important data about the airport or an airline. The internet company Yahoo was far less lucky in 2014: As was officially confirmed at the end of September, data from at least 500 million users were stolen in a hacker attack two years ago. This is sensitive information such as names, email addresses, telephone numbers and dates of birth. "A trend in recent years has shown that hacker groups steal data in reserve, link it using 'big data' and then look for potential buyers on the black market," explains Avi Kravitz.

But so-called fake president fraud cases are also currently increasing. The fraudsters pretend to be the boss of a company and urge an employee to transfer large amounts of money in a flash, for example to the account of a foreign company. The fraud is only discovered in retrospect, the e-mail address turns out to be fake and the money is mostly lost. It often hits international companies whose size and anonymity play into the hands of criminals. Most often, criminal break-ins into the IT systems of companies and corporations occur due to espionage or theft (of data, plans, research results, note) and sabotage. “That affects pretty much every organization I know. But most companies lack the tools to even find out that something is happening. Many are compromised for years and only notice something when the damage has already occurred, ”explains the IT security specialist. Information about cybercrime cases is very rarely made public.

Avi Kravitz
... is an IT security specialist and was born in Israel. However, he moved to Vienna with his parents at the age of three. “My father is from Lithuania, my mother from Uzbekistan. They met in Israel in the 1970s and moved to Austria at the end of the 1980s, ”says Avi Kravitz. After completing technical training at the HTL Spengergasse, he worked as a consultant on IT issues at a young age. He is also a graduate of the IT and Security Department at the St. Pölten University of Applied Sciences.

An EU regulation passed in 2013 provides for the mandatory reporting of attacks on customer data to the national security authorities within 24 hours. Internet customers do not have to be informed in every case if hackers have attempted to access their data. While data protection and security authorities have been pushing for years to make hacker attacks transparent, Internet and telecommunications companies fear this will put them at a competitive disadvantage and damage their image. But often this is exactly what the aggressors are aiming at. "Hacktivists like 'Anonymous' now and then steal some data or try to paralyze a server or entire networks with so-called 'Denial-of-Service attacks' in order to spread their political messages. But these are not the actors I usually have to deal with today, ”explains Kravitz.

In 2011, too, in the cybercrime case that was to change Avi Kravitz's life forever, the question of the identity of the attacker was omnipresent. “Everyone was hit by a blow in the face of the invisible perpetrators. The question quickly came from the management board: 'Who is that?' And middle management kept asking: 'What do they want from us?' ”He explains.

Both questions are legitimate, but the market didn't know the answers at the time. In cyber warfare, attackers generally have an advantage because they only have to find a small bug in order to penetrate the IT infrastructure. “It is frightening how easily IT systems can be manipulated. If you know how it works, it's so easy, ”warns Kravitz.

“It's frightening how easily IT systems can be manipulated. If you know everything about how it works, it's really simple. "

After the case was resolved in 2011 together with specialists from all over the world and the worst security gaps were finally closed, there was only one last door that the attackers could go through. "We have already made bets as to when they will come back, because it was clear that they knock on the door every few weeks," said the hacker hunter.

On the night of December 24th to 25th, the time had come: the blackhat hackers (destructive hackers, note) fell into the trap - the foundation stone for “Cyber ​​Trap Software GmbH” was laid.

The original idea for the revolutionary technology behind the start-up founded in 2015 is a further development of the so-called honeypot concept. A honeypot is a device that is intended to distract an attacker or enemy from the actual target or to lure him into a trap. “If an attacker tries to break in, I redirect him to a prepared digital playground and can watch him there as if through a crystal ball. I see what he's doing there and what he's looking for. From this point on he is already trapped. I can now give him false, prepared information and documents, such as marked banknotes in a bank robbery, and just have to wait for him to open them, ”explains Avi Kravitz. In order to find the right perpetrator, however, you have to bear in mind that when it comes to cybercrime, the client is not the same as the attacker.

In the so-called “Deep Web”, the hidden part of the World Wide Web that cannot be found when researching using normal search engines, there are job boards for criminal hackers. “As a rule, an attacker cannot evaluate whether the content of the stolen property is correct. He has to open the data - and at that moment I get the information about his identity. Then he forwards it to his client, who in turn opens the data, and that's how I finally get the information about the client. With this technology we have already identified many villains and their backers who could be arrested, for example by Interpol, ”explains the Cyber-Trap co-founder. The first prototype for tracking down and catching cyber criminals was created in 2013. Two years later, in early 2015, Cyber ​​Trap was spun off as a separate company. By serving a niche in an already niche segment, it was not easy for Kravitz to acquire new customers at the beginning.

In the summer of 2015, Gartner (Gartner Inc. is a leading provider of market research analysis on developments in IT, note) published a report on emerging technologies for information security, which gave this innovative technology division a name and opened the market for Cyber ​​Trap. “We are the originators of Deception Technology, which, according to Gartner, is one of the hottest technologies emerging in this area,” says Kravitz proudly. His success proves him right: international customers and investors are currently expressing their interest and at the beginning of 2017 Avi Kravitz and his team will take part in an accelerator program in Silicon Valley.

“Our first customers come from the banking sector, research and development, production, the media industry and law. In some cases, potential customers are still reluctant at the moment because they are not familiar with this type of technology. But the current situation, in which it is recognized that preventive measures are noticeably failing, plays into our hands, ”says Avi Kravitz, who has a stated goal in his online criminal hunt. "We want to set the bar so high that attacks become uneconomical because criminals would have to spend too much money to overcome our security barriers."

Text: Barbara Duras

The article was published in our October 2016 issue.