'We must find the golden path' – Israeli National Police CTO on the challenges of capturing cyber criminals
Finding the 'golden path' in the hunt for criminals using encryption to 'go dark' is proving a challenge for the Israeli National Police (INP).
Chief Technology Officer (CTO) of the National Cyber Unit (Lahav433) Yaniv Azani said the capability of the force “are better than what our legal framework allows us to do”.
“We must find the golden path how to handle this,” he said.
“We focus mostly on civilians and we do care about the privacy of everyone and we must follow the Israeli and international laws.”
With data increasingly stored in the cloud, Mr Azani said that the process then falls into the question of jurisdiction and it becomes a matter of governance.
“I cannot hack or check data that is under the responsibility of another country,” he said
“Our best approach is to try and get the system from the country who is responsible for the location of this data.”
Mr Azani said that the INP have a 'good' success rate when it comes to the prosecution of cyber criminals but there are many cases where it can be frustrating.
“There are cases where we know everything but we have nothing. We know the suspect, we know how he did everything, we know who he is working with. But we don't have the evidence to submit in court.”
The CTO said that creativity comes into play when moving to collect evidence when the information is known, sometimes before the arrest, sometimes afterwards.
He admitted that this means that there are a number of instances where they had to release the cyber criminal as they had insufficient evidence to detain him/her.
“Sometimes we have the cases where we have the person arrested but we cannot find the evidence or we have evidence that we did not want to present in court for whatever reason.
“And then we must let them go.”
Mr Azani spoke about the long investigation into a 19-year-old Israeli who was arrested on suspicion of making bomb threats to Jewish organisations and a US airline.
“He drove the world crazy making bomb threat calls. He started in Zurich, then in Germany, then the US, especially at JCCs (jewish community centres), schools and airlines.
“That was a major investigation. At some point, we had a lot of information and we knew how he was doing it but we needed the evidence.
“Eventually we got it and he is in custody now waiting his trial. But we have enough evidence now and he will be convicted.”
Mr Azani was speaking at a private meeting at the CyberTech Tel Aviv Conference, which has been described as one of the most important cyber events on the calendar this year.
Over the course of the three day conference and exhibition, the Tel Aviv Convention Centre is expected to welcome over 13,000 delegates, 120 organisations and around 90 start-up firms.
Grant Waterfall, EMEA Cybersecurity, and Privacy Leader at PWC highlighted Israel as a country which has been extremely instrumental in the cyber security space globally.
"CyberTech is one of the most important events on the cyber calendar in 2018,” he told delegates at the official opening of the conference on Tuesday morning.
“We've chosen Israel to create a cybersecurity centre of excellence...because of the leading steps the country has taken in terms of cybersecurity, and also because of the talent that they have in this space.”
Conference chairman – and one of the founding fathers of the Israeli innovation ecosystem – Dr Yossi Vardi welcomed Mr Waterfall to the main stage in one of two packed speaker halls.
At a breakfast meeting with an international press delegation on Monday morning, Dr Vardi said that technological innovation, and desire to take the start-up risk, is what Israel has become known for.
“It's part of the Jewish culture and spirit. It stems from our mothers; originally they wanted us to be doctors or lawyers, but now they want us to create a globally successful tech firm,” the entrepreneur joked.
During the course of almost five decades, Vardi has invested in over 85 high-tech firms, but it is possibly his links to the well known ICQ deal that propelled his name into the public sphere.
In 1996, he invested in the Israeli firm Mirabilis, which developed an instant messaging service that later became ICQ ('I Seek You'), which his son Arik co-founded. This service was the first application of its kind which was released to the web.
AOL acquired Mirabilis (ICQ) for $287m upfront (additional performance payments excluded) two years later, the most an Israeli technology firm was ever bought for.
Leading multinationals join SMEs and startups, and private and corporate investors walk alongside venture capitalists at this year's CyberTech conference.
Founder and Editor-in-Chief Amir Rapaport led the greetings ahead of the open plenary notes on Tuesday morning, joined by Dr Vardi, the First Director General of Israel National Cyber Directorate Dr Eviatar Matania and President at Ben-Gurion University of the Negev, Professor Rivka Carmi.
Sectors covered over the first day of speakers at the conference include cybersecurity in the fintech and insurance industry, secure cloud, aviation and transportation and privacy protection and GDPR.
The CEO of CyberArk, who also spoke during opening conference keynotes, has said that the benefits of the upcoming GDPR will depend greatly on how the rules are enforced in real-life applications.
"We see some firms that simply do not have basic cyber hygiene when it comes to managing their systems and their data," Udi Mokady told Independent.ie.
"But, what if a firm who is trying to adhere to the standards set out? Will they be penalised the same? There are potential benefits but we'll have to see how the rules are enforced".
IBM Security General Manager Marc Van Zadelhof and the Executive Security Advisor of Microsoft's Enterprise Security Group Cyril Voisin also contributed to Tuesday's plenary keynotes.
Speakers throughout the day include Head of Google Cloud MEA & CEE Dewand Neely, Shamla Naidoo, VP of IT Risk and IBM CISO at IBM Corp and Royal Caribbean Cruise Lines' former CISCO Renee Guttman.