I’m not much of an expert on computers, but I’m guessing I have just watched the Shin Bet, Israel’s secret police, hack mine. This was an NSA moment on speed.
Here’s what happened.
I am currently researching a story on Israel’s techniques for recruiting Palestinian collaborators. This typically involves the Shin Bet. According to human rights groups, the Shin Bet call for interrogation desperately ill medical patients in Gaza who need an exit permit and then pressure them or relatives to turn informer. In the West Bank, the Shin Bet achieve the same end, say these groups, by arresting Palestinians and threatening them with long jail terms or torturing them.
As part of the research I needed to get a comment from the Shin Bet. They don’t have a press office but they can be reached indirectly through the prime minister’s office. I called David Baker, one of the PMO’s spokesmen. He asked me to email him my question, which I did, and he said he’d forward it to the Shin Bet.
He later came back with their response, which he relayed to me over the phone.
About two hours after my initial phone call to Baker, I lost all control over the computer, a Mac. The thing that froze first, and that I tried to force quit, was the mail program. But it wouldn’t respond. In fact, I couldn’t force quit any of the programs. I have never experienced anything like it in 20 years working on a Mac. I knew the computer hadn’t crashed because the cursor was still working, although I had the infamous spinning ball that means the processor is tied up. The only thing I could do was turn off the computer using the on/off button. In the past that has always fixed any problem, however serious.
Strangely, when I switched the computer back on, it worked as usual while it booted back up. I logged in and as soon as I did, the computer froze up again. Again, it wouldn’t let me force quit any of the open programs. I turned it off again. This repeated several times until I gave up and just watched from the sidelines. By now I was sure this was some sort of malicious attack, so I thought it better to just let them get on with it and then return the computer to me.
And sure enough about an hour after I lost the computer it came back to life just as before. Now it seems to be working normally (sic).
Sadly for the Shin Bet, there is nothing on my computer worth stealing. As a journalist, I operate in public. Everything I know and think is on my website or blog. But I also guess that the Shin Bet may not look at it that way. Just as they grill me at the airport trying to find out who I know, I suspect they’d like to rifle through my address book and my email messages.
I, on the other hand, would like – as best as is possible in our NSA-infested world – to protect my own privacy and that of the people I deal with, either personally or professionally.
So anyone who understands what may have happened, and is willing to go public (including very possibly to the Shin Bet), please let me know either by emailing me using the “Contact” button on this website or via Facebook.
What could be done in that time? Could they download the contents of the hard drive? Install spyware? Something else I haven’t thought of? And what action – remember it’s a Mac – can I take to stop it happening again? And, if there is spyware, how can I locate what I assume to be a fairly sophisticated bit of kit (after all these are the people who brought us the Stuxnet worm!)?
Many thanks to all of you who have contacted me with ideas.
One thing that occurred to me, as a reader pointed out and as has been puzzling me ever since I wrote this post, is: why would the Shin Bet do this so clumsily? Surely, the Shin Bet has better ways to hack into a computer, ways that ensure the victim doesn’t know what is happening, such as when the computer is idle or at night.
It suggests two things. First, it would seem I am not a major target. Were they tracking a Hamas leader, I’m guessing they wouldn’t leave their calling card. And second, that this was as much a warning as it was an attempt to gain information.
That makes especial sense in the context of the piece I am writing on collaboration. Several experts have told me that one of the Shin Bet’s goals in its collaboration system is to sow doubt, fear, paranoia and confusion among Palestinians. When one is suspicious of friends and allies, real resistance is made impossible. Collaboration is a tool for gathering information, but it is also a tool for weakening Palestinian resolve.
I am still happy to learn of any techniques that might make the Shin Bet’s job of monitoring me a little harder – think of those wasted Shin Bet man-hours that might otherwise have been spent in the interrogation cells. But the real lesson I am going to draw from this episode (apart from the obvious one that the security services always abuse their powers if there are no real checks) is: to carry on regardless.