Yesterday, Ynet reported on the massive business enterprise Michael Kaydar created, selling his services to buyers around the world who sought out cyber-terror attacks. They ranged from phoning bomb threats against Delta airlines to threats to explode the heads of children at a Jewish day school. Once he claimed there was a suicide bomber in the air. Another time that he was an ISIS fighter with a bomb on a plane. He threatened a plane carrying the Boston Celtics. A threat against an El Al flight traveling from Los Angeles to Ben Gurion caused French and Swiss air force planes to scramble and intercept the Israeli passenger jet. He personally threatened a former Pentagon official that he would kidnap and murder his children. He attempted to extort a Delaware state senator who had disparaged his terror campaign, demanding bitcoin payment. When none was forthcoming, he sent drugs to the man’s home and threatened to call the police to inform them that the senator was a drug-dealer. There were 162 threats to bomb airplanes and 2,000 bomb threats overall. In addition, he sent another 31 mail threats.
He didn’t do this out of personal animus or mental infirmity (though his family claims otherwise). He did it out of a good, old-fashioned motive: greed. Kaydar operated a cyber terror supermarket. He plied his wares on dark web sites like Alpha Bay, advertising them akin to the restaurant or hair salon which lists its services and their prices for client to choose.
Kaydar had a laundry list of “services” which he offered and the prices for each type of exploit. A threatening call to a private home would set a buyer back $40. A call threatening a massacre at a school cost $80. A letter threat against a school called for a discount and cost only $30. A call to threaten to bomb an airliner cost $500. He informed potential clients that they could devise their own threats and he would execute them for a special price. If one of his threats didn’t lead to the evacuation of the targeted institution and summoning of police, he would return the fee to the client, considering it a failed operation. Buyers paid in bitcoin because it was untraceable. By the time of his arrest, he’d amassed a hefty fortune of $500,000.
Hand it to Kaydar, he mass-produced cyber-mayhem. And all by himself. Quite the entrepreneurial spirit of the Israeli Start-Up Nation!
Israeli media have been prohibited from naming the 18 year-old Kaydar or featuring his picture because he began his spree when he was a minor. In fact, he likely will be tried in a juvenile court for at least some of his alleged crimes. This could drastically reduce the amount of jail time he might expect if he’s convicted.
Lest you think Kaydar is a lone wolf cyber terrorist, think again. There is a thriving network of hackers plying their wares on the dark web. Including many in Israel as well.
The IDF boasts of the cyber skills of its largest single military grouping, Unit 8200. It also runs a network of technical high schools from which it recruits to fill its ranks. Many of its veterans go on to lucrative careers founding high-tech startups in the Big Data/cyber-security field. But inevitably, there are aberrant souls who learn the skills but don’t make the grade. They’re shunted to the side. Some of them take those skills to the dark side as Kaydar did.
There is a thriving network of Israeli hackers-for-hire who engage in such anti-social cyber-sabotage. A company called vDOS, consisted of two Israeli hackers who would organize DDOS attacks on commercial websites for a fee. Their clients were competitors or angry customers who sought revenge. vDOS, like Kaydar, had a price list offering different levels of attack against its victims. It earned over $600,000 over a two-year period.
Kaydar went wrong only in the scale of his ambition. The grander the ambition the more likely you will be caught. He targeted Americans because that was where the money was. But he didn’t bargain for the fact that he would make a mistake, make a single phone call without using a proxy server, and so reveal his physical location and be caught by the FBI. Plus, the close Israel- U.S. relationship meant the U.S. could exert pressure on Israeli authorities to end his rampage and bring him to justice.
vDOS is definitely cyber. Not sure I’d classify Kaydar as cyber – what I’ve seen discussed is really “old style” telephone threats – made via VoIP (through proxies etc., all from his aptmt but with the use of a long-range wifi connection (specialized antenna) as an additional layer of masking) + masking software to disguise his identity (as opposed to using a burner cellphone or a random public telephone booth). He collected proceeds in bitcoin and advertised his “services” – but so do drug dealers today.
Do terrorists/criminals still phone in advance to warn before striking? (they used to – the IRA used to do this, the Basque, I think some of the Palestinian factions too). Perhaps institutions should think twice about evacuation policy after a threat.
Classification aside – this doesn’t make this any better or worse.
His family is claiming he is autistic + with a brain tumor… However he was able to run quite a “successful” criminal enterprise…. So I’m dubious this will get much traction.
The Juvenile aspect probably just protects his name at present. It sounds like he’ll be tried as an adult for many-many incidents. He probably will push to be tried in Israel, as in most cases Israeli judicial practice is to sentence -concurrent- sentences for “related” crimes – he’ll probably get close to the max on whatever he is charged with (10 years? 5?) – but he won’t get a sentence of 100*10 – which is possible in some American jurisdictions.
https://www.theguardian.com/australia-news/2017/apr/28/israeli-teen-behind-591-bomb-threats-to-australian-schools-police-allege?CMP=share_btn_fb