Gaza Electronic Aftermath – Hacker Wars

pro-palestinian hackers vs. pro-israeli hackers are at it again.

tonight, the idf (israeli defense forces) launched “summer’s rains”, a military operation in the south of the gaza strip due to the attack on the israeli side of the border a few days ago and the kidnapping of an israeli (corporal gilad shalit) by the hamas. the bulk of the attack was against a power station and three bridges, attempting to prevent the moving of the kidnapped israeli.

today, nearly 750 israeli websites have been hacked and defaced. this was done by a moroccan hacking group called team evil. we have seen them before.

among the attacked websites are: the rambam hospital, bmw israel, subaru israel, bank ha poalim, etc.

this group has been seen before. in a past interview with the israeli online newspaper ynet, the group’s spokesman said:

“אנו קבוצת האקרים מרוקנים הפורצים לאתרים מסיבות של התנגדות למלחמה ולישראל. אנו תוקפים אתרים ישראלים בכל יום. זו החובה שלנו…האקינג זה לא פשע”.

which stands for:
“we are a moroccan hackers group who break into sites for reasons of opposing the war and israel. we attack israeli web sites every day. it is our duty… hacking isn’t a crime.”

in today’s defacement the group said:

“אתם הורגים פלסטינים, אנחנו הורגים שרתים ישראלים”

which stands for:
“you kill palestinians, we kill israeli servers.”

before the day’s end, the counter-attack will commence. but by whom, and why?

first, why do i think i’m expert enough on this subject to comment?

internet terrorism, internet wars, critical infrastructure defense and me.. previously, i’ve had:
-. the honour to serve in an information security capacity with the israeli military intelligence corps.
-. the pleasure of being the chief defender (ciso) of the israeli government’s internet security operation, tehila (the isp, the incident response, the soc, the web server farm, dns for .gov.il, mail servers, net connectivity, surfing, egov, ecommerce, etc.).
-. the incredible reality of establishing and running the israeli government cert.
-. the unquestionable fun of coordinating security efforts of israeli isp’s with joint incident response.
-. over a decade of experience in information security, while currently employed at beyond security.

in these positions i have seen numerous attacks of differing intensity and sophistication against official and unofficial israeli (american, european, muslim, arabic, etc.) sites and networks, while responding to them as well as trying to prevent the next ones. to our knowledge we have never been hacked.

i am no longer with the israeli government. i am still heavily involved in inter-isp coordination in israel as well as globally, but most of my efforts in the realm of internet security are now directed toward the international infrastructure survivability and global internet security operations.

i learn every day, but i can tell you one thing – defending a country online vs. defending it offline is very different. it is, however, similar to fighting terrorism. you don’t have a front and you are facing secretive distributed cell organizations that range in ability and will from throwing stones en-masse to potentially detonating a nuclear bomb or kidnapping your citizens somewhere around the globe.

you face the world of trouble the internet is, and then those that target you specifically while your opponent can be a foreign government as much as it can be a 12 years old kid from your country to any other. in some cases, your defensive positions are not even under your control.

the will-to-do is basically the same, the major difference is in the cost and ability: cost of action is decreased as much as the ability to perform increases. the risk is virtually non-existent.

in the china vs. taiwan online battle, hackers from both countries seem to have a lot of fun defacing websites on both ends, causing damage etc. that was indeed interesting. know why? it has been suggested china itself is involved.

why do i mention “china itself” or “pro-nationality” hackers? because often these wars are between the bored kiddies of each nationality.

pro-palestinian may be a moroccan group rather than palestinian kiddies, like in this recent case and it can be some sort of electronic muslim liberation front (example name) from europe. only thing is, the internet is international so these most likely don’t stand for just one country, region or.. village. they might.

the online attacks are constant, but they increase in intensity by a large factor during specific times and can be predicted without prior knowledge. in times of ideological, political or military strife (such as palestinian terrorists kidnapping an israeli or an israeli military operation in gaza) it is a sure bet that and online assault is not far behind.

often, if we are lucky, what these groups of hackers do is target specific websites or email addresses and launch coordinated distributed denial of service attacks or attempt to deface websites of the other nationality.

as these sporadic attacks are not government funded, the worst that can happen aside to the financial and face-value losses is the counter-attack. meaning, when one side attacks the other (often targeting sites and networks that are in no way related to the opposition in online activity) retaliates by attacking other likely not to be related websites.

real information warfare is considered a non-conventional weapon, much like with weapons of mass destruction. the future will determine how that will go, but for now, information warfare operations such as these are to be reckoned with, but in my opinion, ignored.

as i already said, by today’s end the counter-attack by bored israeli hackers (kiddies, actually) will commence. this will go on for a while. what a waste.

thing is, as time passes, the attacks become more and more sophisticated. the future doesn’t look too bright, but what’s one more hacker attack or a thousand more defacements in the grand scheme of things on the internet, you ask?
the political implications.

gadi evron,
ge@beyondsecurity.com.

Share