Attacks/Breaches

4/8/2013
11:19 AM
50%
50%

Anonymous Claims 100,000 Israel Site Disruptions

But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous vowed to "erase" Israel from the Internet Sunday as part of the hacktivist collective's ongoing Operation Israel (#OpIsrael) campaign, and multiple Israeli government websites, including the defense and education ministries, as well as multiple banking websites, were reportedly disrupted.

A Monday tweet from the YourAnonNews channel claimed "Hackers Wipe Israel Off Internet." That followed a Sunday "partial damage report" from the #OpIsrael Twitter feed claiming the attacks disrupted over 100,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, resulting in over $3 billion in damages.

Israeli officials, however, downplayed the effect of the defacement, disruption and data dump – a.k.a. doxing -- attack campaign, which was preannounced for Sunday as part of Anonymous' ongoing Operation Israel (#OpIsrael).

[ Hackers are making the rounds of countries. Read Anonymous Hits North Korea Via DDoS. ]

"So far, it is as was expected. There is hardly any real damage," Isaac Ben-Israel, who founded and formerly directed the Israeli government's National Cyber Bureau, told Israel's Army Radio.

"Anonymous doesn't have the skills to damage the country's vital infrastructure," he said. "And if that was its intention, then it wouldn't have announced the attack ahead of time. It wants to create noise in the media about issues that are close to its heart."

Sunday, not coincidentally, was the annual Holocaust Remembrance Day marked by many people in Israel and the United States, among other countries, and not all Anonymous participants agreed with the timing of the latest attacks. Notably, the German branch of Anonymous said via Twitter Saturday that it was distancing itself from #OpIsrael, which it said was being "mostly run by U.S. Anons."

One Anonymous news channel suggested the Sunday attacks were a first-ever attempt by various #OpIsrael operators to coordinate their efforts, and reportedly saw a number of different participants -- operating under such handles as AnonGhost, Gaza Security Team, Parastoo, PunkBoyinSF and Syrian Electronic Army -- get involved.

But how much damage did the attacks do? The Anonymous claim of $3 billion in damages was presumably based on Tel Aviv Stock Exchange fluctuations -- which over the past month have been mostly downward -- but there's no evidence that the Sunday campaign, including distributed denial of service (DDoS) attacks, had any effect on the Israeli stock market.

Although the alleged extent of the defacements and disruptions couldn't be verified, some of the related damage reports appear to be vastly overestimated. A "tango down" list of disrupted sites posted to Pastebin on Sunday, for example, included just 14 Israeli government websites, some of which remained unreachable Monday morning, as well as 50 other Israeli sites.

In addition, a group called "LatinHackTeam" leaked over 600 accounts supposedly associated with Lone Soldier, which is an Israeli Defense Force website that advertises "everything foreign and lone soldiers need to know about joining the Israeli army and volunteering for Israel." The data dump appeared to contain email addresses, hashed passwords and plain-text passwords.

Curiously, however, a claimed Leumi International Bank Of Israel dox -- also from "LatinHackTeam" -- contained mailing addresses for people based not in Israeli, but the United States. Another Pastebin post, meanwhile, claimed that 280 sites were "defaced by Anon Rogues" as part of OpIsrael. A sampling of the sites did reveal defaced pages, although none were hosted in Israeli domains, and few -- if any -- appeared to have overt ties to Israel.

The #OpIsrael attack campaign continued into Monday, with the OpIsrael Twitter feed claiming to publish the phone number for the "israelien prime ministers wife," referring to Sara Netanyahu, the wife of prime minister Benjamin Netanyahu.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:00:14 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 4:59:58 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Email, Social Media Still Security Nightmares
Dark Reading Staff 6/15/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12526
PUBLISHED: 2018-06-21
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
CVE-2018-1253
PUBLISHED: 2018-06-21
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other ...
CVE-2018-1254
PUBLISHED: 2018-06-21
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript...
CVE-2018-12615
PUBLISHED: 2018-06-21
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
CVE-2016-10723
PUBLISHED: 2018-06-21
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurre...