Attacks/Breaches
4/8/2013
11:19 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Claims 100,000 Israel Site Disruptions

But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous vowed to "erase" Israel from the Internet Sunday as part of the hacktivist collective's ongoing Operation Israel (#OpIsrael) campaign, and multiple Israeli government websites, including the defense and education ministries, as well as multiple banking websites, were reportedly disrupted.

A Monday tweet from the YourAnonNews channel claimed "Hackers Wipe Israel Off Internet." That followed a Sunday "partial damage report" from the #OpIsrael Twitter feed claiming the attacks disrupted over 100,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, resulting in over $3 billion in damages.

Israeli officials, however, downplayed the effect of the defacement, disruption and data dump – a.k.a. doxing -- attack campaign, which was preannounced for Sunday as part of Anonymous' ongoing Operation Israel (#OpIsrael).

[ Hackers are making the rounds of countries. Read Anonymous Hits North Korea Via DDoS. ]

"So far, it is as was expected. There is hardly any real damage," Isaac Ben-Israel, who founded and formerly directed the Israeli government's National Cyber Bureau, told Israel's Army Radio.

"Anonymous doesn't have the skills to damage the country's vital infrastructure," he said. "And if that was its intention, then it wouldn't have announced the attack ahead of time. It wants to create noise in the media about issues that are close to its heart."

Sunday, not coincidentally, was the annual Holocaust Remembrance Day marked by many people in Israel and the United States, among other countries, and not all Anonymous participants agreed with the timing of the latest attacks. Notably, the German branch of Anonymous said via Twitter Saturday that it was distancing itself from #OpIsrael, which it said was being "mostly run by U.S. Anons."

One Anonymous news channel suggested the Sunday attacks were a first-ever attempt by various #OpIsrael operators to coordinate their efforts, and reportedly saw a number of different participants -- operating under such handles as AnonGhost, Gaza Security Team, Parastoo, PunkBoyinSF and Syrian Electronic Army -- get involved.

But how much damage did the attacks do? The Anonymous claim of $3 billion in damages was presumably based on Tel Aviv Stock Exchange fluctuations -- which over the past month have been mostly downward -- but there's no evidence that the Sunday campaign, including distributed denial of service (DDoS) attacks, had any effect on the Israeli stock market.

Although the alleged extent of the defacements and disruptions couldn't be verified, some of the related damage reports appear to be vastly overestimated. A "tango down" list of disrupted sites posted to Pastebin on Sunday, for example, included just 14 Israeli government websites, some of which remained unreachable Monday morning, as well as 50 other Israeli sites.

In addition, a group called "LatinHackTeam" leaked over 600 accounts supposedly associated with Lone Soldier, which is an Israeli Defense Force website that advertises "everything foreign and lone soldiers need to know about joining the Israeli army and volunteering for Israel." The data dump appeared to contain email addresses, hashed passwords and plain-text passwords.

Curiously, however, a claimed Leumi International Bank Of Israel dox -- also from "LatinHackTeam" -- contained mailing addresses for people based not in Israeli, but the United States. Another Pastebin post, meanwhile, claimed that 280 sites were "defaced by Anon Rogues" as part of OpIsrael. A sampling of the sites did reveal defaced pages, although none were hosted in Israeli domains, and few -- if any -- appeared to have overt ties to Israel.

The #OpIsrael attack campaign continued into Monday, with the OpIsrael Twitter feed claiming to publish the phone number for the "israelien prime ministers wife," referring to Sara Netanyahu, the wife of prime minister Benjamin Netanyahu.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:00:14 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnG«÷t have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 4:59:58 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnG«÷t have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.