Attacks/Breaches
4/8/2013
11:19 AM
50%
50%

Anonymous Claims 100,000 Israel Site Disruptions

But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous vowed to "erase" Israel from the Internet Sunday as part of the hacktivist collective's ongoing Operation Israel (#OpIsrael) campaign, and multiple Israeli government websites, including the defense and education ministries, as well as multiple banking websites, were reportedly disrupted.

A Monday tweet from the YourAnonNews channel claimed "Hackers Wipe Israel Off Internet." That followed a Sunday "partial damage report" from the #OpIsrael Twitter feed claiming the attacks disrupted over 100,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, resulting in over $3 billion in damages.

Israeli officials, however, downplayed the effect of the defacement, disruption and data dump – a.k.a. doxing -- attack campaign, which was preannounced for Sunday as part of Anonymous' ongoing Operation Israel (#OpIsrael).

[ Hackers are making the rounds of countries. Read Anonymous Hits North Korea Via DDoS. ]

"So far, it is as was expected. There is hardly any real damage," Isaac Ben-Israel, who founded and formerly directed the Israeli government's National Cyber Bureau, told Israel's Army Radio.

"Anonymous doesn't have the skills to damage the country's vital infrastructure," he said. "And if that was its intention, then it wouldn't have announced the attack ahead of time. It wants to create noise in the media about issues that are close to its heart."

Sunday, not coincidentally, was the annual Holocaust Remembrance Day marked by many people in Israel and the United States, among other countries, and not all Anonymous participants agreed with the timing of the latest attacks. Notably, the German branch of Anonymous said via Twitter Saturday that it was distancing itself from #OpIsrael, which it said was being "mostly run by U.S. Anons."

One Anonymous news channel suggested the Sunday attacks were a first-ever attempt by various #OpIsrael operators to coordinate their efforts, and reportedly saw a number of different participants -- operating under such handles as AnonGhost, Gaza Security Team, Parastoo, PunkBoyinSF and Syrian Electronic Army -- get involved.

But how much damage did the attacks do? The Anonymous claim of $3 billion in damages was presumably based on Tel Aviv Stock Exchange fluctuations -- which over the past month have been mostly downward -- but there's no evidence that the Sunday campaign, including distributed denial of service (DDoS) attacks, had any effect on the Israeli stock market.

Although the alleged extent of the defacements and disruptions couldn't be verified, some of the related damage reports appear to be vastly overestimated. A "tango down" list of disrupted sites posted to Pastebin on Sunday, for example, included just 14 Israeli government websites, some of which remained unreachable Monday morning, as well as 50 other Israeli sites.

In addition, a group called "LatinHackTeam" leaked over 600 accounts supposedly associated with Lone Soldier, which is an Israeli Defense Force website that advertises "everything foreign and lone soldiers need to know about joining the Israeli army and volunteering for Israel." The data dump appeared to contain email addresses, hashed passwords and plain-text passwords.

Curiously, however, a claimed Leumi International Bank Of Israel dox -- also from "LatinHackTeam" -- contained mailing addresses for people based not in Israeli, but the United States. Another Pastebin post, meanwhile, claimed that 280 sites were "defaced by Anon Rogues" as part of OpIsrael. A sampling of the sites did reveal defaced pages, although none were hosted in Israeli domains, and few -- if any -- appeared to have overt ties to Israel.

The #OpIsrael attack campaign continued into Monday, with the OpIsrael Twitter feed claiming to publish the phone number for the "israelien prime ministers wife," referring to Sara Netanyahu, the wife of prime minister Benjamin Netanyahu.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:00:14 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGÇÖt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 4:59:58 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGÇÖt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7830
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse cap...

CVE-2014-7831
Published: 2014-11-24
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

CVE-2014-7832
Published: 2014-11-24
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by vi...

CVE-2014-7833
Published: 2014-11-24
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

CVE-2014-7834
Published: 2014-11-24
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?