Attacks/Breaches
4/8/2013
11:19 AM
50%
50%

Anonymous Claims 100,000 Israel Site Disruptions

But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous vowed to "erase" Israel from the Internet Sunday as part of the hacktivist collective's ongoing Operation Israel (#OpIsrael) campaign, and multiple Israeli government websites, including the defense and education ministries, as well as multiple banking websites, were reportedly disrupted.

A Monday tweet from the YourAnonNews channel claimed "Hackers Wipe Israel Off Internet." That followed a Sunday "partial damage report" from the #OpIsrael Twitter feed claiming the attacks disrupted over 100,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, resulting in over $3 billion in damages.

Israeli officials, however, downplayed the effect of the defacement, disruption and data dump – a.k.a. doxing -- attack campaign, which was preannounced for Sunday as part of Anonymous' ongoing Operation Israel (#OpIsrael).

[ Hackers are making the rounds of countries. Read Anonymous Hits North Korea Via DDoS. ]

"So far, it is as was expected. There is hardly any real damage," Isaac Ben-Israel, who founded and formerly directed the Israeli government's National Cyber Bureau, told Israel's Army Radio.

"Anonymous doesn't have the skills to damage the country's vital infrastructure," he said. "And if that was its intention, then it wouldn't have announced the attack ahead of time. It wants to create noise in the media about issues that are close to its heart."

Sunday, not coincidentally, was the annual Holocaust Remembrance Day marked by many people in Israel and the United States, among other countries, and not all Anonymous participants agreed with the timing of the latest attacks. Notably, the German branch of Anonymous said via Twitter Saturday that it was distancing itself from #OpIsrael, which it said was being "mostly run by U.S. Anons."

One Anonymous news channel suggested the Sunday attacks were a first-ever attempt by various #OpIsrael operators to coordinate their efforts, and reportedly saw a number of different participants -- operating under such handles as AnonGhost, Gaza Security Team, Parastoo, PunkBoyinSF and Syrian Electronic Army -- get involved.

But how much damage did the attacks do? The Anonymous claim of $3 billion in damages was presumably based on Tel Aviv Stock Exchange fluctuations -- which over the past month have been mostly downward -- but there's no evidence that the Sunday campaign, including distributed denial of service (DDoS) attacks, had any effect on the Israeli stock market.

Although the alleged extent of the defacements and disruptions couldn't be verified, some of the related damage reports appear to be vastly overestimated. A "tango down" list of disrupted sites posted to Pastebin on Sunday, for example, included just 14 Israeli government websites, some of which remained unreachable Monday morning, as well as 50 other Israeli sites.

In addition, a group called "LatinHackTeam" leaked over 600 accounts supposedly associated with Lone Soldier, which is an Israeli Defense Force website that advertises "everything foreign and lone soldiers need to know about joining the Israeli army and volunteering for Israel." The data dump appeared to contain email addresses, hashed passwords and plain-text passwords.

Curiously, however, a claimed Leumi International Bank Of Israel dox -- also from "LatinHackTeam" -- contained mailing addresses for people based not in Israeli, but the United States. Another Pastebin post, meanwhile, claimed that 280 sites were "defaced by Anon Rogues" as part of OpIsrael. A sampling of the sites did reveal defaced pages, although none were hosted in Israeli domains, and few -- if any -- appeared to have overt ties to Israel.

The #OpIsrael attack campaign continued into Monday, with the OpIsrael Twitter feed claiming to publish the phone number for the "israelien prime ministers wife," referring to Sara Netanyahu, the wife of prime minister Benjamin Netanyahu.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:00:14 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGÇÖt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 4:59:58 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGÇÖt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9605
Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-2990
Published: 2015-09-04
Directory traversal vulnerability in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.

CVE-2015-2991
Published: 2015-09-04
Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data.

CVE-2015-5612
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688
Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.