Attacks/Breaches
4/8/2013
11:19 AM
50%
50%

Anonymous Claims 100,000 Israel Site Disruptions

But Israeli government officials dismiss the claim and call the hacktivist group's 'OpIsrael' campaign ineffective.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Anonymous vowed to "erase" Israel from the Internet Sunday as part of the hacktivist collective's ongoing Operation Israel (#OpIsrael) campaign, and multiple Israeli government websites, including the defense and education ministries, as well as multiple banking websites, were reportedly disrupted.

A Monday tweet from the YourAnonNews channel claimed "Hackers Wipe Israel Off Internet." That followed a Sunday "partial damage report" from the #OpIsrael Twitter feed claiming the attacks disrupted over 100,000 websites, 40,000 Facebook pages, 5,000 Twitter accounts and 30,000 Israeli bank accounts, resulting in over $3 billion in damages.

Israeli officials, however, downplayed the effect of the defacement, disruption and data dump – a.k.a. doxing -- attack campaign, which was preannounced for Sunday as part of Anonymous' ongoing Operation Israel (#OpIsrael).

[ Hackers are making the rounds of countries. Read Anonymous Hits North Korea Via DDoS. ]

"So far, it is as was expected. There is hardly any real damage," Isaac Ben-Israel, who founded and formerly directed the Israeli government's National Cyber Bureau, told Israel's Army Radio.

"Anonymous doesn't have the skills to damage the country's vital infrastructure," he said. "And if that was its intention, then it wouldn't have announced the attack ahead of time. It wants to create noise in the media about issues that are close to its heart."

Sunday, not coincidentally, was the annual Holocaust Remembrance Day marked by many people in Israel and the United States, among other countries, and not all Anonymous participants agreed with the timing of the latest attacks. Notably, the German branch of Anonymous said via Twitter Saturday that it was distancing itself from #OpIsrael, which it said was being "mostly run by U.S. Anons."

One Anonymous news channel suggested the Sunday attacks were a first-ever attempt by various #OpIsrael operators to coordinate their efforts, and reportedly saw a number of different participants -- operating under such handles as AnonGhost, Gaza Security Team, Parastoo, PunkBoyinSF and Syrian Electronic Army -- get involved.

But how much damage did the attacks do? The Anonymous claim of $3 billion in damages was presumably based on Tel Aviv Stock Exchange fluctuations -- which over the past month have been mostly downward -- but there's no evidence that the Sunday campaign, including distributed denial of service (DDoS) attacks, had any effect on the Israeli stock market.

Although the alleged extent of the defacements and disruptions couldn't be verified, some of the related damage reports appear to be vastly overestimated. A "tango down" list of disrupted sites posted to Pastebin on Sunday, for example, included just 14 Israeli government websites, some of which remained unreachable Monday morning, as well as 50 other Israeli sites.

In addition, a group called "LatinHackTeam" leaked over 600 accounts supposedly associated with Lone Soldier, which is an Israeli Defense Force website that advertises "everything foreign and lone soldiers need to know about joining the Israeli army and volunteering for Israel." The data dump appeared to contain email addresses, hashed passwords and plain-text passwords.

Curiously, however, a claimed Leumi International Bank Of Israel dox -- also from "LatinHackTeam" -- contained mailing addresses for people based not in Israeli, but the United States. Another Pastebin post, meanwhile, claimed that 280 sites were "defaced by Anon Rogues" as part of OpIsrael. A sampling of the sites did reveal defaced pages, although none were hosted in Israeli domains, and few -- if any -- appeared to have overt ties to Israel.

The #OpIsrael attack campaign continued into Monday, with the OpIsrael Twitter feed claiming to publish the phone number for the "israelien prime ministers wife," referring to Sara Netanyahu, the wife of prime minister Benjamin Netanyahu.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 5:00:14 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGÇÖt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/23/2013 | 4:59:58 PM
re: Anonymous Claims 100,000 Israel Site Disruptions
I would suggest that Isaac Ben-Israel not put that challenge out there. If he claims that anonymous doesnGÇÖt have the skills to damage the infrastructure sounds like a challenge. 3 billion dollars on damage certainly sounds like it caused a significant amount of money to me.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-5084
Published: 2015-08-02
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5352
Published: 2015-08-02
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time ...

CVE-2015-5537
Published: 2015-08-02
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

CVE-2015-5600
Published: 2015-08-02
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumptio...

CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!