Attacks/Breaches
11/21/2012
08:50 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Anonymous Steps Into Gaza Crisis

Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
As the Gaza crisis has escalated, so has the response from hackers.

After Israel began air strikes in the Gaza strip last Wednesday, Anonymous launched of Operation Israel (OpIsrael), which involves distributed denial-of-service (DDoS) attacks against Israeli government and business websites. By Tuesday, Israeli officials said they'd seen 44 million hacking attempts launched at government websites.

Beyond the DDoS attacks, multiple hacking groups have been practicing the digital equivalent of spray painting graffiti messages on walls, by defacing numerous Israeli websites, including the Facebook page of Israeli prime minister Silvan Shalom, which they recently customized with a "free Palestine" slogan. A group called the Z Company Hacking Crew claimed credit for the Facebook defacement, as well as taking over Shalom's Twitter, YouTube, and Blogspot accounts. "This hack is a team work. There were many members involved who were simultaneously handling different social media," read a Wednesday post to the group's Twitter feed.

The Z Company Hacking Crew disputed news reports that any element of Anonymous had participated in its attacks, saying via Twitter: "Please dont (sic) associate us with any one else. We are not hamas we are not anonymous." The group Wednesday promised to publish information it had stolen from Shalom, including "his contacts, docs, and some other interesting stuff."

Meanwhile, a hacker claiming to be "Zombie_KsA," the founder of the Pakistani PAKbugs black hat community, took credit for defacing the Israeli websites of BBC, Coca-Cola and Intel, as well as several websites managed by Microsoft. A Microsoft spokesman told Softpedia that it didn't appear that any customer data had been compromised as a result of the attacks.

But after the attacks, someone claiming to be the real Zombie_KsA said he wasn't behind the defacements, which he blamed on script kiddies who used his name. To try and clear his name, Zombie_KsA published an analysis of the attacks, on the PAKbugs website, noting it took him only five minutes to retrace the vulnerabilities the attackers had used to gain access to the website of an Israeli domain name registrar, Galcomm, which Microsoft and the other companies apparently used to register their domain names.

According to Zombie_KsA, attackers most likely didn't directly deface the targeted websites, but rather used a SQL injection attack -- via Havij or another automated attack tool--against the Galcomm site, then accessed the targeted companies' Galcomm accounts, altered the domain name settings for each site, then uploaded their website defacements.

"For security reasons we are not disclosing exact injectable links, and we have informed [the] right authorities about vulnerability," said Zombie_KsA, who also criticized the state of Galcomm's website, saying it had been "poorly coded in .NET."

Despite the uptick in DDoS attacks and website attacks being launched at Israeli government websites and businesses over the past week, security experts said the damage still pales in comparison to the malware-driven online espionage campaign that's been targeting Israel for the past year. Earlier this month, researchers at security firm Norman reported that for more than a year, a group of attackers has been using the xTreme remote access Trojan (RAT) to attack first targets in Palestine, and then Israel, using phishing emails referring to current news events.

"The attacker is unknown at this point, but the purpose is assumed to be espionage/surveillance," said Snorre Fagerland, principal security researcher at Norman, in a related report. "These attacks have been ongoing for at least a year."

The related attacks and resulting malware infections recently led Israeli authorities to take Israeli police computers offline, as well as to ban the use of removable media, through which the malicious backdoor software used by the attackers was apparently able to spread.

As with most types of cyber espionage, clearly identifying who launched or sponsored the attacks remains difficult. "It is interesting that the operation apparently shifted over time from Palestinian target to Israeli target," said Fagerland in a blog post. "This can be due to changes in the political situation, or maybe the first half of the operation uncovered something that caused the target shift." While some analysts have suggested that Iran was behind the attacks, Fagerland refused to speculate.

But Aviv Raff, the chief technology officer of Seculert, said that the location of the command-and-control servers involved, as well as the content of the emails, showed that the attacks came from Palestine, reported The New York Times.

Download the new issue of Must Reads, a compendium of our best recent coverage on IT-as-a-service. It includes articles on cloud computing myths, how to build an IT service catalog, security problems, and more. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
IngaTuMa
50%
50%
IngaTuMa,
User Rank: Apprentice
11/22/2012 | 2:52:03 AM
re: Anonymous Steps Into Gaza Crisis
The Host, The Country of Palestine is almost dead, because of the Parasite is taking over it since 1947, a parasite called Israel!
Jamil1
50%
50%
Jamil1,
User Rank: Apprentice
11/22/2012 | 2:29:52 AM
re: Anonymous Steps Into Gaza Crisis
There is no such country as Palestine. Please tell me where it is located, what the currency is, and what countries have ambassadors there.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web