08:50 AM

Anonymous Steps Into Gaza Crisis

Website defacing and Anonymous DDoS campaign pale next to ongoing cyberattacks apparently launched from Iran and Palestine, security experts say.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
As the Gaza crisis has escalated, so has the response from hackers.

After Israel began air strikes in the Gaza strip last Wednesday, Anonymous launched of Operation Israel (OpIsrael), which involves distributed denial-of-service (DDoS) attacks against Israeli government and business websites. By Tuesday, Israeli officials said they'd seen 44 million hacking attempts launched at government websites.

Beyond the DDoS attacks, multiple hacking groups have been practicing the digital equivalent of spray painting graffiti messages on walls, by defacing numerous Israeli websites, including the Facebook page of Israeli prime minister Silvan Shalom, which they recently customized with a "free Palestine" slogan. A group called the Z Company Hacking Crew claimed credit for the Facebook defacement, as well as taking over Shalom's Twitter, YouTube, and Blogspot accounts. "This hack is a team work. There were many members involved who were simultaneously handling different social media," read a Wednesday post to the group's Twitter feed.

The Z Company Hacking Crew disputed news reports that any element of Anonymous had participated in its attacks, saying via Twitter: "Please dont (sic) associate us with any one else. We are not hamas we are not anonymous." The group Wednesday promised to publish information it had stolen from Shalom, including "his contacts, docs, and some other interesting stuff."

Meanwhile, a hacker claiming to be "Zombie_KsA," the founder of the Pakistani PAKbugs black hat community, took credit for defacing the Israeli websites of BBC, Coca-Cola and Intel, as well as several websites managed by Microsoft. A Microsoft spokesman told Softpedia that it didn't appear that any customer data had been compromised as a result of the attacks.

But after the attacks, someone claiming to be the real Zombie_KsA said he wasn't behind the defacements, which he blamed on script kiddies who used his name. To try and clear his name, Zombie_KsA published an analysis of the attacks, on the PAKbugs website, noting it took him only five minutes to retrace the vulnerabilities the attackers had used to gain access to the website of an Israeli domain name registrar, Galcomm, which Microsoft and the other companies apparently used to register their domain names.

According to Zombie_KsA, attackers most likely didn't directly deface the targeted websites, but rather used a SQL injection attack -- via Havij or another automated attack tool--against the Galcomm site, then accessed the targeted companies' Galcomm accounts, altered the domain name settings for each site, then uploaded their website defacements.

"For security reasons we are not disclosing exact injectable links, and we have informed [the] right authorities about vulnerability," said Zombie_KsA, who also criticized the state of Galcomm's website, saying it had been "poorly coded in .NET."

Despite the uptick in DDoS attacks and website attacks being launched at Israeli government websites and businesses over the past week, security experts said the damage still pales in comparison to the malware-driven online espionage campaign that's been targeting Israel for the past year. Earlier this month, researchers at security firm Norman reported that for more than a year, a group of attackers has been using the xTreme remote access Trojan (RAT) to attack first targets in Palestine, and then Israel, using phishing emails referring to current news events.

"The attacker is unknown at this point, but the purpose is assumed to be espionage/surveillance," said Snorre Fagerland, principal security researcher at Norman, in a related report. "These attacks have been ongoing for at least a year."

The related attacks and resulting malware infections recently led Israeli authorities to take Israeli police computers offline, as well as to ban the use of removable media, through which the malicious backdoor software used by the attackers was apparently able to spread.

As with most types of cyber espionage, clearly identifying who launched or sponsored the attacks remains difficult. "It is interesting that the operation apparently shifted over time from Palestinian target to Israeli target," said Fagerland in a blog post. "This can be due to changes in the political situation, or maybe the first half of the operation uncovered something that caused the target shift." While some analysts have suggested that Iran was behind the attacks, Fagerland refused to speculate.

But Aviv Raff, the chief technology officer of Seculert, said that the location of the command-and-control servers involved, as well as the content of the emails, showed that the attacks came from Palestine, reported The New York Times.

Download the new issue of Must Reads, a compendium of our best recent coverage on IT-as-a-service. It includes articles on cloud computing myths, how to build an IT service catalog, security problems, and more. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/22/2012 | 2:52:03 AM
re: Anonymous Steps Into Gaza Crisis
The Host, The Country of Palestine is almost dead, because of the Parasite is taking over it since 1947, a parasite called Israel!
User Rank: Apprentice
11/22/2012 | 2:29:52 AM
re: Anonymous Steps Into Gaza Crisis
There is no such country as Palestine. Please tell me where it is located, what the currency is, and what countries have ambassadors there.
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio