Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Did Anonymous Crash Israeli Government Websites?

Israel blames crash on a server error, but Anonymous said outage was retaliation for the country's blockade of Gaza.

Did the hacktivist collective known as Anonymous crash numerous Israeli government websites in retaliation for the country's blockade of the Palestinian territory of Gaza?

On Sunday, Israeli's Haaretz newspaper reported that the websites of the Israel Defense Forces, the Mossad intelligence service, and the Shin Bet security service, as well as other government websites and portals, remained offline after an apparent cyber attack.

Anonymous had threatened to take down Israeli websites after Israeli soldiers boarded two aid ships bound for Gaza on Friday. In a YouTube post, Anonymous warned Israel that "if you continue blocking humanitarian vessels to Gaza" then the group would "strike back."

[Russia and China are often leading suspects in cyber-espionage attacks. Read Feds Cite Chinese Cyber Army Capability.]

Israeli government officials, however, disputed that the Sunday website crash had anything to do with Anonymous, or any type of attack. "All of the Israeli government websites which were down yesterday are now back up. Once again--it wasn't a cyber attack but a server glitch," said Ofir Gendelman, a spokesman for the Israeli prime minister, Monday via Twitter. The government also emphasized that no internal sites had failed.

But AnonymousMMV, which had threatened the Israeli government with the website takedown, said on Monday via Twitter that anyone who said that the site crashes weren't the work of Anonymous were "liars."

In other hacktivism-related news, an Anonymous member who had been kidnapped by a Mexican cartel has apparently been released. Anonymous Iberoamerica on Friday released a statement saying that their kidnapped member had been freed by the Zetas cartel and "while bruised, is alive and well."

As part of "OpCartel," Anonymous had threatened to expose the names and addresses of numerous journalists, taxi drivers, and government officials that it said had collaborated with the Zetas cartel.

But many Anonymous members backed off of those threats--possibly after the ramifications of attempting to take on the Zetas became fully clear--and even began advising members about techniques they could use to ensure that their online identity remained truly anonymous. Security intelligence firm Stratfor, notably, warned that the cartel might reassign some of its own computer experts to track down Anonymous members.

"Since we have seen evidence of cartels employing their own computer scientists to engage in cybercrime, it is logical to conclude that the cartels likely have individuals working to track anti-cartel bloggers and hackers. Those individuals involved thus face the risk of abduction, injury, and death--judging by how Los Zetas have dealt with threats in the past," said Stratfor analyst Ben West. But Stratfor said that there was no evidence that this had happened, at least not yet.

Interestingly, Anonymous Iberoamerica said that after it called off #OpCartel, someone it believes to have been a member of Mexican intelligence agency CISEN infiltrated its chat rooms on Sunday and attempted to incite Anonymous members to not call off the campaign. The group traced the poster's IP address back to a CISEN website address.

"We confirmed what we suspected: the Mexican government is behind the promotion and dissemination to #OpCartel for purposes unknown (possibly neutralize Anonymous engaged in a war against criminal groups)," according to a statement released by Anonymous Iberoamerica, which included a copy of the alleged chat logs.

But cracks are emerging in parts of the Anonymous story in Mexico. Notably, #OpCartel was meant to serve as a reprisal for one of the group's members having been kidnapped in the Mexican state of Veracruz. But experts have found no police report or other evidence that would corroborate the Anonymous story.

Furthermore, aside from disclosing the names of accused collaborators, the Zetas cartel doesn't present much of an online target for Anonymous. "The problem is, hack what? There are no drug cartel websites, that I know of, that would be hackable," Raul Trejo, an expert on social communications at the National Autonomous University of Mexico, told the Guardian.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17123
PUBLISHED: 2019-12-13
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)
CVE-2019-19774
PUBLISHED: 2019-12-13
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential...
CVE-2019-19790
PUBLISHED: 2019-12-13
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All...
CVE-2019-19793
PUBLISHED: 2019-12-13
In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.
CVE-2019-19722
PUBLISHED: 2019-12-13
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.