Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Did Anonymous Crash Israeli Government Websites?

Israel blames crash on a server error, but Anonymous said outage was retaliation for the country's blockade of Gaza.

Did the hacktivist collective known as Anonymous crash numerous Israeli government websites in retaliation for the country's blockade of the Palestinian territory of Gaza?

On Sunday, Israeli's Haaretz newspaper reported that the websites of the Israel Defense Forces, the Mossad intelligence service, and the Shin Bet security service, as well as other government websites and portals, remained offline after an apparent cyber attack.

Anonymous had threatened to take down Israeli websites after Israeli soldiers boarded two aid ships bound for Gaza on Friday. In a YouTube post, Anonymous warned Israel that "if you continue blocking humanitarian vessels to Gaza" then the group would "strike back."

[Russia and China are often leading suspects in cyber-espionage attacks. Read Feds Cite Chinese Cyber Army Capability.]

Israeli government officials, however, disputed that the Sunday website crash had anything to do with Anonymous, or any type of attack. "All of the Israeli government websites which were down yesterday are now back up. Once again--it wasn't a cyber attack but a server glitch," said Ofir Gendelman, a spokesman for the Israeli prime minister, Monday via Twitter. The government also emphasized that no internal sites had failed.

But AnonymousMMV, which had threatened the Israeli government with the website takedown, said on Monday via Twitter that anyone who said that the site crashes weren't the work of Anonymous were "liars."

In other hacktivism-related news, an Anonymous member who had been kidnapped by a Mexican cartel has apparently been released. Anonymous Iberoamerica on Friday released a statement saying that their kidnapped member had been freed by the Zetas cartel and "while bruised, is alive and well."

As part of "OpCartel," Anonymous had threatened to expose the names and addresses of numerous journalists, taxi drivers, and government officials that it said had collaborated with the Zetas cartel.

But many Anonymous members backed off of those threats--possibly after the ramifications of attempting to take on the Zetas became fully clear--and even began advising members about techniques they could use to ensure that their online identity remained truly anonymous. Security intelligence firm Stratfor, notably, warned that the cartel might reassign some of its own computer experts to track down Anonymous members.

"Since we have seen evidence of cartels employing their own computer scientists to engage in cybercrime, it is logical to conclude that the cartels likely have individuals working to track anti-cartel bloggers and hackers. Those individuals involved thus face the risk of abduction, injury, and death--judging by how Los Zetas have dealt with threats in the past," said Stratfor analyst Ben West. But Stratfor said that there was no evidence that this had happened, at least not yet.

Interestingly, Anonymous Iberoamerica said that after it called off #OpCartel, someone it believes to have been a member of Mexican intelligence agency CISEN infiltrated its chat rooms on Sunday and attempted to incite Anonymous members to not call off the campaign. The group traced the poster's IP address back to a CISEN website address.

"We confirmed what we suspected: the Mexican government is behind the promotion and dissemination to #OpCartel for purposes unknown (possibly neutralize Anonymous engaged in a war against criminal groups)," according to a statement released by Anonymous Iberoamerica, which included a copy of the alleged chat logs.

But cracks are emerging in parts of the Anonymous story in Mexico. Notably, #OpCartel was meant to serve as a reprisal for one of the group's members having been kidnapped in the Mexican state of Veracruz. But experts have found no police report or other evidence that would corroborate the Anonymous story.

Furthermore, aside from disclosing the names of accused collaborators, the Zetas cartel doesn't present much of an online target for Anonymous. "The problem is, hack what? There are no drug cartel websites, that I know of, that would be hackable," Raul Trejo, an expert on social communications at the National Autonomous University of Mexico, told the Guardian.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16974
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.