Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Did Anonymous Crash Israeli Government Websites?

Israel blames crash on a server error, but Anonymous said outage was retaliation for the country's blockade of Gaza.

Did the hacktivist collective known as Anonymous crash numerous Israeli government websites in retaliation for the country's blockade of the Palestinian territory of Gaza?

On Sunday, Israeli's Haaretz newspaper reported that the websites of the Israel Defense Forces, the Mossad intelligence service, and the Shin Bet security service, as well as other government websites and portals, remained offline after an apparent cyber attack.

Anonymous had threatened to take down Israeli websites after Israeli soldiers boarded two aid ships bound for Gaza on Friday. In a YouTube post, Anonymous warned Israel that "if you continue blocking humanitarian vessels to Gaza" then the group would "strike back."

[Russia and China are often leading suspects in cyber-espionage attacks. Read Feds Cite Chinese Cyber Army Capability.]

Israeli government officials, however, disputed that the Sunday website crash had anything to do with Anonymous, or any type of attack. "All of the Israeli government websites which were down yesterday are now back up. Once again--it wasn't a cyber attack but a server glitch," said Ofir Gendelman, a spokesman for the Israeli prime minister, Monday via Twitter. The government also emphasized that no internal sites had failed.

But AnonymousMMV, which had threatened the Israeli government with the website takedown, said on Monday via Twitter that anyone who said that the site crashes weren't the work of Anonymous were "liars."

In other hacktivism-related news, an Anonymous member who had been kidnapped by a Mexican cartel has apparently been released. Anonymous Iberoamerica on Friday released a statement saying that their kidnapped member had been freed by the Zetas cartel and "while bruised, is alive and well."

As part of "OpCartel," Anonymous had threatened to expose the names and addresses of numerous journalists, taxi drivers, and government officials that it said had collaborated with the Zetas cartel.

But many Anonymous members backed off of those threats--possibly after the ramifications of attempting to take on the Zetas became fully clear--and even began advising members about techniques they could use to ensure that their online identity remained truly anonymous. Security intelligence firm Stratfor, notably, warned that the cartel might reassign some of its own computer experts to track down Anonymous members.

"Since we have seen evidence of cartels employing their own computer scientists to engage in cybercrime, it is logical to conclude that the cartels likely have individuals working to track anti-cartel bloggers and hackers. Those individuals involved thus face the risk of abduction, injury, and death--judging by how Los Zetas have dealt with threats in the past," said Stratfor analyst Ben West. But Stratfor said that there was no evidence that this had happened, at least not yet.

Interestingly, Anonymous Iberoamerica said that after it called off #OpCartel, someone it believes to have been a member of Mexican intelligence agency CISEN infiltrated its chat rooms on Sunday and attempted to incite Anonymous members to not call off the campaign. The group traced the poster's IP address back to a CISEN website address.

"We confirmed what we suspected: the Mexican government is behind the promotion and dissemination to #OpCartel for purposes unknown (possibly neutralize Anonymous engaged in a war against criminal groups)," according to a statement released by Anonymous Iberoamerica, which included a copy of the alleged chat logs.

But cracks are emerging in parts of the Anonymous story in Mexico. Notably, #OpCartel was meant to serve as a reprisal for one of the group's members having been kidnapped in the Mexican state of Veracruz. But experts have found no police report or other evidence that would corroborate the Anonymous story.

Furthermore, aside from disclosing the names of accused collaborators, the Zetas cartel doesn't present much of an online target for Anonymous. "The problem is, hack what? There are no drug cartel websites, that I know of, that would be hackable," Raul Trejo, an expert on social communications at the National Autonomous University of Mexico, told the Guardian.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...