[IsraelTimes] Under the threat of what hackers swore would be "the largest Internet battle in the history of mankind," Israel has been preparing for the past week for what many expect to be a massive attempt to swamp Israel's Internet -- bringing websites to a crawl, or even bringing them down.The attack is set for Sunday, April 7 -- coincidentally, or perhaps not, the eve of Holocaust Memorial Day in Israel. Computer system administrators and security experts have been shoring up network defenses, changing passwords, and ensuring that they have the Internet bandwidth to withstand an attack.
In their latest screed, the hackers behind the newest incarnation of #OpIsrael, the ongoing attempt to "wipe Israel off the map of the Internet," appealed for unity in the hacker community, which needed to come together to attack Israel. "We can't be consumed by our petty differences any more," said the message, posted on hacker-friendly websites. "We will be united in our common interest. We will once again be fighting for freedom." In a theatrical flourish (using a quote from the 1996 film "Independence Day," which portrayed mankind fighting off a Martian invasion), the hackers state: "'We will not go quietly into the night! We will not vanish without a fight! We're going to live on, we're going to survive."
While the attacks are aimed at government, bank, academic, and business websites (the hackers have published extensive lists of their targets), ordinary Israelis should take precautions as well -- just in case, said the Israel Internet Association (ISOC), which is taking the threat so seriously that it will be operating a hotline for people to report attacks, and will update its website throughout the day with status reports about what is going on in cyberspace.
The most important thing Israelis can do, said Nir Kapelushnik, ISOC's CEO, is to shore up passwords -- get rid of simple ones (like "abc123") and choose complicated ones (at least 8 random letters/digits, mix capitals and small letters, no names or obvious terms, etc.); renew/update anti-virus software; upgrade and update to the latest versions of browsers; and stay away from suspicious links, attachments, documents, etc. "The upcoming hacking attack is liable to disrupt our day-to-day activities," Kapelushnik said. "We do a lot on the Internet today, including sending and receiving mail, shopping, searching for information, and interacting with social networks. The measures we are recommending will hopefully keep the damage to individual Israelis to a minimum." Those measures, he reminds us, will protect users from hackers, crackers, and cyber-thieves, even on "ordinary" days.
In truth, however, the real cyber-battle will be fought not on the computers of home -- or even office -- users, but on the servers that hold the websites of large companies, government agencies, financial institutions, and infrastructure, said Lior Tabansky, a fellow at the Yuval Ne'eman Workshop for Science, Technology, and Security of Tel Aviv University. The Workshop is headed by Prof. Yitzchak Ben-Yisrael, who also heads the National Cyber Directorate, which advises the government on matters of cyber-security and policy.
As such, the folks at the Workshop have a great deal of influence on how the government implements its cyber-security policy, albeit not in an official capacity. "We are advisers... and they usually take our advice," Tabansky explained.
Tabansky believes that the upcoming attacks, although serious, are another case of "business as usual" for the hackers, who try daily to hack into Israeli computer systems -- but almost always fail. "The really important sites are protected from the public Internet, and the chances that the hackers can penetrate them are next to nothing," he told The Times of Israel. "Over the past weeks, site administrators in government and the private sector have been shoring up their defenses, making it much harder to guess passwords and invade sites. So it's unlikely we'll see that type of activity," he said.
What the hackers will do, surmises Tabansky, is launch a massive denial of service (DDOS) attack, in the hope of grinding down servers to a slow crawl, and then halt them entirely. "Unless they have names and passwords, that is really their only attack strategy," continued Tabansky. "Unfortunately, there is little a company can do to stop it, but it is not the major cyber-threat many people, especially in the media, believe it to be. It's more of an annoyance, and if they do manage to intimidate sites into submission, the victory will be one of public relations."
In fact, said Karen Elazari, another fellow at the Workshop, the best defense for many sites might be undertaken on their behalf -- by the hosting company that keeps their site online. "According to information we have gathered over the past month, the large majority of the hackers planning to attack Israeli sites are located in North Africa," Elazari explained to The Times of Israel. "In order to prevent DDOS attacks from these people, a hosting company could configure a site to reject all requests from IP addresses in specific countries like Tunisia and Morocco, or just close off Africa to the site for a week. Many of the sites targeted would probably not be affected too much by that kind of a cutoff, and it would probably go a long way to preventing a DDOS-based crash."
But there is more bark than bite in hacker threats, continued Elazari; the propaganda the hackers are spreading about "April 7 #OpIsrael Day" as a global phenomenon is just false. "They claim to be associated with the international hacker group Anonymous, but it is clear to us that the hackers organizing this are run-of-the-mill, anti-Israel hackers from Arab countries, who run attacks like these almost daily. The operation has a self-proclaimed leader who, we believe, is located in Mauritania. 'Leaders' are a very un-Anonymous phenomenon, but they are very closely associated with Arab hacking efforts, going all the way back to the Second Intifada.
"We in the security industry have known about this for a month, and we have been spreading the word to network administrators and security personnel around the country on what to expect," said Elazari. "So I imagine we are well prepared to handle these attacks. It's likely, though, that users will feel a slowdown in Internet speed, because ISPs may have a hard time handling all the traffic that comes through their servers." Unless, as she suggests, they cut off domains or IP address segments from where the attacks seem to be coming.
"Many of the organizations I have spoken with are looking at "attack day" as a challenge -- a way to test their defense strategies in real time, and figure out how to better shore up their systems," Elazari added. "The tactics the hackers are using are not new, and the strategy -- to claim victories by overloading sites -- is not new either. What's different this time is the alleged scope and size of the attack, and the concern over it in the media. We'll find out whether that concern was justified only sometime next week, when #OpIsrael hackers either manage to take down important Israeli sites, or the whole thing just fizzles."
| Also, a Facebook virus hit Israel a few days before the OpIsrael attack. |
The purpose of the virus, which promulgates itself when a user clicks on certain notifications, is still not clear.
According to Mizbala, an agency specializing in specializing in guerrilla and experimental marketing, some 15% of users who clicked on the viral link were Israeli (14,500 as of Wednesday evening).
According to the Mizbala report (Hebrew) a user by the name of Bekir Yangeç was the source of the code. Mizbala offers its readers advice for action to be taken in the event they clicked on the link.
It isnÂ’t clear if the virus does anything more than replicate and continue tagging, awaiting a user to click the link it provides.
| And Anonymous has been targetting Iran and other Islamist states in the Middle East. |
The new Anonymous effort, called OpIranMenace, is targeting strategic sites, including banks, infrastructure, and government offices. In a message dated March 23, Anonymous said that it was targeting the most Islamist states of the Middle East, including Iran, Iraq, and Saudi Arabia, over their restrictions of Internet use by residents. So far, sites in Iran have been targeted, and the campaign, they say, will soon be extended to the other countries listed.
In the message, Anonymous claimed to have already hacked numerous Iranian sites, including the Arka Line gas pipeline; Aban Sanat Kara, a leading company in Iran’s irrigation and hydro-mechanical industry; the Export Development Bank of Iran, which is under U.S. sanctions; and NIOC, the Iranian Oil Company, which is ranked as the world’s third largest oil company. In addition, Anonymous boasts to have hacked the United Nations office in Tehran, saying “we downed their intranet and also gained full access to the UN ATLAS system (not only in Iran).”
The message includes a link to a site that contains 55 screenshots of the hacked sites. The hacks occurred between March 21-23, the message says. Among the many documents the hackers posted was the pay slip – from the week before! – of an Iranian government employee.