Mideast Conflict Roars Into Cyberspace

December 07, 2000

WASHINGTON, Dec. 7 (UPI) -- The fighting between Palestinians and Israelis has spread 
to cyberspace and after nine weeks shows no sign of slowing, said Stefan H. Leader, a 
security analyst for the U.S. Department of Energy. Pro-Israelis and pro-Palestinians 
are defacing Web sites, penetrating systems and using misinformation combined with 
viruses and Trojan horses to try disrupt each other's Internet activities, he said.

According to sources at iDefense, an international private intelligence firm that 
monitors hacker activities in the public and private sectors, more than 130 or more 
Web sites have been targeted by both sides for denial of service attacks, system 
penetrations, insertion of viruses, attempts to gain root access, along with other 
tools of service disruption since the conflict reached full flood in October.

At least two sites a day are being added to this total, said Ben Venzke, iDefense 
director of intelligence production, noting that pro-Palestinians have targeted 90 
sites and that pro-Israeli hackers have hit "over 25."

"I would say at the moment that the pro-Palestinians are winning -- they are taking a 
broader approach to targeting." said Venzke.

According to Venzke, the hacker's war began after pro-Israel hackers created a site 
called Wizel.com, which acts as a host for FloodNet attack that reloads a Web page 
several times a minute, making the site useless or causing it to crash. Six Hezbollah 
sites, including the Hamas.org site and other informational sites went under, thanks 
to the attack. Israelis quickly set up other sites that included a.Israforce.com, 
SmallMistake, and Hisballa, among others.

One attack on the Palestinian www.hezbollah.org site that showed Israeli ground force 
attacks in Gaza, particularly incensed the Palestinians, said Venzke. The Palestinians 
responded with coordinated attacks by a "cyber-jihad" group called Unity on Wizel.com 
and some key Israel financial sites, including the Tel Aviv stock market and the Bank 
of Israel. The hit on the Israeli stock market caused it to plunge by eight percent, 
Leader said.

One tactic of the pro-Palestinian hackers has been to distribute a dozen world macro 
viruses to use against Israeli sites. "To find viruses on Internet is not unusual, but 
this was," said Venzke.

The viruses include the LoveLetter, CIH and the Melissa viruses along with others, all 
of which are designed to attack and cripple Israeli sites. They are offer users use of 
the programs with a disclaimer that says: "I swear to use these programs only against 
Jews and Israelis," according to Venzke. It's a twist on the disclaimer used by the 
virus-writing community, which offers programs by saying, "Anyone using these programs 
must swear that they will not be used for malicious for only for educational purposes."

Another potent weapon is the EvilPing which launches a "ping death attack" that when 
used simultaneously by several users, can crash a site. There is also the QuickFire, a 
tool that sends 32,00 e-mails to the victim's site from what appears to be the same 
address. The attack is repeated without rest until the e-mail server is disabled and 
crashes. According to Venzke, it's been used successfully against the Israeli Foreign 
Ministry site and its e-mail address.

One of a number of hacking tools, QuickFire has been around a long time. It works this 
way: on your Web interface screen you enter the address you want to attack, and you 
enter the number of messages you want to send, which can be as high as 32,000. With a 
click of the mouse, you send 32,000 e-mails off to the targets server.

Most e-mail servers are robust and user-friendly, said Venzke. If you suddenly get 
10,000 messages, you realize, I'm being attacked, and can shut your server down. But 
once you put server back up, the messages come back in, long after attacker has gone 
to sleep, and they keep coming incessantly until the server crashes, he said.

All the messages come from the same address, but pro-Palestinian hackers randomly 
change the address which makes the attacks harder to filter out, Venzke said. If four 
or five people are using QuckFire, a server could be in real trouble.

Other pro-Palestinian hacker weapons include WinSmurf, HTTP Bomber 1.001.b, FakeMail, 
Attack 2.51. defend, and PutDown.

Unity, an extremist group with ties to Hezbollah and other groups, has been behind one 
of the most organized efforts on pro-Palestinian side and has divided its battle plan 
into four phases. Phase one of their "cyber jihad" aimed at crashing Israeli 
government sites. Phase two included hitting the Bank of Israel and Tel Aviv stock 
market. Phase three targets the Israeli ISP infrastructure and strikes at the sites 
for Lucent Technologies, the U.S. high-tech company, and Golden lines of Israel, both 
providers of telecommunications services. The fourth phase is to be the destruction of 
Israeli e-commerce sites, Unity says, the purpose being to divert funds from Israeli 
Defense Forces into computer and Internet security and easing pressure on the 
Palestinian authority.

Phase four worries Leader. "That seems to me to be the really dangerous threat, " he 
said. By rendering the site inoperable and closing down business entirely for 
significant intervals of time, losses could run into the "million and millions of 
dollars," he said.

In the case of Lucent Technologies, Leader said that an "authentic-looking" but bogus 
Israeli Army Web site was created in the Lucent Technologies Net Service in early 
November. The "defend" hacker tool that requires thousands of hackers to hit the site 
at the same time to be effective then attacked Lucent. Because of effective 
countermeasures, Lucent survived the attack, he said.

Lucent Technologies did not return phone calls.

The latest addition to the pro-Palestinian hacker onslaught has been the G-Force Group 
from Pakistan. They previously were active in cyber-warfare in India over the Kashmir 
campaign. In their first two to three weeks of activity, they hit 20 sites, Venzke 

A number of pro-Israeli sites responded by defacing the Iranian Agricultural Web page, 
and the hackers said they would target all Iranian Lebanese and Pakistani sites.

Another late addition in the pro-Palestinian lineup is the Iron Guards. The group 
launched their first operation a week ago, hitting Israeli sites. They have relied on 
the FloodNet tool in their attacks, Venzke said.

But what alarms him most is the growing sophistication and intensity of the conflict. 
On Nov. 3, Cognifit.com.il, a company that provides services for Israel's elderly had 
its Web site defaced by a pro-Palestinian operator named Dodi. On the site, Dodi 
proclaimed that he could shut down the Israeli ISP Netvision that claims to host 70 
percent of the country's Web traffic.

Venzke isn't sure who Dodi is but acknowledges dodi is talented and has a great 
potential for destruction: "In one of his site defacements was a code, a shell code, 
that if installed in your computer, would, at a predetermined time, erase every single 
document in your computer, then use your computer to launch a hostile attack on a 
target. Thus a fake IDF site would appear to be attacking the Bank of Israel," Venzke 
said. IDefense knows the Dodi code works because they tested it, he said.

"What is interesting is the involvement of terrorist groups like Hamas and Hizbullah. 
They are actively supporting recurring cyber-based attacks," Venzke said.

Asked if the pro-Palestinians and Israelis could escalate into attacking each other's 
power girds and telecommunications, Venzke said, "It's a real possibility."

(C) 2000 UPI All Rights Reserved.

archive: http://theMezz.com/cybercrime/archive
unsubscribe: [EMAIL PROTECTED]
subscribe: [EMAIL PROTECTED]
url: http://theMezz.com/alerts

T O P I C A  http://www.topica.com/t/17
Newsletters, Tips and Discussions on Your Favorite Topics

Reply via email to