The huge increase in hacking attacks against Israeli websites during the Gaza conflict is not the work of professional hackers or sophisticated pro-Palestinian activist groups, experts say. Just the opposite. Most appear to be kids looking for recognition — even jobs.
Over the past two weeks, Israeli sites are getting hacked a million times a day – 900% more than usual. Top Internet expert Isaac Ben-Israel of the Tel Aviv University Yuval Neeman Workshop for Science, Technology, and Security adds, “These attacks come not only from Hamas, which operates hacker units. They are getting assistance from hackers and terrorists from all over the world.”
Even so, reports of a worldwide cyber-conspiracy against Israel should be taken with a grain of salt, according to Orr Nir and Lior Kalev, senior cyber-security consultants at the Israeli branch of international consulting firm Deloitte. Despite attackers’ claims to the contrary, hard-core hackers associated with Anonymous and other professional hacking groups are not the ones behind these attacks.
Instead, according to the two, most of the would-be hackers are just “script kiddies” who are trying to impress their friends, and especially the “real” hackers, in the hope that they will get some recognition — or even a job.
“The majority of attacks against Israeli sites are not what you could call ‘hacks,’ because the real hackers are not necessarily interested in Israel, and are certainly not interested in politics,” said Orr. “What they are interested in is money, specifically breaking into banking and credit card sites. The people attacking Israeli sites are not what you could call hackers.”
What they are, said Orr, are “script kiddies,” who copy and paste exploits, trying to run down Israeli sites by overloading them with connection requests via denial of service (DDOS) attacks. “Israeli Internet service providers know how to identify and prevent these (attacks), which is why, despite these million attacks a day, we see that the Israeli Internet continues to operate without a hiccup.”
A quick search on Twitter and Facebook certainly seems to indicate a large-scale effort by groups that claim to be affiliated with Anonymous against Israeli sites. A Twitter search for the hashtag #OpSaveGaza shows dozens of links to hacking site Pastebin that list usernames, passwords, links to defaced sites, and the like. The group claims to have hacked thousands of Israeli sites, offering the purloined usernames/passwords for email and logins on university, government, and even military sites as proof of their skill, prowess, and success.
But the whole thing could just be a propaganda push, according to Middle Eastern cyber-security expert Dr. Tal Pavel. “No one really knows who Anonymous is, because, of course, they are anonymous, which means that anybody can claim to be a part of the group.” Beyond that, he said, “the fact that they present what appears to be sensitive data is meaningless, because in many cases we find that this information is old, and that it has been recycled several times. These lists, which may have been legitimately hacked at one time, are sometimes years old, and are useful only as ‘social currency’ among hackers who try to impress each other with their alleged skills.”
Trying to impress people, in fact, is one reason hacker groups are so quick to start hacking operations like #OpSaveGaza against Israel, said Orr. “The script kiddies mostly work on social media, hoping to attract attention,” said Orr. “The people interested in their activities are their peers, part of a relatively small circle of teens and young adults who use downloadable tools to conduct simple DDOS attacks. They try to associate themselves with groups like Anonymous, who are the professional hackers who stay off the radar, conducting professional attacks against sites to steal financial and corporate data.”
The greatest ambition of some of these script kiddies, said Orr, is to be hired by “real” hackers, and make some real money from their talents. Thus, he said, attacking Israeli sites as part of a major international operation gives them the opportunity to show off to online friends – and to potential employers.
“We’ve had clients who have been hit and have been down for a half hour or so,” said Orr, with sites coming back quickly and administrators shoring them up to prevent future attacks.
With that, said Orr, Deloitte “always advises its clients to be careful and to take all the steps they can to protect themselves,” including using the latest editions of server and web software that address common exploits utilized by hackers.
There’s no room for complacency. “Most of those hackers are not from Anonymous or any other professional hacker group,” said Orr, “but there are no guarantees that professional hackers, for their own reasons, won’t get involved. It’s like the Hamas rocket fire – most of them miss, but if one does strike a high-value target, it could cause a disaster.”