If anti-Israel hackers hoped, as they boldly proclaimed, “to erase Israel from the Internet” during Sunday’s #OpIsrael hacking attacks, they failed miserably, said Nir Goldshlager, Israel’s most famous “white hat” hacker and CEO of Break Security. Instead of toppling and defacing government, bank, and insurance sites, as they promised to do, the hacking groups, ostensibly associated with Anonymous, were able to attack only minor web sites that were not well protected.
It was not for lack of trying, though. Although the statistics aren’t in yet, Israel was clearly in the crosshairs of hackers on Sunday. Several Facebook pages, Twitter feeds, and web sites churned out updated lists of sites the hackers claimed to have taken down or defaced, and posts on social media sites made unsubstantiated claims like “Anonymous causes Israel to lose $5 billion” in stock market losses (false) and “Tel Aviv loses all Internet connection” (ditto).
The main tactic used by hackers to attack large government and financial sites was the denial of service (DDoS) attack, in which tens of thousands of connection requests are sent to a server at one time, in the hope of overwhelming the server’s system and causing it to slow down to a crawl, or to shut down altogether. Dr. Tal Pavel, director of the MiddleEasterNet site, which gathers intelligence on Internet usage and events in the Arab world, uncovered several sites where users could participate in DDoS attacks against Israeli sites by clicking on buttons. Each click generated thousands of connection requests.
In addition, Pavel reported a relatively sophisticated attack against the Bank of Israel, in which hackers compromised an Israeli site and inserted an agent that, when clicked on, launched DDOS attacks against the BOI site.
The bank’s site remained stable over the weekend, however, as did nearly all major Israeli sites. In some cases, sites were slow to load for a few seconds, but the problems were resolved by site administrators, restoring normal operations within minutes. Government agencies, such as the Ministry of Foreign Affairs, sent out status messages and notifications several times on Sunday, assuring Israelis that despite the claims of hackers, Israeli government sites were running normally – as a cursory check of sites at random times during the day proved.
The DDoS attacks were an annoyance, said Goldshlager, and indicated “the lack of sophistication and knowledge of these teams.” The exploits of the hackers were limited, “and they told many lies to enhance their reputations. In the end, though, the only damage they were able to do was to small sites that were not well defended, with the hackers taking advantage of well-known security holes in older web servers to enter systems and deface web pages or steal data.”
Indeed, as the day progressed, it appeared that the hackers realized that despite their bravado, they were losing the propaganda war, being defeated by the facts. “There were just so many inaccuracies,” said Goldshlager. “For example, they claimed that they hacked into the site for the Israel Police, with the site’s address police.gov.li. They may have hacked it, but by getting the domain mixed up (.li instead of .il) whatever it was they thought they were hacking, it wasn’t the Israel Police site.” Channel One reported that hackers had posted phony screenshots of sites like Yad Vashem and the Mossad hacked by them, when in fact they had not been hacked at all.
Meanwhile, Israel wasn’t the only one being hacked. The LulzSec hacker group posted what it said were a slew of documents from Palestinian Authority government servers. In addition, Israeli hackers brought down dozens of sites in Iran, Turkey, Indonesia, and North African countries, where many of anti-Israel DDoS attacks originated.
In one creative hack, the Israeli group – which called itself “Israeli Elite Hackers” – posted code that would allow anyone to register, for free, a site in the .ps domain (used for Palestinian Authority sites), raising the farcical possibility of “Zionist” and pro-Israel sites with a .ps domain suffix. The group also said it attacked the web sites of Hezbollah and Islamic Jihad, bringing them down for several hours.
Goldshlager, who hacks into sites in order to find vulnerabilities, was unimpressed with the hackers’ “script kiddie methods” of hacking, and was even less impressed by “their ridiculous claims” (websites, citing anti-Israel hacking groups, claimed 60,000 Israeli sites were compromised by 60 million hacking attempts).
The one success the hackers had was that of breaking into poorly scripted sites belonging mostly to small business, organizations, and civic groups, and defacing them or stealing data from them.
“None of those sites is essential to the economy in any way, but for site owners it is obviously very annoying to have to clean things up and recover lost information.”
Hackers posted several pages of credit card numbers, email logins, and Facebook passwords they claimed to have pilfered from these sites, and while it was impossible to know how many of these were fresh or recycled (hackers have been caught numerous times posting data stolen years ago as new, said Pavel), there were probably some instances of actual data leaks.
Regardless, said Goldshlager, the credit card companies follow up on these numbers and cancel the cards for customers whose numbers appear in public. “It’s a good thing the hackers post the numbers,” Goldshlager said. “Imagine if they would use them.” And in a sense, he added, the hackers were doing small sites a favor by hacking into them – giving them an incentive to upgrade their security.
“But obviously it’s still a hassle,” he added.
With the problem centering on these “small sites,” as Goldshlager called them, and the hackers getting what little public relations victories they do garner from hacking these sites, Goldshlager said that he believed the government should get involved. “For many of these sites, hiring a security expert to test their web servers and beefing them up just isn’t worth the expense. Whatever money they are making from these sites, it is often less than they would end up spending on fixes.” On the other hand, he said, there were many moderately priced security technologies out there (many of them made in Israel) that could go a long way to protect sites.
“The big companies can afford to hire experts, but not the small ones,” Goldshlager said. “If the government became a partner in security for small businesses, it would go a long way to stopping these mass hacking attacks, because even the small successes hackers attain by attacking these sites would evaporate.”
By late Sunday, the cyber war appeared to be winding down. “Our operators have been reporting via this account, non-stop for last 30hrs,” said a post on the #OpIsrael Twitter page. “We are taking a break.”
Just when they’ll be back, said Goldshlager, was unclear – but “rest assured they will return. This wasn’t the first organized hack attack against Israel, and it certainly won’t be the last.”