Israeli Hackers Vow to Defend

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/politics/0,1283,40187,00.html

by Carmen J. Gentile
2:00 a.m. Nov. 15, 2000 PST

A group of self-described ethical hackers are taking the reins of the
Israelis' Web networks into their own hands in the Middle East's
cyberwar.

Known as the Israeli Internet Underground, the coalition of anonymous
online activists from various Israeli technology companies has set up
a website to disseminate information concerning the ongoing battle in
cyberspace.

According to the IIU mantra, they are "dedicated to the Israeli spirit
and united to protect Israel on the Internet against any kind of
attacks from malicious hacking groups."

The site claims to provide a comprehensive list of sites that were
hacked by Arab attackers since the cyberwar went into full swing on
Oct. 6.

Listed are over 40 Israeli sites that have been defaced and vandalized
by various hacking groups. The number coincides with estimates
provided by officials at iDefense, an international private
intelligence outfit in Washington that is monitoring the ongoing war.

IIU also provides a list of Israeli sites that they believe run
services with commonly known security holes like BIND NXT overflow,
IIS 4 holes and FTP format string bugs.

Examples of defacements by Arab hackers such as the one perpetrated on
the homepage of Jerusalembooks.com, one of the largest Jewish
booksellers on the Web, serve as a warning to those Israeli sites with
suspect security.

The Jerusalembooks.com text and graphics were recently replaced with
the word "Palestine" in flaming letters and with text asking Israelis
if the torah teaches them to kill innocent kids and rape women. The
site is currently under construction due to the attack.

Taking credit for the attack is the group GForce Pakistan, a
well-known activist group that has joined forces with Palestinians and
other Arab hackers in fighting the cyberwar against Israeli interests.

Working alongside the group is the highly skilled Arab hacker named
dodi. On November 3, dodi defaced an Israeli site and stated he could
shut down the Israeli ISP NetVision, host of almost 70 percent of the
country's Internet traffic.

Though petty defacements and racial slurs have been the norm on both
sides of the battle, Arab hackers like dodi have promised to kick the
war into high gear in the coming days, implementing what they refer to
as phases three and four of their "cyber-jihad."

The Muslim extremist group UNITY, with ties to Hezbollah, laid out a
four-part plan for destroying the Israeli Internet infrastructure at
the onset of the cyberwar. Phase four culminates in blitzing attacks
on e-commerce sites, "causing millions of dollars of losses in
transactions."

IIU said there is already evidence of phase-four attacks, such as the
destruction of business sites with e-commerce capabilities, which they
believe caused a recent 8 percent dip in the Israeli stock exchange.

"The current onslaught of cyber attacks against Israel's key websites
is perhaps the most extensive, coordinated malicious hacking effort in
history," said Peggy Weigle, president and CEO of Sanctum Inc., a
security firm based in Santa Clara and founded by two Israelis.

"ISPs and e-businesses must recognize the need to install protection
that goes beyond firewalls to provide real security against
application-level assaults."

In order to thwart future attacks, IIU has created what they call the
"SODA project" (sod is Hebrew for secret). The stated goal of the
project is "to inform and provide solutions wherever we can and
therefore protect our sites against political cyber vandalism." It
lists those websites with security vulnerabilities, making them
susceptible to future attacks by Islamic groups.

The SODA project formed an alliance with the Internet security firm
2XS Ltd., which is linked to the site and agreed to provide security
advice for casualties of the cyberwar. Though 2XS Ltd. does not accept
responsibility for IIU actions, company CTO Ehud Tenebaum founded the
group back in 1996, when he went by the name "Analyzer."

According to Tenebaum, on Nov. 3, IIU contacted 2XS Ltd. to share
their idea of creating a site for publishing vulnerability alerts. "I
liked the idea and took it to our management," said Tenebaum.

Another link on the SODA project is the Internet security information
forum SecurityFocus.com, a resource guide to online security links and
services based in San Mateo, California. Technical editor for
SecurityFocus.com, Ryan Russell, said the site is not taking any sides
in the Middle Eastern war, though he believes that the attackers seem
to have the upper hand.

"Typically, the odds are heavily in the attackers' favor -- the
attacker can launch attacks against any number of sites for little to
no cost," said Russell. "They only need to find one vulnerable victim
to succeed, perhaps after checking thousands of potential victims."

Since both Arabs and Israelis are launching volley after volley
against the others' sites, Russell believes that neither faction gets
to play the victim in this war. "The victims ends up being citizens
and businesses in the affected area," he said. "Unfortunately, I guess
that's not uncommon in that part of the world."


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".