Hackers Worldwide Fan Flames In Middle East Conflict

[William Knowles <wk () C4I ORG>]

http://www.computeruser.com/news/00/11/25/news1.html

By Brian Krebs
November 25, 2000

As tensions in the Middle East continue to simmer, more than a hundred
Web sites have been defaced or shut down by pro-Palestinian and
pro-Israeli hackers, often with the assistance of activist hackers
from several countries not actively involved in the conflict,
according to security experts.

Ben Venzke, director of intelligence production at iDefense, a Web
security firm that has been monitoring the Middle East conflict as it
plays out online, said hackers from as far away as South America to
the U.S. are expanding the conflict by contributing their skills to
whichever side has their sympathies.

"We're starting to see groups that have no connection or relationship
to anything going on in the region jumping into the fray because they
think it's a neat thing, want to be a part of it," Venzke said.

Venzke said his company's research found that Pakistani hacker groups
sympathetic to the Palestinians began attacking Israeli domains
earlier this month. In response, pro-Israeli hacker groups have turned
their attention to a number of Iranian government Web sites. Brazilian
hackers, eager to put each sides in its place, he said, have attacked
both Palestinian and Israeli sites.

IDefense said roughly 90 pro-Israeli - and 20 pro-Palestinian Web
sites - have been defaced or disabled since the conflict escalated
online approximately eight weeks ago.

In an as-yet unreleased report, iDefense references at least 12
different types of attack tools in active distribution by both sides.
The most common weapons used were variations on denial-of-service and
"ping-flood" type tools with nefarious names like "EvilPing,"
"Winsmurf," and "QuickFire." EvilPing - a variation of a tool known as
the "Ping of Death" - sends a single 64K packet that can completely
crash most machines, Venzke said.

Once one side distributes an attack tool, that same tool is then
reconfigured and used against the attacker's Web sites, Venzke said.

In a report published earlier this month, iDefense said
pro-Palestinian hackers had announced an "e-jihad"- or electronic holy
war - against Israeli government sites and those companies that make
up the nation's telecommunications infrastructure. Among the sites hit
at the outset of the conflict online were the Israeli Prime Minister's
Office and the Bank of Israel and the Tel Aviv Stock Exchange.

Palestinian targets of Israeli hacker counterattack included
government sites and those connected to Palestinian nationalist
organizations such as Hamas and Hizbollah.

In a recent alert posted by the National Infrastructure Protection
Center (NIPC, http://www.nipc.gov) - the FBI's cyber crime division -
the agency warned it had discovered numerous Web sites advocating
cyber-warfare against both Israeli and pro-Palestinian Web sites, and
warned that the ensuing activity could spill over into U.S.-based
sites.

Venzke said pro-Israeli hackers have branched out to attacking not
directly involved in the conflict but thought to be sympathetic to the
Palestinian cause, in part because of the sheer lack of vital
Palestinian pressure points.

Among the casualties of pro-Israeli hacker attacks have been the
Iranian Ministry for Foreign Affairs and Iran's Ministry of
Agriculture.

On the Palestinian side, Venzke said, the attacks are becoming more
methodical.

"There appears to be a coordinated campaign on the pro-Palestinian
side to identify vulnerable Israeli sites and gain root access," he
said. "It looks like they're systematically going down the list of
sites with a '.il' suffix and testing each one."

IDefense estimates that 20 groups and roughly 30 core individuals from
both sides are behind the attacks. The true number of participants
involved over time, however, is probably much larger.

"In terms of the numbers of actual participants, it's a substantially
larger number," Venzke said. "They run the gamut from traditional
terrorist groups to pure hacker outfits."

Venzke said U.S. businesses and government sites can expect to bear
the brunt of online terrorist strikes should the US ever become the
focal point of attention as it was during the Gulf War and following
retaliatory strikes against suspected terrorist outfits in Sudan and
Afghanistan.

"Rest assured that the next time we become involved in that manner,
these are the kinds of things that in a relatively short period of
time are going to be launched against U.S. sites," he said.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".