Whatever your personal perspective on the rights and wrongs of the current Palestinian-Israeli war in Gaza, there's a second front being fought on the Internet. This form of warfare is a battle of words and often vivid imagery engaged by hackers from either side of the divide. The image shown below is a highly graphic example from a defaced Israeli commercial Website, hacked by "DNS Team" today.
Many are familiar with the explosive form of botnet-based direct denial-of-service (DDoS) attacks carried out and widely reported, against governmental Websites in Estonia in 2007 and Georgia in August 2008. In fact this particular cyberwar in the Middle East has been going on since at least 2001. Mirroring the real world, this cyberwar waxes and wanes as the ground warfare fans the flames on the Internet at times such as this.
The tactics include many sophisticated hacking techniques more frequently used against commercial sites, but this development is important to any commercial or governmental network operation.
It may seem as if this is only of consequence to Israeli or Arab Websites. That's not the case. For example, many U.S., French, Spanish, U.K., and Danish Websites are being defaced by hackers at the rate of hundreds per hour. Such e-vandalism is merely an inconvenience for the company Webmaster, but many of the defacements in the last two days also contain malware links. Many are also provided with redirects or flash links to Jihadist forums or blogs, caused by SQL attacks.
A few days ago the Islamic group "Team Evil" used a DNS attack on DomainTheNet's registration system server, which redirected many well known Israeli Websites such as ynetnews.com and public utilities, and rerouted users to a page featuring anti-Israel messages. DomainTheNet is a multinational registration service provider (RSP), which offers registration and site-hosting services. Of the names used in the hacking, Team Evil, DNS Team, Tw!$3r, KaSPeRs HaCKeR CreW, PaLiSeNiaN HaCK, MoRoCcAn HaCkErZ, et al., are reportedly coming from Morocco.
But tracking back to the associated routings and linked forums, these activities are actually originating from Saudi Arabia and Turkey. As three embarrassing examples of the enemy within:
- Jihadist forum and communication site Anashed.Net is registered in Saudi Arabia but hosted by Layered Tech, based in Plano, Texas.
- Raslny.com is also registered in Saudi Arabia but hosted by SoftLayer, also based in Plano.
- According to Internet-Haganah, an Israeli Website that tracks Jihadist sites, Thabaat.net, which distributes Al Qaeda propaganda, is registered in Belgium and hosted in Denmark, a key target for Jihadists due to the Islamic cartoon incident.
The Associated Press reported in 2006 that Team Evil had begun hacking and vandalizing U.S. government Websites as early as 2004. In 2002, an Israeli hacker named Ehud Tannenbaum, known as "The Analyzer," was sentenced to 18 months in jail for breaking into computer systems at NASA, the Pentagon, and the Defense Department, among others.
By way of even-handedness it would be naïve to think this cyberwar is one sided: No Hamas-related Website is available, as they were effectively taken down and have been kept offline since mid-2008 by the pro-Israeli hackers, "Fanat al-Radical." A fascinating approach over the last few days is being made by an Israeli Website, "Help Israel Win," which provides a download so your PC can become part of a worldwide pro-Israeli botnet. So far 7,786 have joined, already a fairly powerful global computing force to, as they describe, "Disrupt our Enemy’s Efforts."
— Jart Armin, Editor of RBNexploit.com, a watch blog on the infamous RBN (Russian Business
Network), and HostExploit.com
This blog is part of Internet Evolution's Security Clan, which looks at the present and future threats to Internet security and the methods being used to defend and protect users and organizations. Register here to join the Security Clan, and you might become eligible to win one of our limited edition T-shirts.