Cyberwarfare Magazine

Warfare in the Information Age

The Palestine-Israeli Conflict on the Web

with 14 comments

As any conflict that happened in the 21st century, there is usually a parallel conflict raging online as well. Either commanded by individuals or groups, which can be helped or not by either government agencies or other interest groups, acts of cyberwarfare are getting more and more common. The conflict in the Gaza strip offers a new opportunity to explore this kind of activity. This time, reports of websites defacement are numerous and ongoing, some reporting that malware is spreaded from hacked websites and even an Israeli botnet is starting to grow in order to attack Hamas supporters servers.

Reports are now growing over hundreds of websites defacements of Western websites by Palestinians supporters1. Various Palestinian groups and supporters have been vandalizing Israeli and other western nation commercial websites by putting propaganda and redirecting to jihadist forums and/or uploading malware on the hacked web servers. Hackers mentioned in the article are Team Evil, DNS Team, Tw!$3r, KaSPeRs HaCKeR CreW, PaLiSeNiaN HaCK, MoRoCcAn HaCkErZ.

Palestinian Propaghanda insert into Defaced Websites

Palestinian Propaganda insert into Defaced Websites

Recently, sites from the U.S Army and NATO have also been targeted by the vandals2. Archived versions of the hacked NATO webpage can be found here and here for the hacked version of the U.S Army website. For now, only defacements have been reported and no real attack has occured. Web defacement is a very easy attack to do on web servers with weak passwords. Most of the time, the attackers are script kiddies using software such as AccessDiver with a list of proxies and wordlists to conduct dictionaries attacks on servers. Using AccessDiver is fairly simple and many tutorials can be found on YouTube. Other ways include of course exploits and SQL injections attacks. Surprisingly, no DDoS attacks have been reported yet, but a group of Israeli students launch the “Help Israel Win” initiative3. At the time of writing, the website was online available through Google’s cache. Anoher website (http://help-israel-win.tk/) has been suspended. The goal was to develop a voluntary botnet dubbed “Patriot” to attack Hamas-related websites:

We have launched a new project that unites the computer capabilities of many computers around the world. Our goal is to use this power in order to disrupt our enemy’s efforts to destroy the state of Israel4.

The website offered a small executable to download. This bot would receive commands as a normal criminal bot would. Hamas-friendly sites like qudsnews.net and palestine-info.info were targeted by the IRC botnet. Still according to the article, the botnet has come under attack by unknown assaillants5. No definitive number is given as to how many machines the botnet is controlling, it might range from anything from 1000 to 8000 machines6. Very few detail is given on how the bot actually works.

There was a very similar attempt to create a “conscript” botnet known as the e-Jihad botnet that failed to realized its objective last year, as the tool was unsophisticated and rather crude7. The e-Jihad tool had the same objective as the Patriot botnet, which was to launch DDoS attacks against various targets.

e-Jihad 3.0 Screen

e-Jihad 3.0 Screen

Nevertheless, this kind of parallel attack is due to become a popular civilian option to attack servers. The only thing needed is to create a solid botnet, by using some of the most sophisticated criminal botnets and transform them into voluntary “cyber-armies”. There is one problem thought…how can we make sure it’s legitimate ? Making such programs open source ? But then you reveal your command and control servers and information that could make the enemy hijack our own botnet. It then all comes down to a question of trust…and of course, a clear and easy way to remove the bot anytime.

See also :

“Army Mil and NATO Paliarment hacked by Turks”, Roberto Preatoni,  Zone-H, http://www.zone-h.org/content/view/15003/30/ (accessed on January 10, 2009)



1“Battle for Gaza Fought on the Web, Too”, Jart Armin, Internet Evolution, January 5, 2009, http://www.internetevolution.com/author.asp?section_id=717&doc_id=169872& (accessed on January 10, 2009)

2“Pro-Palestine vandals deface Army, NATO sites”, Dan Goodin, The Register, January 10, 2009, http://www.theregister.co.uk/2009/01/10/army_nato_sites_defaced/ (accessed on January 10, 2009)

3“Wage Cyberwar Against Hamas, Surrender Your PC”, Noah Shachtman, Danger Room, Wired, January 8, 2009, http://blog.wired.com/defense/2009/01/israel-dns-hack.html, (accessed on January 10, 2009)

4Copied from Google’s cache of help-israel-win.org

5Ibid.

6Hacktivist tool targets Hamas”, John Leyden, The Register, January 9, 2008, http://www.theregister.co.uk/2009/01/09/gaza_conflict_patriot_cyberwars/ (accessed on January 10, 2009)

7“E-Jihad vs. Storm”, Peter Coogan, Symantec, September 11, 2007, https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/170#M170 (accessed on January 10, 2009)

Advertisements

14 Responses

Subscribe to comments with RSS.

  1. war takes place in many ways, peace!

    MLMSALES

    February 2, 2009 at 11:57 am

  2. The Big Mak Contest has just started! I am giving away $180, 100K EC, ad spots, domain, hosting and a special prize. Visit http://www.makoyskie.com/2009/02/join-big-mak-blog-contest.html for more details.

    makoy

    February 6, 2009 at 11:37 pm

  3. What could be a way to counter a botnet of this magnitude? a antibotnet tool that use a worm’s kind of exploit and use it to remote remove the the bot? or attacking the server? with some kind of forensics we could find it and doing a direct attack to it?

    Entrepreneur Award

    February 8, 2009 at 4:11 pm

  4. Just passing by.Btw, you website have great content!

    _________________________________
    Making Money $150 An Hour

    Mike

    March 1, 2009 at 4:46 am

  5. Пора переименовать блог, присвоив название связанное с доменами 🙂 может хватит про них?

    Marinkina

    May 21, 2009 at 10:54 am

  6. Пора переименовать блог, присвоив название связанное с доменами 🙂 может хватит про них?

    Gavrilin

    May 22, 2009 at 6:59 pm

  7. Здравствуй! Спасибо за подаренные хорошие эмоции…

    Cederash

    May 23, 2009 at 4:14 pm

  8. Что ж… и такое мнение допустимо. Хотя, думаю, возможны и другие варианты, так что не огорчайтесь.

    Ferinannnd

    May 24, 2009 at 1:19 pm

  9. Спасибо за пост. Позновательно.

    Avertedd

    May 26, 2009 at 2:34 am

  10. Asking questions are genuinely fastidious thing if you are not understanding
    something entirely, however this article offers pleasant understanding yet.

    Quinn

    September 1, 2012 at 7:11 pm

  11. Hi there, I would like to subscribe for this webpage to take most recent updates, therefore
    where can i do it please assist.

    sms forex signals

    April 30, 2013 at 7:17 pm

  12. What’s Taking place i am new to this, I stumbled upon this I have found It positively useful and it has helped me out loads. I’m hoping to give a contribution
    & assist different customers like its helped me.

    Great job.

    SEO Organics

    May 7, 2013 at 8:43 am

  13. I like what you guys are up too. This kind of clever work and coverage
    keeps me reading! Keep up the fantastic work. I’ve added you guys to my personal blogroll.

    art paintings

    August 9, 2013 at 11:01 am

  14. Hello There. I found your blog using msn. This is a really well written article.
    I will make sure to bookmark it and return to read
    more of your useful information. Thanks for the post.

    I will certainly return.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: