Archive for the ‘Cyber Terrorism’ Category
As any conflict that happened in the 21st century, there is usually a parallel conflict raging online as well. Either commanded by individuals or groups, which can be helped or not by either government agencies or other interest groups, acts of cyberwarfare are getting more and more common. The conflict in the Gaza strip offers a new opportunity to explore this kind of activity. This time, reports of websites defacement are numerous and ongoing, some reporting that malware is spreaded from hacked websites and even an Israeli botnet is starting to grow in order to attack Hamas supporters servers.
Reports are now growing over hundreds of websites defacements of Western websites by Palestinians supporters1. Various Palestinian groups and supporters have been vandalizing Israeli and other western nation commercial websites by putting propaganda and redirecting to jihadist forums and/or uploading malware on the hacked web servers. Hackers mentioned in the article are Team Evil, DNS Team, Tw!$3r, KaSPeRs HaCKeR CreW, PaLiSeNiaN HaCK, MoRoCcAn HaCkErZ.
Recently, sites from the U.S Army and NATO have also been targeted by the vandals2. Archived versions of the hacked NATO webpage can be found here and here for the hacked version of the U.S Army website. For now, only defacements have been reported and no real attack has occured. Web defacement is a very easy attack to do on web servers with weak passwords. Most of the time, the attackers are script kiddies using software such as AccessDiver with a list of proxies and wordlists to conduct dictionaries attacks on servers. Using AccessDiver is fairly simple and many tutorials can be found on YouTube. Other ways include of course exploits and SQL injections attacks. Surprisingly, no DDoS attacks have been reported yet, but a group of Israeli students launch the “Help Israel Win” initiative3. At the time of writing, the website was online available through Google’s cache. Anoher website (http://help-israel-win.tk/) has been suspended. The goal was to develop a voluntary botnet dubbed “Patriot” to attack Hamas-related websites:
We have launched a new project that unites the computer capabilities of many computers around the world. Our goal is to use this power in order to disrupt our enemy’s efforts to destroy the state of Israel4.
The website offered a small executable to download. This bot would receive commands as a normal criminal bot would. Hamas-friendly sites like qudsnews.net and palestine-info.info were targeted by the IRC botnet. Still according to the article, the botnet has come under attack by unknown assaillants5. No definitive number is given as to how many machines the botnet is controlling, it might range from anything from 1000 to 8000 machines6. Very few detail is given on how the bot actually works.
There was a very similar attempt to create a “conscript” botnet known as the e-Jihad botnet that failed to realized its objective last year, as the tool was unsophisticated and rather crude7. The e-Jihad tool had the same objective as the Patriot botnet, which was to launch DDoS attacks against various targets.
Nevertheless, this kind of parallel attack is due to become a popular civilian option to attack servers. The only thing needed is to create a solid botnet, by using some of the most sophisticated criminal botnets and transform them into voluntary “cyber-armies”. There is one problem thought…how can we make sure it’s legitimate ? Making such programs open source ? But then you reveal your command and control servers and information that could make the enemy hijack our own botnet. It then all comes down to a question of trust…and of course, a clear and easy way to remove the bot anytime.
See also :
“Army Mil and NATO Paliarment hacked by Turks”, Roberto Preatoni, Zone-H, http://www.zone-h.org/content/view/15003/30/ (accessed on January 10, 2009)
1“Battle for Gaza Fought on the Web, Too”, Jart Armin, Internet Evolution, January 5, 2009, http://www.internetevolution.com/author.asp?section_id=717&doc_id=169872& (accessed on January 10, 2009)
2“Pro-Palestine vandals deface Army, NATO sites”, Dan Goodin, The Register, January 10, 2009, http://www.theregister.co.uk/2009/01/10/army_nato_sites_defaced/ (accessed on January 10, 2009)
3“Wage Cyberwar Against Hamas, Surrender Your PC”, Noah Shachtman, Danger Room, Wired, January 8, 2009, http://blog.wired.com/defense/2009/01/israel-dns-hack.html, (accessed on January 10, 2009)
4Copied from Google’s cache of help-israel-win.org
6 “Hacktivist tool targets Hamas”, John Leyden, The Register, January 9, 2008, http://www.theregister.co.uk/2009/01/09/gaza_conflict_patriot_cyberwars/ (accessed on January 10, 2009)
7“E-Jihad vs. Storm”, Peter Coogan, Symantec, September 11, 2007, https://forums.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/170#M170 (accessed on January 10, 2009)
The Department of Homeland Security seeks ideas on how to retrieve information in blogs and forums about the potential use and fabrication of Improvised Explosive Devices (IEDs). The DHS thinks that by analyzing information posted on blogs and forums in real time, it may be able to counter the use of IEDs on the field. They are therefore looking for “Indicators of Intent to Use Improvised Explosives (IEDs) available in Blogs to support the Counter-Improvised Explosive Devices (C-IED) Program.“
Any potential person interested would have to:
“2) developing objective, systematic data collection and retrieval techniques to gather data on a near real-time basis from blogs and message boards. Data will be collected at multiple, pre-determined times to evaluate the transmission of information over time, and should include metrics for determining the impact factor and usage patterns of the blogs and message boards. 3) identifying blogs and message boards utilized or favored by groups that engage in violent or terrorist activity to include in the study. Blogs and message boards must be representative of various characteristics of the larger populations of interest. and 4) collecting quantitative and qualitative data from the bloggers to evaluate such issues relating to knowledge of the preparation and execution of violent activities, including IED attacks.“
Now, I can think of so many ways to defeat this kind of surveillance. Encryption for one. Second, don’t use blogs or forums from the Internet to show where you will plan your next attack. Use a virtual private network (VPN). Maybe by looking for blogs or forums, they may find the stupidest insurgents/terrorists or teenagers that think they are cool, but the vast majority of them know how to use technology and have learned about encryption. A private web server would do the job also…Imagination is the limit!
“DHS: Scour Blogs to Stop Bombs”, Noah Shachtman, October 31, 2008, http://blog.wired.com/defense/2008/10/dhs-scour-blogs.html (accessed on October 31, 2008)
 “Counter-Improved Explosive Devices Blogging”, Department of Homeland Security, Sollicitation Number: HSHQDC-09-R-00004, October 28, 2008