2009-01-05

CyberWar - The Battle for Gaza

Whatever your personal perspective of the rights and wrongs of the current Arab-Israeli war in Gaza, there is a second front being fought on the Internet. This form of warfare is a battle of words and often vivid imagery engaged by hackers from either side of the divide. The image shown here is a highly graphic example from a defaced Israeli commercial website, hacked by “DNS Team” today.

Many are familiar with the explosive form of botnet based DDos (direct denial of service) style of cyberwarfare carried out and widely reported, against governmental web sites in Estonia in 2007 or Georgia in August 2008. In fact this particular cyberwar in the Middle East has been ongoing since at least 2001. As the Internet mirrors the real world, this cyberwar waxes and wanes as the ground warfare fans the flames on the Internet at times such as this.

Of considerable interest to Internet security in general are the tactics utilized. As these reflect the application of many sophisticated cybercrime hacking techniques better known for commercial means, and is important to any commercial or governmental network operation.

Although at first sight it would seem this is only of consequence to Israeli or Arab web sites this is not the case. For example many US, French, Spanish, UK, and Danish web sites are currently being defaced by hacking at the current rate of hundreds per hour. Many such defaced hacks are merely an inconvenience for the webmaster, however many appearing over the last two days is also containing malware links. Many are also provided with redirects or flash links to Jihadist forums or blogs, caused by SQL attacks.

A few days ago the “Team Evil” Islamic group used a DNS attack on DomainTheNet's registration system server which redirected many well known Israeli web sites such as ynetnews.com, weather Forecast website, public utilities, and Bank Discount, and rerouting users to a page featuring anti-Israel messages. DomainTheNet is a multinational registration service provider (RSP), which offers registration and site-hosting services. The of the names used in the hacking; Team Evil, DNS Team, Tw!$3r, KaSPeRs HaCKeR CreW, PaLiSeNiaN HaCK, MoRoCcAn HaCkErZ, et. al., apparently emanate and have been reported as coming from Morocco.

In fact by tracking back to the associated routings and linked forums these activities are originating from Saudi Arabia and Turkey. As three embarrassing examples of the enemy within; Jihadist communication sites and forums; Anashed Net is registered in Saudi Arabia but hosted by Layered Tech and Raslny com is also registered in Saudi Arabia but hosted by SoftLayer, both hosts based in Plano Texas, USA. As Internet-Haganah (an Israeli website that tracks Jihadist sites) reports, Thabaat net which distributes Al Qaida propaganda is registered in Belgium and hosted in Denmark, ironically a key target for Jihadists due to the Islamic cartoon incident.

The Associated Press reported in 2006 that Team-Evil had begun hacking and vandalizing US government websites as early as 2004. In 2002, an Israeli hacker named Ehud Tannenbaum, known as "The Analyzer", was sentenced to 18 months in jail for breaking into the NASA, Pentagon, and Defense Ministry computer systems, among other virtual locations.

By way of even handedness it would be naïve to think this cyberwar is one sided, no Hamas or related web site is openly available as these were effectively taken down and have been kept offline from mid 2008 by the pro Israeli hackers “Fanat al-Radical”. A fascinating approach over the last few days is being made by an Israeli website ‘Help Israel Win’ which provides a download so your PC can become part of a worldwide pro-Israeli botnet. So far 7,786 have joined in, already a fairly powerful global computing force to, as they describe “Disrupt our Enemy’s Efforts”.

A final word of warning the download has been analyzed as ‘Win32/Injector.K’ a well known PC hijacking trojan used in cyber crime. As is the case in cyber warfare, who is who and whether the hacking is being directed by governmental intelligence forces, criminal groups, or hacktivists is always a question.