Israel, the land of Stuxnet and Duqu and home of a sophisticated cyberwarfare capability pursued both by Mossad operatives and the IDF’s Unit 8200, has received a small comeuppance. While it was busy figuring ways to penetrate Iran’s computer defenses and sabotage its purported nuclear program, Anonymous decided to (Hebrew) hack into the websites of various official Israeli government agencies and bring them down:
In a video that was uploaded to YouTube, the group [Anonymous] warns that if the siege on Gaza is maintained, it will have no choice but to go on the attack.
On Sunday, the websites of the IDF, Mossad and the Shin Bet security services were down.
The Hebrew version says the Government of Israel website was also brought down. I must say it seems rather odd that the website of Israel’s intelligence and military, among the most technologically sophisticated at cyberwarfare would have the sorts of vulnerabilities that Anonymous could exploit. Though the intelligence agencies emphasized that their internal sites, where most of their dirty work is done, were not affected.
The government released a statement denying that Anonymous had brought down the sites, feebly claiming that an unspecified “malfunction” had done so. I got news: malfunctions happen to one site, maybe two, but not all of the major external sites of the Israeli government. That’s not a random failure, but something organized and coordinated like what Anonymous is capable of doing. Haaretz, rather humorously, calls the group “an international cabal,” rather like the Elders of Zion I imagine.
I think this shows that even the most secure nations, intelligence services, and websites can be penetrated and havoc wrought. Which is precisely my argument regarding Stuxnet: if we sow the seeds of sabotage inside Iran Israel will eventually reap the whirlwind inside its own borders. Someone somewhere will figure out how to do what Israel what it has done to others. It’s a version of the old adage:
Do unto others as you would have them do unto you.
So if you “do” Iran, Iran (or Anonymous) will “do” you too.
Daniel F. says
The IT support for Israeli government websites is grossly insufficient.
This had to happen sooner or later.
Zhu Bajie says
Are they still using Windows? Putin recently ordered Russia to go all-open source. Brazil’s government has been using Linux for quite some time.
In all fairness, a denial of service attack is a minor nuisance compared to Stuxnet. It’s the sort of thing any committed teenager can do and has caused zero operational damage to the underlying organizations attacked. It’s like the difference between a child kicking you in the shins and a sock in the Jaw by Mike Tyson in his prime, times 10. If this is the best payback those opposed to Israel can muster well… it hardly disincentivises them from more cyber attacks against the Iranian nuclear program.
Richard Silverstein says
And you’re an expert in these matters because of what expertise you possess? To engineer a DOS attack on almost all the major Israeli government websites is quite a feat. If the government can’t defend against this that tells you their security folks are asleep at the switch.
And please don’t mangle the English language by creating or repeating such horrors as “disincentivize.” It makes me cringe.
It’s really not quite a feat.
Anonymous uses a freely distributed application called LOIC (Low Orbit Ion Cannon) to attack its targets. It uses it’s host forum (4chan) and other channels (IRC, pastebin, etc.) to inform people of their targets. The application is very simple and the only thing it does is repeatedly send requests to the inserted IP address. When Anonymous decides to attack a target, a hoard of teenagers (okay, sometimes people in their twenties) insert the given IP address into the application and hit the button.
That’s all it takes.
Richard Silverstein says
Sorry, I don’t believe you. And the fact that you offer no proof that what you say is true gives it even less credence.
I wish you’d give me some credit. Have I ever deliberately lied here before?
LOIC’s Wikipedia page
Use of pastebin by Anonymous
Finally, I have PERSONALLY participated in several AnonOps. It’s all over goddamn Google. For example, Operation Payback.
I would be surprised if Anonymous used LOIC. It is a tool for script kiddies that effectively gives the identity of the attacker to the target. It is designed to catch red-handed wannabes rather than be used by the real mccoy.
Then consider yourself surprised, I believe. Anonymous have used LOIC to bring down much larger and better secured websites. If you ever participated or spectated one of their coordinated attacks on IRC, you would have seen many people complaining that their IP got banned, and that they are restarting their routers; others might stupidly use a proxy and unintentionally DoS their proxy; and of course there are those who would claim that they are about to operate their x-strong botnet to attack the target.
Botnets may have been used in this attack (I doubt they’d be necessary if even a couple of hundred anons participated), but LOIC is always used by the significant majority of the participants.
Really Richard? Are you going to question everything I say based on my expertise? Was I a Martin Buber expert? Hardly. And yet… Anyhow, bygones.
There are ample botnets all over the Internet. Befriend the right botherder on the right IRC channel or message board and orchestrating something like what happened to the Israeli sites is literally child’s play – especially compared to the real havoc wreaked by Stuxnet with it’s millions of lines of massively complex code and its insertion into a closed system not connected to the Internet or any open network. Denial of Service attacks have been successfully launched against otherwise technologically advanced operations like Google, Twitter, PayPal etc. some of these companies go to great lengths to protect their sites and yet they were still shut down. Denial of Service attacks generally affect the site’s data and it’s easy to prevent permanent damage – though for transactional web sites, being offline can cost millions in lost sales. None of the sites affected were commerce oriented and the losses were minimal. Like I said, nothing compared to Stuxnet.
One needn’t be an expert to make such an observation, one need only be well read, which I am. But don’t take my word for it, ask anyone you like. Call any expert. They’ll tell you the same thing I just did.
Richard Silverstein says
If what happened today was “child’s play” it would’ve happened long before this. Again, you are no expert. You have no idea how hard or easy it would be to bring down these sites. The fact that there are squads of Israeli gov’t cybersecurity experts whose job is to prevent precisely this sort of incident and that they failed indicates you’re whistling in the wind. BTW, you don’t know what brought the sites down. It may’ve been a DOS attack or may’ve been something else. I’d like to think that the Israeli gov’t would’ve protected its sites fr a DOS attack. If it didn’t its security experts are more Mickey Mouse than I thought.
You read, but that doesn’t mean you’re well-read. The “experts” don’t say anything like what you say. And you haven’t presented any “expert” to support yr claim.
The sites of the Mossad and Shabak that collapsed are not their actual operational sites but are only their public relations site for people wishing to make contact or for recruitment.
When/if they’re back up, go into them and you’ll see they contain nothing of any interest.
Richard Silverstein says
I wrote that precisely in the blog post. But that’s not the point. The point is that official websites of the Israeli gov’t were brought down by Anonymous. If this story contained “nothing of any interest” you wouldn’t bother trying to minimize it and Haaretz wouldn’t have reported it.
I personally believe that it was Anonymous who brought down the sites, and that the Israeli government lied when it said something else had caused downtime.
This is certainly a story, but not the one you have written. The real story is how sad it is that all governmental Israeli websites do not support any non-IE browsers, have crappy and dated interface, and are not backed up with any reliable security.
Anonymous have taken down websites that actually posed some challenge. These websites were not built and designed with the thought of significant traffic in mind.
These sites have little to no operational value. Past confirmed attacks by Anonymous used relatively simple distributed denial of service attacks that managed to knock out Syrian and Iranian government Web sites as well as those of Via, Mastercard and PayPal. The only expertise Anonymous brings to the table in such attacks is their accessibility to a network of willing participants. Which isn’t to say that Anonymous isn’t capable of more masterful hacking. They hacked the heck out of the BART web site and managed to get their hands on and subsequently release, the usernames and passwords and email addresses of 120,000 subscribers. Anonymous itself stated, and I quote, that any eight year old with Internet access could have hacked the passwords because they were insecurely stored.
Shai got it exactly right, whether you believe him or not. The Israeli government of course denies that the sites went down due to an attack. They claim it was a server malfunction totally unrelated to Anonymous but that stretches the bounds of credulity. Defending against a DDOS attack is difficult, but once it begins, qualified Network admins can shut it down within minutes or hours depending on how many bots are involved.
Keep in mind that participating in a DDOS attack is a Federal offense subject to 10 years incarceration in the US. That might explain why Anonymous doesn’t do this sort of thing every day – but as this story gets fleshed out with facts I am pretty sure you’ll find that what I am saying is accurate.
lets keep things in proportions. one, it was most likely a simple ddos that took these sites down. two, what’s important is, were the servers compromised? was any data stolen? this, time will tell. the reason I believe its a ddos is, all these site sit on one server, as a simple robtex inquiry will show you. these are not the secure, operations servers (milnet) which are isolated from the web. duqo was proved Israeli made (one image it used for its steganography communication originated from Israeli IP), keep in mind that since the h.b federal fiasco, anon has stuxnet sourcecode. peace
Israel’s hubris prevents it from recognizing some truths:
(1) no matter how equipped and accredited your cyberwarfare crew is, there will always be a post-pubescent teenager in Estonia that will bring your entire house down from his mother’s basement. This is an unbendable and natural law regarding the Internet and modern technology. Thus, before you go on the offensive, it’s best to secure your own base (fail here);
(2) Stuxnet provides a glimpse into Israeli militarism: they are willing to cause a major nuclear disaster, and risk a major industrial (nuclear or worse) disaster anywhere else the rogue code shows up, to retain a false hegemony (through coercion) throughout the world. Thus, when Japanese journalists point the fingers at Israeli sabotage at Fukushima, there are more supporting facts to the claim than there should be, and in addition, corroborating evidence as Israel’s modus operandi.
Was this a major setback for Israel? No, it was an opening volley — denial of service attacks should never be considered “hacking”, they’re far too simple and non-invasive (literally, they just clog up the internet pipes so that others can’t access the websites). Was it meant to send a message to Israel? Absolutely: Anonymous is amorphous and more solicitatious than “Al Qaeda” as it is known now (SITE and MEMRI’s homemade creation) ever was, and they are capable of finding vulnerabilities, even if superficial. Certainly, Israel’s calculus for security has always included a “Samson option”, but how will Israel use its military power to defend against this type of enemy, an Anonymous face that represents truth and justice?
Steve Naidamast says
As a software engineer with 35+ years of technical experience and who has extensive experience in designing web-based applications, I can categorically say there is no such thing as security on the Internet. There are many things you can do to make an application “more secure” but these are mostly for deterring casual intruders. Using secure socket layers ups the ante considerably. However, a knowledgeable security specialist, which is what most sophisticated “hackers” are, can always find a way around the best designed systems in this respect.
Of course the Israelis will claim that the recent Anonymous attacks had nothing to do with their current web site issues and of course they will claim that no internal sites were affected. What else would anyone expect?
However, attacking public facing sites as Anonymous allegedly did, was a cake-walk for them. And breaking into the more important, internal sites is just a matter of time before they find a key. And they will find a key no matter what the best Israeli security experts try to do to hide all of them… It is done all the time…
I hope you realize the internal sites are completely isolated from the Internet.
Steve Naidamast says
If you can break into a public facing site you can “ride the beam” to an internal one. Most importantly, many public facing sites access databases, which is what hackers are actually looking for and cracking these databases from the outside is done all the time…
In addition, the weakest link to any internal site is the user password, which are often lost, stolen, or simply given away for nefarious purposes.
The first major hacker attack occurred in the 1980s when a Romanian specialist used computers in several nations including the one at the Palo Alto Observatory in California to break into classified US Army computers in Florida. They didn’t have the Internet then and things were more secure. Now we do and its security is about as porous as a Pakistani border (they are porous because they are so difficult to patrol as result of the mountainous regions)…