Israeli Hackers Vow to Defend

Carmen J. Gentile 11.15.00

A group of self-described ethical hackers are taking the reins of the Israelis' Web networks into their own hands in the Middle East's cyberwar.

Known as the Israeli Internet Underground, the coalition of anonymous online activists from various Israeli technology companies has set up a website to disseminate information concerning the ongoing battle in cyberspace.

According to the IIU mantra, they are "dedicated to the Israeli spirit and united to protect Israel on the Internet against any kind of attacks from malicious hacking groups."

The site claims to provide a comprehensive list of sites that were hacked by Arab attackers since the cyberwar went into full swing on Oct. 6.

Listed are over 40 Israeli sites that have been defaced and vandalized by various hacking groups. The number coincides with estimates provided by officials at iDefense, an international private intelligence outfit in Washington that is monitoring the ongoing war.

IIU also provides a list of Israeli sites that they believe run services with commonly known security holes like BIND NXT overflow, IIS 4 holes and FTP format string bugs.

Examples of defacements by Arab hackers such as the one perpetrated on the homepage of Jerusalembooks.com, one of the largest Jewish booksellers on the Web, serve as a warning to those Israeli sites with suspect security.

The Jerusalembooks.com text and graphics were recently replaced with the word "Palestine" in flaming letters and with text asking Israelis if the torah teaches them to kill innocent kids and rape women. The site is currently under construction due to the attack.

Taking credit for the attack is the group GForce Pakistan, a well-known activist group that has joined forces with Palestinians and other Arab hackers in fighting the cyberwar against Israeli interests.

Working alongside the group is the highly skilled Arab hacker named dodi. On November 3, dodi defaced an Israeli site and stated he could shut down the Israeli ISP NetVision, host of almost 70 percent of the country's Internet traffic.

Though petty defacements and racial slurs have been the norm on both sides of the battle, Arab hackers like dodi have promised to kick the war into high gear in the coming days, implementing what they refer to as phases three and four of their "cyber-jihad."

The Muslim extremist group UNITY, with ties to Hezbollah, laid out a four-part plan for destroying the Israeli Internet infrastructure at the onset of the cyberwar. Phase four culminates in blitzing attacks on e-commerce sites, "causing millions of dollars of losses in transactions."

IIU said there is already evidence of phase-four attacks, such as the destruction of business sites with e-commerce capabilities, which they believe caused a recent 8 percent dip in the Israeli stock exchange.

"The current onslaught of cyber attacks against Israel's key websites is perhaps the most extensive, coordinated malicious hacking effort in history," said Peggy Weigle, president and CEO of Sanctum Inc., a security firm based in Santa Clara and founded by two Israelis.

"ISPs and e-businesses must recognize the need to install protection that goes beyond firewalls to provide real security against application-level assaults."

In order to thwart future attacks, IIU has created what they call the "SODA project" (sod is Hebrew for secret). The stated goal of the project is "to inform and provide solutions wherever we can and therefore protect our sites against political cyber vandalism." It lists those websites with security vulnerabilities, making them susceptible to future attacks by Islamic groups.

The SODA project formed an alliance with the Internet security firm 2XS Ltd., which is linked to the site and agreed to provide security advice for casualties of the cyberwar. Though 2XS Ltd. does not accept responsibility for IIU actions, company CTO Ehud Tenebaum founded the group back in 1996, when he went by the name "Analyzer."

According to Tenebaum, on Nov. 3, IIU contacted 2XS Ltd. to share their idea of creating a site for publishing vulnerability alerts. "I liked the idea and took it to our management," said Tenebaum.

Another link on the SODA project is the Internet security information forum SecurityFocus.com, a resource guide to online security links and services based in San Mateo, California. Technical editor for SecurityFocus.com, Ryan Russell, said the site is not taking any sides in the Middle Eastern war, though he believes that the attackers seem to have the upper hand.

"Typically, the odds are heavily in the attackers' favor -- the attacker can launch attacks against any number of sites for little to no cost," said Russell. "They only need to find one vulnerable victim to succeed, perhaps after checking thousands of potential victims."

Since both Arabs and Israelis are launching volley after volley against the others' sites, Russell believes that neither faction gets to play the victim in this war. "The victims ends up being citizens and businesses in the affected area," he said. "Unfortunately, I guess that's not uncommon in that part of the world."

via wired.com