Mideast Conflict Roars Into Cyberspace December 07, 2000 WASHINGTON, Dec. 7 (UPI) -- The fighting between Palestinians and Israelis has spread to cyberspace and after nine weeks shows no sign of slowing, said Stefan H. Leader, a security analyst for the U.S. Department of Energy. Pro-Israelis and pro-Palestinians are defacing Web sites, penetrating systems and using misinformation combined with viruses and Trojan horses to try disrupt each other's Internet activities, he said. According to sources at iDefense, an international private intelligence firm that monitors hacker activities in the public and private sectors, more than 130 or more Web sites have been targeted by both sides for denial of service attacks, system penetrations, insertion of viruses, attempts to gain root access, along with other tools of service disruption since the conflict reached full flood in October. At least two sites a day are being added to this total, said Ben Venzke, iDefense director of intelligence production, noting that pro-Palestinians have targeted 90 sites and that pro-Israeli hackers have hit "over 25." "I would say at the moment that the pro-Palestinians are winning -- they are taking a broader approach to targeting." said Venzke. According to Venzke, the hacker's war began after pro-Israel hackers created a site called Wizel.com, which acts as a host for FloodNet attack that reloads a Web page several times a minute, making the site useless or causing it to crash. Six Hezbollah sites, including the Hamas.org site and other informational sites went under, thanks to the attack. Israelis quickly set up other sites that included a.Israforce.com, SmallMistake, and Hisballa, among others. One attack on the Palestinian www.hezbollah.org site that showed Israeli ground force attacks in Gaza, particularly incensed the Palestinians, said Venzke. The Palestinians responded with coordinated attacks by a "cyber-jihad" group called Unity on Wizel.com and some key Israel financial sites, including the Tel Aviv stock market and the Bank of Israel. The hit on the Israeli stock market caused it to plunge by eight percent, Leader said. One tactic of the pro-Palestinian hackers has been to distribute a dozen world macro viruses to use against Israeli sites. "To find viruses on Internet is not unusual, but this was," said Venzke. The viruses include the LoveLetter, CIH and the Melissa viruses along with others, all of which are designed to attack and cripple Israeli sites. They are offer users use of the programs with a disclaimer that says: "I swear to use these programs only against Jews and Israelis," according to Venzke. It's a twist on the disclaimer used by the virus-writing community, which offers programs by saying, "Anyone using these programs must swear that they will not be used for malicious for only for educational purposes." Another potent weapon is the EvilPing which launches a "ping death attack" that when used simultaneously by several users, can crash a site. There is also the QuickFire, a tool that sends 32,00 e-mails to the victim's site from what appears to be the same address. The attack is repeated without rest until the e-mail server is disabled and crashes. According to Venzke, it's been used successfully against the Israeli Foreign Ministry site and its e-mail address. One of a number of hacking tools, QuickFire has been around a long time. It works this way: on your Web interface screen you enter the address you want to attack, and you enter the number of messages you want to send, which can be as high as 32,000. With a click of the mouse, you send 32,000 e-mails off to the targets server. Most e-mail servers are robust and user-friendly, said Venzke. If you suddenly get 10,000 messages, you realize, I'm being attacked, and can shut your server down. But once you put server back up, the messages come back in, long after attacker has gone to sleep, and they keep coming incessantly until the server crashes, he said. All the messages come from the same address, but pro-Palestinian hackers randomly change the address which makes the attacks harder to filter out, Venzke said. If four or five people are using QuckFire, a server could be in real trouble. Other pro-Palestinian hacker weapons include WinSmurf, HTTP Bomber 1.001.b, FakeMail, Attack 2.51. defend, and PutDown. Unity, an extremist group with ties to Hezbollah and other groups, has been behind one of the most organized efforts on pro-Palestinian side and has divided its battle plan into four phases. Phase one of their "cyber jihad" aimed at crashing Israeli government sites. Phase two included hitting the Bank of Israel and Tel Aviv stock market. Phase three targets the Israeli ISP infrastructure and strikes at the sites for Lucent Technologies, the U.S. high-tech company, and Golden lines of Israel, both providers of telecommunications services. The fourth phase is to be the destruction of Israeli e-commerce sites, Unity says, the purpose being to divert funds from Israeli Defense Forces into computer and Internet security and easing pressure on the Palestinian authority. Phase four worries Leader. "That seems to me to be the really dangerous threat, " he said. By rendering the site inoperable and closing down business entirely for significant intervals of time, losses could run into the "million and millions of dollars," he said. In the case of Lucent Technologies, Leader said that an "authentic-looking" but bogus Israeli Army Web site was created in the Lucent Technologies Net Service in early November. The "defend" hacker tool that requires thousands of hackers to hit the site at the same time to be effective then attacked Lucent. Because of effective countermeasures, Lucent survived the attack, he said. Lucent Technologies did not return phone calls. The latest addition to the pro-Palestinian hacker onslaught has been the G-Force Group from Pakistan. They previously were active in cyber-warfare in India over the Kashmir campaign. In their first two to three weeks of activity, they hit 20 sites, Venzke said. A number of pro-Israeli sites responded by defacing the Iranian Agricultural Web page, and the hackers said they would target all Iranian Lebanese and Pakistani sites. Another late addition in the pro-Palestinian lineup is the Iron Guards. The group launched their first operation a week ago, hitting Israeli sites. They have relied on the FloodNet tool in their attacks, Venzke said. But what alarms him most is the growing sophistication and intensity of the conflict. On Nov. 3, Cognifit.com.il, a company that provides services for Israel's elderly had its Web site defaced by a pro-Palestinian operator named Dodi. On the site, Dodi proclaimed that he could shut down the Israeli ISP Netvision that claims to host 70 percent of the country's Web traffic. Venzke isn't sure who Dodi is but acknowledges dodi is talented and has a great potential for destruction: "In one of his site defacements was a code, a shell code, that if installed in your computer, would, at a predetermined time, erase every single document in your computer, then use your computer to launch a hostile attack on a target. Thus a fake IDF site would appear to be attacking the Bank of Israel," Venzke said. IDefense knows the Dodi code works because they tested it, he said. "What is interesting is the involvement of terrorist groups like Hamas and Hizbullah. They are actively supporting recurring cyber-based attacks," Venzke said. Asked if the pro-Palestinians and Israelis could escalate into attacking each other's power girds and telecommunications, Venzke said, "It's a real possibility." (C) 2000 UPI All Rights Reserved. -- archive: http://theMezz.com/cybercrime/archive unsubscribe: [EMAIL PROTECTED] subscribe: [EMAIL PROTECTED] url: http://theMezz.com/alerts ___________________________________________________________ T O P I C A http://www.topica.com/t/17 Newsletters, Tips and Discussions on Your Favorite Topics