After the ceasefire of the 21st of November, the cyber attacks against Israel, executed in name of OpIsrael, have come to a break.
The contemporaneous ceasefire in the real world and in the cyber space has confirmed the two dimensional nature of this conflict. A conflict in which even the social media played a crucial role: IDF chose Twitter to make the first official announcement of the airstrike that killed Ahmed Al-Jaabari, and subsequently during the stages of operation Pillar of Defence Twitter has been intensively used by the two opposite factions for actions of propaganda, psyops, and even to divulge official news of the war operations.
Since the Ion Cannons are not shooting, this is the best moment to analyze the cyber attacks. At this purpose, in the following table I tried to summarize the timeline of the main events that have characterized this operation (and in general all the cyber attacks executed against Israel since the 14th of November).
Of course I do not pretend to be exhaustive: more than 44 million of cyber attacks in a week are impossible to enumerate singularly.
This November 2012 seems really to be endless from an Information Security Perspective. We have assisted so far to a remarkable number of Cyber Attacks.
As usual is it time to provide the partial snapshot of November taken from the corresponding Cyber Attack Timeline and covering the first half of the month. Please notice that the stats below do not include the following events:
- The massive leak of Team Ghostshell for ProjectBlackStar (2.5 million accounts leaked from different targets in Russia);
- The Cyber Attacks executed by the Anonymous and the other affiliated collectives for OpIsrael.
The above attacks have been executed on a much wider scale so counting the singe events would be senseless. Anyway other Sites have done an excellent Job for the aggregated stats of those attacks, see for instance OZDC.net for Project Black Star, and OpIsrael.
With this in mind let us proceed to examine the Daily Trend Of Attacks. Please notice the peak of November 5 (no need to comment it!):
Of course the Motivations Chart reflects this trend with the 60% of the attacks considered in my sample led by hackitivism. Apparently no different motivations than Hacktivism and Cyber Crime have been observed in this period.
I use not to take into considerations defacements, but this time their impact on the past two weeks has been very high. This is clearly shown in the Techniques Chart, where they rank at the first place, together with SQL Injection, with the 33% of occurrences:
As usual, the Target chart shows that Governmental targets rank at number one, immediately followed by targets belonging to Industry. Please notice the peak of Torrent Sites. This is due to the waves of DDoS Attacks carried on by Zeiko Anonymous, only because he has not been able to obtain an invite to a close torrent forum. Nothing to add: the reasons for hacking may range from Cyberwar to “simple” whims.
Please, as usual, take the sample very carefully since it refers only to discovered attacks (the so-called tip of the iceberg), and hence does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated), at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
- October 2012 Cyber Attacks Statistics (hackmageddon.com)
According to the French Magazine “L’Express” earlier in May some computers in the offices of former France’s president Nicolas Sarkozy have been victims of a targeted attack carried via a Flame variant.
What is surprising is not (only) the fact that this is the first known case of a Flame infection out of the Middle East, but most of all the fact that the malware was allegedly implanted by U.S. Hackers.
The attack was successful and, according to the French magazine, the attackers were able to get to the heart of French political power, harvesting the computers of close advisers of Nicolas Sarkozy and obtaining “secret notes” and “strategic plans”.
The attack model resembles a spy story: the attacker crafted a false profile on Facebook (a bogus friend of someone who worked for the president’s office) and successfully used that profile to contact (and compromise) personnel working at the President’s Office (The Elysèe).
After contacting the unaware victims, the attacker sent them a malicious link to a fake Elysée webpage, where they entered their real login and password details that the attacker used to hack into the network and spread the Flame variant.
The reasons of the attack are unknown.
It is really interesting to notice the growing role of “Cyber-Propaganda” inside the Cyber War (yes, now we are authorized to use this term after this statement) that the Anonymous collective has declared against Israel.
On one side the cyber-attacks are escalating. After the list of 700 websites defaced or totally deleted (including the databases of The Bank Of Jerusalem and the Ministry Of Foreign Affairs), in the last hours the hacktivists have dumped a list of donors for the Unity Coalition for Israel (“the largest network of pro-Israel groups in the world”), hacked and defaced the Israeli Bing, MSN, Skype, Live websites, and leaked information of 5000 Israeli Officials.
On the other side, Israeli officials are downplaying the impact of the attacks claiming that “Anonymous’ Massive Cyber Campaign has been a flop”. According to the Israeli Finance Minister, Yuval Steinitz, on the wake of the dramatic events of Gaza, Israel has been hit by 60 million of hacking attempts (“normally” Israel faces hundreds of attacks every day). The minister also claimed that all of the attacks have been mitigated, except one that has been able to knock a website offline for only 10 minutes.
Looks like the two contenders are representing two completely different scenarios.
The way in which the two contenders are representing the same events confirms that the battlefront is completely two-dimensional even considering the actions of propaganda which now also include the reports of the cyber-operations. Maybe in this case the Israeli situation in the cyber-plane is pretty much different (and pretty much complicated) since it has not a single state (or a finite number of states) to counter-attack, but a huge widespread network of “volunteers” which is practically impossible to strike.
The first half of November 2012 has been undoubtedly characterized by Hacktivism. Not only the month has begun with the ProjectBlackStar by the infamous Team Ghostshell (2.5 million accounts leaked belonging to different Russian sectors), but also the long-awaited November 5 has brought an unprecedented wave of Cyber Attacks against organizations all over the world, including Symantec and the UK Ministry Of Defence (more than 3,000 accounts leaked in both cases).
Moreover, after the dramatic event of the 14th of November (the killing of Ahmed Al-Jaabari, the commander of the military wing of Hamas by an Israeli missile and the consequent Operation “Pillar Of Defense”), the Anonymous have started a massive campaign of Cyber Attacks against Israel sites and in support of Palestine. This campaign is still ongoing even if it is really impossible to track all the attacks (nearly 700 defaced web sites so far), and hence, as far as possible, only a general overview is provided.
Of course these events have shadowed the other attacks, including the ones to LG (3,300 accounts leaked in two different cyber attacks) and Adobe (150,000 records allegedly compromised).
The chronicles also report of an alleged cyber attack against Telecom Italia (30,000 accounts allegedly leaked), even if there several doubts about the real authenticity of this attack.
If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 and the related statistics (regularly updated), and follow @paulsparrows on Twitter for the latest updates.
Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).
The Israeli Cyber Space is under attack by Anonymous hackers in retaliation for the Israeli operation “Pillar of Defence“. The military operation began on Wednesday with the killing of Ahmed Al-Jaabari, the commander of the military wing of Hamas, whose car has been hit by an Israeli Missile
If Hamas’s armed wing, immediately after the attack, replied that “The occupation has opened the gates of hell”, the ongoing wave of cyber-attacks against Israeli sites initiated by the Anonymous collective (under the so-called OpIsrael), has analogously opened the gates of hell in the cyber-space.
So far the Anonymous claim that more than 660 websites have been defaced and nearly 90 completely deleted (including the Bank Of Jerusalem), and the list keeps on growing as the cyber-offensive continues (just follow the #OpIsrael hashtag on Twitter). Israel is suffering a growing number of DDoS and SQLi attacks against governmental, retail, and business targets resulting in sites down, data dump and, in the worst cases, databases completely erased. Interestingly, this wave of cyber-attacks has also deserved the attention of the “semi-official” Iranian news agency Fars News, which has dedicated an article to the Anonymous Hacks.
In the past four days, Israel claims to have deflected 44 million cyber-attacks.
Definitely the cyber-space is the fifth domain of war and this sad circumstance is confirming this assertion, not so much for the cyber-attacks (Anonymous cannot be considered an army), but mostly for other aspects typical of real wars that has been applied to the cyber-space.
In response to the Israeli threat to cut Internet off from Gaza, the Anonymous have put together the Anonymous Gaza Care Package a kind of first-aid kit containing instructions in Arabic and English to survive an Internet teardown and to evade IDF surveillance.
On the opposite side, the Israeli Defence Force has released a tool on its blog, called IDF Ranks, that rewards with badges frequent visitors who interact with the site. The scope, according to IDF, is “to help fight the misinformation about Israel and the IDF online”. A clear attempt to use the cyber-space for propaganda.
Hard Times for Adobe. On the evening of Tuesday, November 13, 2012, immediately after the claims of an alleged Egyptian hacker dubbed ViruS_HimA, the company has taken offline the connectusers.com forum.
In his pastebin post, the hacker claims to have breached an unidentified Adobe server, gaining full access to it and dumping the whole Database: over 150,000 emails, passwords with full data of Adobe customers and partners with some users belonging to Adobe, Google, NASA, Military Institutions, etc.).
As a proof of his breach he has published some screenshot, and a text file containing 645 records with emails belonging to some selected domains: “adobe.com”, “.mil” and “.gov”.
After the rumors, the breach has been finally confirmed by Adobe in a blog post where the company has announced the decision to take the forum offline and to reset the passwords.
Meanwhile more details about the breach are emerging: the hacker allegedly exploited a SQL Injection vulnerability, and also the cracked passwords from the breach show a lack of security with no salt, no iteration, and finally no complexity. Unfortunately we are getting more and more used to attacks exploiting SQLi and to poorly-protected passwords.
Unfortunately Adobe continues to attract the attention of cyber-attackers. At the end of September the company discovered a targeted attack against a build server accessing the code signing infrastructure with the consequence that the certificates of 5000+ applications were revoked, one month and half later the passwords of 150,000 forum users are at risk.