Israeli Military and Hamas trade Hacking Attacks

Photo: Screenshot taken today of Al Qassam website

As Israeli ground forces push into Gaza to remove militant Islamic troops and missiles, hacking teams from both sides ply their trades. Reports of multiple site hacking, denial of service attacks and defacement are being reported by both camps in this struggle for Israel’s right to exist.

Israeli Attacks on Hamas

According to the The Jerusalem Post, Israeli hackers have either taken down or blocked numerous Hamas and Palestinian websites. Though several seem back up now, these included:

  • Qudstv.ps, Hamas’ official website
  • Felesteen.ps
  • Gaza Alan
  • Shehab.ps

Visiting Al Qassam’s website today will reveal the screenshot taken above with the message, “This website is subjected to intense attacks“.

Hamas and Hacktivist attacks on Israel

Pro-Hamas hackers and militant Islamic hacktivist groups have targeted several military and civilian Israeli sites. Earlier this month the IDF’s Twitter page was compromised by the Syrian Electronic Army.

This week, part of Israel’s channel 10 TV was hacked by the Hamas military wing causing some viewers to see a pro-Hamas message as seen below:

And on the lighter side, Dominoes Israel  Facebook page was hacked last week with posts claiming, “Today will strike deep in Israel, Tel Aviv, Haifa, Jerusalem, Ashkelon, Ashdod more than 2000 rockets. We’ll start at 7. Counting back towards the end of Israel … Be warned!

Which brought an Israeli response of, “Hey, please reserve a missile for me with jalapenos, green olives, extra cheese, and mushrooms. You have my address. Tell the delivery boy to activate the alarm when it is arriving, so I know to put my pants on.

It would seem that even Domino’s pizza took it light hearted, after they regained control of the page they apparently posted a picture of a Hamas militant with the caption, “You cannot defeat….The Israeli hunger for pizza!

Pro-Hamas hackers haven’t just focused on Israeli targets, a Synagogue in Philadelphia was also just hacked.

Conclusion

The violence and loss of life as Israel struggles against militant Islamic aggression is a tragedy. Further dividing of Israel will not bring peace, all it has done so far is to provide new rocket launching areas for militant rockets. Providing a “Two State” solution is also not the answer, as it was already tried and failed. The British Mandate for Palestine and Trans-Jordan provided a “Two State” solution (with Arab leaders blessing) in the 1920’s. With this deal Palestine was divided between Jews and Muslims with Arabs getting 80% of the land and Israel only 20%.

This did not bring peace as militant Islamists demand even more land from Israel, even though they were given 80% of the territory for Muslim Palestinians to live. The truth is, they do not want Israel’s land – they do not want Israel to exist.

As  Golda Meir once said, “Peace will come when the Arabs will love their children more than they hate us.

How Israel’s Iron Dome Missile Shield Works

Israel’s Iron Dome missile defense shield is hard at work again intercepting militant rockets fired from Gaza to population centers in Israel. Recently Iron Dome has successfully  intercepted 70 explosive projectiles launched at Israeli cities.

But how exactly does Iron Dome work?

The YouTube video above reveals how Israel intercepts air-to-ground missiles.

Israeli Cyber Defense Interview

Cyber defense war room [llustrative] Photo: Reuters and Marc Israel Sellem
IDF war room [llustrative] Photo: Reuters and Marc Israel Sellem

Not sure if anyone has seen this yet, but Al-Monitor/Israel Pulse has a great interview with two members of the Israeli Defense Force Cyber Security Team.

In the article, “IDF Hackers Test Israeli Preparedness For Cyberattacks” Lt. Col M. and Capt. A. discuss what it is like being on Israel’s crack team of cyber ninjas. They cover several key topics including thoughts on current threats and the current hot button topic, NSA spying.

Lt. Col M. and Capt. A. lead opposing teams in red team drills. They practice constantly to hone and perfect their skills, but also teach and train those under them to think out of the box in cyber security.

How will the IDF cyber team deal with increasingly sophisticated attacks from Islamic countries and are they concerned about NSA espionage practices?

Our job is to monitor the goings-on and keep track of the technological developments, and we need to know what the threats and risks in cyberspace are. In any event, to protect strategic assets, encryption systems that we develop ourselves in-house, rather than off-the-shelf products, are customarily used,” said Lt. Col M.

The best hackers and security teams create their own programs and work on developing their own exploits. But where would the IDF look to find exploits or weaknesses?

Security holes can be found anywhere. The point of hacking is to find the system vulnerability and leverage it to undermine the entire system,” says Lt. Col. M.

The best way to break into a system is not by running head-on into it. Rather, the most sophisticated attacks, the ones that you can brag about, are those that take advantage of a hidden security hole,” added Capt. A.

It is a very good article and well worth the read as it offers a glance into the security mindset of our Middle East allies.

Check it out!

Hacktivists Targeting DNS Servers & an Effective DNS Offensive Counter-Measure

Denial of Service (DoS) attacks used to be the main tool in the Hacktivists toolbox. For the most part, they are not very hi-tech and anyone can run the software to attack websites to aid in their preferred “cause”. But as the recent hacktivism attacks in Israel (and now Pakistan) have shown, DNS server attacks are now all the rage.

DNS SERVERS TARGETED

Why deface one website, when you can just hack the server that holds the IP address to the victim’s site (or sites)! Changing the registered domain name for a website allows you to point the domain name, like Google.pk to ANY server that you want. So, if you can hack the DNS registrar that holds the records for an entire country, you can change any of the servers that you like to point to any website that you want.

Luckily the pranksters behind these attacks have just been redirecting these hijacked websites to a bragging page, “This site hacked by …” They seem to be in it to bring attention to their group, or a political cause, instead of doing serious damage.

Hacking into DNS registrar servers is the hard part, creating a website that looks like any one of the ones that was hacked is trivial. It only takes a few seconds to create a clone of a website that looks and acts like the real one, but could serve malware or other malicious functions. So far it seems that these hackers are more interested in just getting across a message.

Just in it for the “Lulz”.

But with the apparent ease that this is happening, you can see the dangers if the hacktivists were a more malicious group. Say like Nation State hackers who want to infect groups of systems from a target nation. Or gather pertinent credentials from users who think they are on a legitimate website, and not a spoofed one reached via DNS manipulation.

As you can see locking down these important DNS systems better be a top priority of EVERY nation.

OFFENSIVE COUNTER MEASURE

As mentioned earlier, Denial of Service attacks have not gone away and are still used en mass to tie up websites to make them unavailable. Many times Denial of Service attacks are nothing more than normal communication with a website, but multiplied over many times, from multiple users to tie up a server.

But can anything be done to stop this flood of traffic aimed at a site by thousands if not tens of thousands of attacking machines? Sure there is, according to the popular Patriot Hacker Jester, just reflect the traffic back at the attackers!

During the latest Israel/ Gaza conflict, the hacker group Anonymous jumped in on the Hama’s side and attacked many Israeli websites. So of course, The Jester responded by shutting down 3 Hamas sites and their TV Channel. In response, according to The Jester’s website, Anonymous targeted his website.

So Jester just redirected his DNS server to point back at one of their servers, effectively forcing them to DoS their own server!

His website is protected by “CloudFlare” a popular proxy service that protects users from many attacks. When he saw the incoming attack, he simply told CloudFlare to point his website name “jesterscourt.mil.nf” to one that was supported by Anonymous:

“So I simply redirected my domain name to the Occupy ‘movement’s main website. Known as ‘occupytogether.org’. Remember #Anonhamas are big supporters of the Occupy Movement and many of their ‘members’ are also members of the Occupy Movement. Fair game.”

Denial of Service attacks can last for days or longer. Did the technique work?

Apparently, it did:

The Jester also talks about automatting this process, so when a DoS attack is detected, it automatically forwards the flood of traffic to a list of Anonymous supported sites.

It has been an interesting week. New DNS attacks and apparently new effective offensive counter measures. Will the average corporate website defend itself with The Jester’s techniques?

Probably not, but I could foresee some country’s government sites just might.

Well, maybe off the record…  🙂