- So-called hacktivists criticising Israel for the violence in the Middle East have hit several Web sites in the past 24 hours and are calling on attacks of other Israeli-related Web sites.
A stream of sites related to or believed to have a connection with Israel have been defaced. Among the first to be reported was the hack of the American Israel Public Affairs Committee (AIPAC) site last night.
The hacks mark a definite rise in the number of so-called hacktivist attacks that were set off by a new outbreak of violence that began Oct. 6 between Israel and the Palestinians.
The AIPAC site remains defaced and has been taken down, but a copy of the defacement has been recorded by the Attrition Mirror, a Web site that documents verifiable hacks.
The defacement rails against Israeli policy with regard to Palestinians. It also has links to credit-card information of some of the site's users, a link to the list of member e-mail addresses and pages of pictures.
A hacker name Doctor Nuker took responsibility for the attack on the AIPAC site. The hack is similar to the almost daily defacements done by a group called GForce, which has posted detailed descriptions of alleged violence in Kashmir by the Indian government.
GForce has now taken up the Palestinian cause and has defaced a number of sites that have an .il (Israel) domain. The GForce defacements include photos and content from the Docter Nuker hack.
Last Thursday, the U.S. Federal Bureau of Investigation's National Infrastructure Protection Center (NIPC) warned that such digital activism has been and would continue to be a fallout of the violent clashes between Israelis and Palestinians.
"The recent unrest in the Middle East appears to have been responsible for an increase in cyberattack activity between sympathisers on both sides of the tensions. Known targets have included Web sites operated by the Israeli government and military as well as Web sites operated by pro-Palestinian organizations including Hizballah and Hamas," according to an advisory at the NIPC site.
"There's been a constant tit-for-tat going on endlessly, day and night since Oct. 6 and there are no signs of it slowing down," said Ben Venzke, director of intelligence production at iDefense Inc. an Internet security company in Fairfax, Va., that advises companies about how they can protect themselves from a cyberattack. IDefense monitors Web sites and networks to capture the types of malicious software programs that are in place and examines them to determine how best to defend against them.
Terrorist organizations and other groups are supporting the most recent activity, which Venzke said was extensive enough to be characterised as "cyberconflict," but not "cyberwarfare."
"Click Here and Help the Resistance," urges one of the sites sponsored by a group calling itself Unity, that Venzke says is pro-Palestinian. By clicking, Venzke said, a user participates in an attack on the targeted organisation's Web site, but unless thousands of people participate, it packs little punch.
"The tool that is being distributed with these targets is the type of tool that if four or five people use it, you will not realize you are under attack," Venzke said. "It's an automated version of you sitting at your computer and clicking on the reload button."
Lucent Technologies Inc. is one of the companies listed as a target at Unity's site, but Lucent spokesman John Skalko said the source code link at the site doesn't point to Lucent. Skalko had previously confirmed a report that the company had repelled an attack on Wednesday from a pro-Palestinian group, but today he said that was erroneous. Skalko said he didn't know why Lucent was targeted.
Among the other Web sites targeted by Unity along with Lucent's are Israeli government and financial sites, and Web sites for Israeli companies including Comsec, an Israeli information technology company, WebStyle Internet Solutions, an e-business services company, and Golden Lines, a telecom company.
One reason for the defacements, said Paul Robertson, senior developer with the security firm TruSecure Corp., formerly ISCA.net, is that it is a relatively cheap way for a group to get its message out. For example, he said, recently there was a similar mass e-mailing campaign conducted by Amnesty International on behalf of a Kurdish man in a Turkish prison.
As for the exposure of AIPAC's e-mail list, Robertson said some companies may have their security compromised by employee addresses that are now public. "The issues ... are things that every company should routinely practice. Make sure you don't do things like store customer data on the Web site itself," he said.