Cyber Attacks From Iran and Gaza on Israel More Threatening Than Anonymous’s Efforts

NYTimes.com

Anonymous, the loose coalition of hackers waging war on Israeli Web sites, is the least of Israel’s cyber problems. Its campaign against Israel is a minor annoyance compared with a wave of cyber attacks that have hit the country over the last year from Iran and Gaza.

Since Wednesday — when Israel began airstrikes into Gaza — Anonymous hackers have retaliated with millions of hacking efforts on Israeli government and private business sites, intermittently taking hundreds offline, defacing some with anti-Israel messages, deleting Web databases for others and dumping thousands of citizens’ usernames and passwords online.

The campaign, which hackers have dubbed #OpIsrael, is essentially the digital equivalent of a business getting hit with graffiti; it is a costly nuisance, but eventually databases can be recovered, messages removed and sites come back online. Israeli officials say the vast majority of the hacking efforts over the last week on government sites — some 44 million tries by one official’s count — have been unsuccessful, with the exception of one site that went “wobbly for a few minutes,” the Israeli finance minister, Yuval Steinitz, told reporters, before recovering.

Attacks from Iran and Gaza are another matter.

In July, security researchers at Kaspersky Lab and Seculert, two computer security firms, discovered that a strain of malware had infected Israeli companies. Many of those companies handle critical infrastructure, like the country’s energy and water supplies, computer and telecom networks. The malware, which the researchers named “Mahdi” after a command in its code, appears to have originated in Iran. Elements of the code were written in Farsi, dates in the malware’s code were formatted according to the Persian calendar, and the domains used in the attacks were registered to Islamic Azad University in Tehran. The term “Mahdi” may have also been a clue; for Shiites, Mahdi is a messianic figure.

The malware was designed to spy on computers by copying images and files, grabbing screenshots and using infected computers as recording devices to record users’ conversations. While many companies have been able to scrub the malware from their systems, security researchers say Mahdi is still actively spying on computers, predominantly in Israel, but also in Afghanistan, the United Arab Emirates, Saudi Arabia and the United States.

More recently, Israel was forced to take its police department offline two weeks ago after security experts discovered that many of the department’s computers had been infected with a remote-access tool, or RAT, which gives attackers realtime control of victims’ machines. The RAT appeared to be an off-the-shelf variation that can be bought on public sites for as little as $50.

After some investigation, researchers at Norman, a computer security firm in Fairfax, Va., noted that the attacks originated from command-and-control centers in Gaza and that the same servers had been spying for over a year, first on computers in Palestine and then in Israel.

As far back as October 2011, the same command-and-control center had been used to spy on Palestinians. Palestinians received targeted e-mails, written in Arabic, that compelled them to click links that, when opened, gave attackers full access to their computers. The e-mails often baited victims with politically relevant topics. One discussed last year’s exchange of an Israeli soldier for Palestinian prisoners. Another included a video critical of Palestinian President Mahmoud Abbas’s treatment of Palestinians.

Then this year, in May, the same group of attackers shifted their target to Israel from Palestine. Israelis received e-mails, in English and Hebrew, that also discussed politically relevant topics, like Mitt Romney’s supposed support for an Israeli airstrike on Iran. The e-mails also compelled recipients to click links that deployed the RAT.

Researchers have stopped short of blaming the attacks on any one group, but Aviv Raff, the chief technology officer of Seculert, said the content of the e-mails and the location of the command-and-control centers made clear that the attacks originated in Palestine.

Compared with those campaigns, Anonymous’s attacks on Israeli Web sites almost seem innocuous. And by Tuesday morning, six days after the group announced #OpIsrael, the collective’s campaign already showed signs of dissent.

Some Anonymous members took to Twitter to decry another member who had included an anti-Semitic screed alongside a data spill of thousands of Israeli e-mail addresses. And another member who had participated in several Anonymous campaigns in the past said he was abstaining this time around.

“I haven’t thrown my full weight and support behind #OpIsrael because its goals may be dubious,” the hacker wrote in a direct message on Twitter. “That said, I only have influence. Not control. I throw my influence around from time to time, but that’s the only tool I have.”