Middle East Intelligence Bulletin (New York)
by Gary C. Gambill
Posted Tuesday November 14, 2000 - 06:19:53 PM EST
New York - The recent explosion of violence between Israel and the Palestinians has spilled over into cyberspace, where hackers have mobilized thousands of Internet users to coordinate electronic assaults that have crippled at least 15 Arab and 24 Israeli (or pro-Israeli) web sites. Most of the attacks are mobilized by a variety of pro-Israeli and pro-Palestinian sites which instruct users to click links that bombard "hit lists" of opposing sites with automated floods of email and heavy volumes of simultaneous requests for web services.
Collective attacks are also being coordinated through e-mail and discussion groups. In the broader scheme of things, the Arab-Israeli cyber war offers a window into the kind of threats that leading economic powers will face in the twenty-first century. IT experts at the Pentagon have reportedly been preparing for precisely these kinds of attacks for several years and are watching the situation closely.
The cyber war was initiated last month by Israeli hackers after the Lebanese Shi'ite Hezbollah movement abducted three Israeli soldiers. Within twenty-four hours, Hezbollah's web site (www.hizbollah.org), which had been displaying videos and images of Palestinians killed in the recent clashes and repeated appeals for Palestinians to kill as many Israelis as possible, was crippled by millions of "pings" from Israeli and US Internet users. The attacks were coordinated by a pro-Israeli site (www.wizel.com) entitled "Attack & Destroy Hizballah," which instructed its users to target the site by clicking a button which initiated an automatic chain of hits every second and through the rapid proliferation of electronic chain letters among pro-Israeli activists.1 Over the next few weeks, Hezbollah managed to recover and retaliate by establishing mirror sites on different servers, using a variety of different domain names, with instructions on how to target various Israeli sites using the same method as wizel.com.
On October 25, Arab users managed to down the main Israeli government web site (www.israel.org) and the Israeli Foreign Ministry web site (www.israel-mfa.gov.il).
These efforts were stymied, however, as each of Hezbollah's mirror sites came under attack. One of them, www.hizballa.org, was penetrated by Israeli hackers, who adorned the site with Hebrew language and Stars of David. "There may be no winners in this type of warfare, but the point is to shut down their mouthpiece for as long as possible," says Mikael Bouzaglo, the 21-year-old Israeli hacker who reportedly spent 19 consecutive hours at his computer conducting the operation.
The latter half of the month witnessed a steadily growing stream of new attacks against Israeli sites. The Israeli Defense Forces (IDF) web site has been downed repeatedly in the last few weeks. Other major sites, such as the Ministry of Defense, the Ministry of Immigrant Absorption, the Ministry of Industry and Trade, the Ministry of Religious Affairs, and the Tel Aviv Stock Exchange were inaccessible as of November 5.
The Israeli defense ministry has said that only publicly-accessible information has been breached thus far--military servers are well-protected and no computers containing sensitive security information are connected to the Internet. Nongovernmental sites have also been targeted, including those of an Israeli student association, a college and a religious high school.
The branch of military intelligence responsible for computer security, Aftahat Ma'Khevim, has said that most of the attacks have been traced to Lebanon and the Gulf states, which have the highest number of Internet portals in the Arab world, but many are also coming from Muslim students at U.S. universities.
An Arab group calling itself UNITY (www.unity-news.org) has taken a leading role in the war, which it says is designed to sap the resources of Israel and thereby weaken its military strength. "The more money they lose in fixing and strengthening their systems means less money to buy bullets and rockets for use against our children," UNITY said in an e-mail release sent to Arab organizations and media outlets early this month, instructing its supporter to visit two "counter attack" links. "Every dollar they lose means one less bullet for the Zionist soldiers' ammunition, it means a life of a Palestinian child," the e-mail said. The Islamic Gateway World Wide Media Network (www.ummah.net) has also been implicated in several attacks involving "denial of service" assaults similar to those that paralyzed Yahoo! and eBay were paralyzed earlier this year. Other well-known pro-Palestinian hacker groups operating in this war are Gforce Pakistan and www.sabra-shatila.org.
UNITY has begun listing various Israeli e-commerce sites on its hit list in an effort to strike at the country's leading high tech industry. One Israeli Internet company, Webstyle Internet Solutions (www.web-style.com), has already announced plans to transfer all of its local hosting to the U.S. to avoid attacks. Netvision, a leading Israeli ISP which houses several official government sites, has been struggling to keep its servers running smoothly. "All Israeli ISPs have been overloaded with data, we are just the only ones to admit it," says Netvision CEO Gilad Rabinovich. "If this war continues it will steal resources from us and hurt customers."2 On the Israeli side, a group called Israel Hackers (www.israelhackers.cjb.net) has recently emerged in the forefront. Its site displays a photo of Yasser Arafat holding sticks of dynamite and encourages "the army of Israeli soldiers on the net" to "search and destroy" a list of web sites, including those of the Palestinian Authority, Hezbollah's Al-Manar Television, the Palestinian National Information Bank, and Iran's Islamic Republic News Agency.
The cyber war has also spilled over to American sites supportive of Israel. On November 1, a Pakistani hacker known as "Dr. Nuker" penetrated the web site of the American Israel Public Affairs Committee (AIPAC), the leading pro-Israeli lobbying group in the United States. For about ten minutes, visitors to www.aipac.org were treated to a display of anti-Israeli propaganda and links to a gallery of "Israeli massacres." Dr.
Nuker apparently accessed personal information and credit card numbers of people who recently contributed to the group, as well as the organization's list of 3,500 email subscribers, all of whom received an antisemitic message via email stating that "it's a shame Hitler didn't finish what he set out to do." AIPAC disabled the site for several days while taking unspecified measures to "maximize its security to the greatest extent possible." This led the FBI's cybercrime unit to release an advisory stating that, "due to the credible threat of terrorist acts in the Middle East region and the conduct of these web attacks, [Internet users] should exercise increased vigilance to the possibility that U.S. government and private-sector web sites may become potential targets." The advisory recommended a number of security measures that site administrators can use to limit vulnerability to such attacks. The web site of Lucent Technologies, a U.S. company that conducts business with Israel, was targeted on November 2, but the security personnel were able to fend off the assault before the site was brought down.
As the cyber struggle continues, it has become clear that Israel's world-class information technology industry is a double-edged sword. The country is well-equipped to handle the online onslaught--Israeli companies produce some of the world's leading network security products--and the Israeli population as a whole is one of the most computer literate in the world. But the advanced state of Israel's IT sector also means that it has a lot to lose from the assaults, presenting a glaring target for online enemies who dream of crippling the Israeli economy.
Notes 1 www.wizel.com was later removed after being subjected to numerous counterattacks. 2 Financial Times (London), 28 October 2000.