ASSESSMENT 00-057

"Middle East E-mail Flooding and Denial of Service (DoS) Attacks" Issued at 10:20 p.m. EDT, 10/26/2000

This assessment is intended to advise recipients concerning an increased level of cyber activity against web sites related to Israel and pro-Palestinian organizations. Due to the credible threat of terrorist acts in the Middle East region, and the conduct of these web attacks, recipients should exercise increased vigilance to the possibility that U.S. government and private sector Web sites may become potential targets. The methods observed in the conduct of these attacks are transitory in nature, and do not pose a threat of lasting damage to Web sites.

The recent unrest in the Middle East appears to have been responsible for an increase in cyber attack activity between sympathizers on both sides of the tensions. Known targets have included Web sites operated by the Israeli government and military as well as Web sites operated by pro-Palestinian organizations including Hizballah and Hamas.

Numerous Web sites have been found on the Internet that contain messages advocating cyber attack activity against both Israeli and pro-Palestinian Web sites, and in some instances include interfaces for launching automated e-mail flood, ping flood or other DoS attacks.

Methods of attack against Israeli Web sites include automated e-mail floods and high volumes of coordinated requests for Web services by pro-Palestinian sympathizers. Media sources have reported that Web pages operated by Israel's Foreign Ministry, the Israel Defense Force, the Prime Minister's Office, and the Treasury have been targeted for DoS attacks, and some indications are that other unpublicized sites in the .il domain have experienced similar attacks since hostilities intensified. Some of the documented e-mail flood attacks have reportedly involved users of U.S. free Web-based e-mail providers Yahoo! and Hotmail.

While there are currently no indications that any specific U.S. Web sites have been or will be targeted as a result of this activity, the NIPC recommends that recipients of this assessment remain vigilant to the possibility that there could be some spill-over activity and that U.S. sites could become targeted. In recent days, the overall threat condition for U.S. military forces in the Middle East has increased due to new, credible threats of terrorist acts in the region. Similarly, NIPC views the current conditions as creating the possibility for related cyber attack activity against U.S. sites.

Information systems security professionals should be prepared to take recommended preventative measures including, but not limited to the following: Be prepared to take appropriate steps to limit ping flooding at border routers. Be prepared to block source e-mail addresses in the event of e-mail flooding. Ensure appropriate patches are installed to operating systems to limit vulnerability to other DoS attack methods.

Please report any illegal or malicious activities to your local FBI office or the NIPC, and to your military or civilian computer incident response group, as appropriate. Incidents may be reported online at www.nipc.gov/incident/cirr.htm.