[iwar] news


From: Fred Cohen
To: Information Warfare Mailing List
From: fc@all.net
To: iwar@onelist.com
Tue, 5 Dec 2000 07:21:03 -0800 (PST) 

fc  Tue Dec  5 07:22:08 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Tue, 05 Dec 2000 07:22:08 -0800 (PST)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Tue Dec  5 15:17:43 2000)
X-From_: fc@all.net  Tue Dec  5 09:16:46 2000
Received: from mw.egroups.com (mw.egroups.com [208.50.144.94]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id JAA16777 for ; Tue, 5 Dec 2000 09:16:44 -0600
X-eGroups-Return: sentto-279987-781-976029665-fc=all.net@returns.onelist.com
Received: from [10.1.4.55] by mw.egroups.com with NNFMP; 05 Dec 2000 15:21:06 -0000
X-Sender: fc@all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-6_3_1_3); 5 Dec 2000 15:21:04 -0000
Received: (qmail 77958 invoked from network); 5 Dec 2000 15:21:04 -0000
Received: from unknown (10.1.10.27) by l9.egroups.com with QMQP; 5 Dec 2000 15:21:04 -0000
Received: from unknown (HELO all.net) (65.0.156.78) by mta2 with SMTP; 5 Dec 2000 15:21:04 -0000
Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id HAA03726 for iwar@onelist.com; Tue, 5 Dec 2000 07:21:03 -0800
Message-Id: <200012051521.HAA03726@all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Tue, 5 Dec 2000 07:21:03 -0800 (PST)
Reply-To: iwar@egroups.com
Subject: [iwar] news
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

 http://www.wired.com/news/politics/0,1283,40449,00.html

by Carmen J. Gentile
2:00 a.m. Dec. 2, 2000 PST

Palestinian supporters are using a combination of hacking tools and
viruses to gain what appears to be the upper hand in the Middle Easts
ongoing cyber war.

They are distributing the tools and viruses for destroying Israeli
sites using a recently created attack site.

Visitors to the site are greeted with the message, "I swear that I
will not use these programs on anyone but Jews and Israelis." The site
comes complete with a list of directions on how to use the attack
tools.

LoveLetter, CIH and the Melissa Virus - along with 12 Word macro
viruses - form the arsenal for attacking Israeli sites.

Apparently, it's an effective system.

According to sources at iDefense, an international security firm
monitoring the situation, pro-Palestinian hackers are using a variety
of tools to orchestrate a well-organized attack against the 90 or more
Israeli websites which have been hit during the conflict.

Ben Venzke, the director of intelligence production at iDefense, says
it is hard to say for sure who is winning. But he does admit the
pro-Palestinian hackers have "successfully impacted more sites."

"The pro-Palestinians have been much more aggressive in scope," said
Venzke. "Instead of just targeting specific sites, theyve been
methodically working through all the .il sites, broadening their
agenda."

Over 115 websites have been targeted by both sides for
denial-of-service attacks, attempts to gain root access, system
penetrations, defacements and a variety of other attacks. Many sites
have been indirectly affected, due to the strain that the attacks have
placed on the Net infrastructure in the Middle East.

The conflict began on Oct. 6, when pro-Israeli hackers created a
website to host FloodNet attacks. Since then, both sides have
sustained blows to vital-information and financial-resource sites such
as the Palestinian National Authority site and the Tel Aviv Stock
Exchange.

Sixteen tools have been identified as those actively distributed among
attackers, with many others being discussed or suspected of already
being deployed.

One such tool is called the EvilPing, believed to have been created
especially for this war. The tool launches a "ping of death attack"
that, when utilized by several users against the same target, crashes
the system.

Then there is QuickFire, an attack tool that sends 32,000 e-mails to
the victim from what appears as the same address. Used simultaneously
by multiple attackers, the tool crashes an e-mail server.

QuickFire strength is that it does not relent, continually firing off
thousands of e-mails until the server is shut down and the address
blocked. It is believed to be the tool used for hack attacks on the
Israeli Foreign Ministry site and its webmasters e-mail address.

A group called Hackers of Israel Unite originally used another popular
tool called WinSmurf, which also uses mass pinging to bring down a
site. Borrowing amplifying power from broadcast sites, the hackers
send out pings that are boosted 10,000 fold, or more. According to the
group, they were able to shut down Almanar.org using one computer with
a 56K modem and an ADSL line.

According to Netscan.org, a site that provides a list of broadcast
sites with an average amplification of times five, a dial-up user with
28.8 Kbps of bandwidth, using a combination of broadcast sites with an
amplification of 40, could generate 1152.0 Kbps of traffic, about
two-thirds of a T1 link.

"With tools like these, a 56K can become a powerful weapon and your
bandwidth irrelevant," said Venzke.

Netscan.org creators call themselves a "small group of concerned
network administrators who got fed up with being smurfed all day." But
they recognize the fact that their site has become a hacking tool, as
well.

Pro-Palestinians recently turned the tables by using broadcast-site
attack tools against Israeli sites. Although the leaders in the war --
groups such as UNITY, dodi and G-Force Pakistan -- remain in the
limelight, many previously unknown hackers are taking the cyber war to
another level.

According to Venzke, hackers are making moves to gain root access to
Israeli computers and servers. "Root access is the ultimate
possession, it means doing whatever you want with a system," he said.

In essence, a hacker who gains root access control of a computer can
scan, delete and add files, use it as an attack tool against others,
and even view and hear users whose computers are equipped with cameras
and microphones.

With no end in sight to the Middle East cyber war, talk of targeting
U.S. interests on the Web has been popping up in chat rooms and IRC
channels frequented by pro-Palestinian hackers.

Recent aggression against Lucent.com, coupled with last years hits on
cnn.com and other mainstream sites, has many high-profile companies
watching their backs for the next wave of attacks.

Hackers like dodi have come out and said that the current war isnt
just against Israeli, but the U.S. as well. But Arab activists such as
Mustapha Merza believe the American media continues to portray Arabs
as terrorist aggressors, even in cyberspace.

Merza is the webmaster for Arabhackers.org, a meeting place for Arab
computer buffs to chat and exchange views. He says that the media and
government are biased against Arabs and openly supportive of Israeli
interests.

"The irony of the matter is that the times (that) U.S. government
sites were targeted by Israelis are way more numerous than those times
they were targeted by pro-Palestinians," Merza said. "Yet the American
media fail to identify its real perpetrators and victimizes the Arabs
as usual."

For its part, the National Infrastructure Protection Center -- a
division of the FBI concerned with cyber warfare, threat assessment,
warning and investigation -- lists both Israeli and Arab sites that
promote the cyber war.

-------------------------- eGroups Sponsor -------------------------~-~>
eLerts
It's Easy. It's Fun. Best of All, it's Free!
http://click.egroups.com/1/9699/1/_/595019/_/976029665/
---------------------------------------------------------------------_->

------------------
http://all.net/