Israel / Palestine hacktivism

From "Big...BugBrother...Band" <bigband@bugbrother.com>
Date Sat, 28 Oct 2000 19:39:55 +0200


[: hacktivism :]

b!
--

  if anybody has more precise informations, and links, feel free to pass it on
  there's also another story there :
  
Arabs unify in ‘cyber-war’ against Israel
Hackers crash Jewish state’s most high-profile websites
Ranwa Yehia Daily Star staff
http://www.dailystar.com.lb/26_10_00/art2.htm

_________________________________________________________
Preliminary Analysis of Cyber Skirmish in the Middle East

iDEFENSE Intelligence Services
http://www.idefense.com
October 27, 2000
09:30 p.m. EST


Overview:
iDEFENSE Intelligence Services has been monitoring an increasing level
of cyber attacks carried out by pro-Palestinian and pro-Israeli
groups. This activity has paralleled the increase of tensions and
violence on the ground. So far, at least 18 sites have been hit by
pro-Palestinian attackers and at least nine sites by pro-Israeli
attackers. There has been at least one threat by a pro-Palestinian
hacker to carry out distributed denial of service (DDoS) attacks, such
as those carried out in Feb. 2000, against "Zionist" sites. iDEFENSE
expects to see a full range of cyber actions over the coming weeks to
include additional defacements, system penetrations, the possible use
of viruses or Trojan horses, disinformation campaigns, denial of
service attacks and a variety of other tactics.

Key Players:
Preliminary analysis by iDEFENSE has identified a number of key
players and organizations involved in the attacks. Pro-Israeli
individuals and groups include wizel.com and a.israforce.com.
Pro-Palestinian individuals and groups include, ReALiST, PROJECTGAMMA,
dodi, UNITY, Xegypt, Hezbollah, Ummah.net, Arab Hax0rs and
al-Muhajiroun to name a few. The active support by al-Muhajiroun for
the current cyber activity is significant due to the group's
well-known history for supporting traditional terrorist actions and
its ties to Osama bin Laden. 

Al-Muhajiroun is headquartered in London. The leader of al-Muhajiroun
in the UK is Anjem Choudary. It boasts chapters in Pakistan, the US
and other countries around the world. Sheikh Omar Bakri Mohammed is a
key leadership figure in the group. 

The group hosted a conference in 1998 in which Hamas, Hezbollah, and 
Egyptian and Algerian fundamentalist groups took part, and has
continued to be a major player in terms of trying to unify the "jihad"
campaign against the US and Israel. The group has stated that the US,
Israel, Russia and Britain have declared war on Islam. The British
Charity Commission reportedly withdrew al-Muhajiroun's charity license
around Nov. 1999. The licenses for the Sharia Court of the UK and the
London School of Sharia were also revoked. All three organizations are
supervised by Sheikh Omar Bakri Mohammed. 

Targets:
Sites targeted by the Pro-Israeli side include: Almanar.com.lb,
Hamas.org, 207.222.197.194 (Hezbollah), 216.147.45.137 (Hezbollah),
Hizbollah.com Attack, pna.org, palestine-info.net, nasrallah.net,
moqawama.org, manartv.com, and JMJ Internet Services. 
 
Sites targeted by the Pro-Palestinian side include: Bank of Israel, Tel
Aviv Stock Exchange, Netvision, Wizel.com, Cairo.eun.eg/hacked.asp,
Ebrick, Inc., Gega Net ISP, Gilo.jlm.k12.il Attack, Israel.org
(147.237.72.20), Israeli Academic Sub-Domain, Israeli Defense Forces
(IDF) and the Israeli Foreign Ministry.

Actions:
ReALiST has claimed responsibility for the Web page defacements
against egynile.com and cairo.eun.eg/hacked.asp. He is a member of the
xEgypt hacker group. In a message posted to an Arab hacker bulletin
board, ReALiST said, "I'm thinking of something like DDoS, on major
Israel networks and sites, and sending emails helping all Arab ISP's
and sites for more security, we will just tell them what we know... I'm
thinking of installing TFN3K servers and doing the cnn.com and
yahoo.com thing again any one in, mail me quick." iDEFENSE has
confirmed the existence of TFN3K but has not yet established whether
or not ReALiST has the tool or the ability to launch an attack using
it.

One pro-Palestinian group has deployed a FloodNet type tool and is
currently carrying out an attack against the sites of the Bank of
Israel, the Tel Aviv Stock Exchange and Israeli government. The
"defend" tool, which appears to be the same one used by Pro-Israeli
attackers at wizel.com against Pro-Palestinian targets, has been
mirrored on sites hosted by angelfire.com, tripod.com and jumpfun.com.

One pro-Palestinian protester has called the current actions an
"e-Jihad." Another term that has begun to crop up in mainstream
fundamentalist bulletin boards and email lists is "cyber jihad."

Pro-Israeli attackers have effectively incorporated a disinformation
element to their cyber campaign by registering and setting up a series
of Web pages very similar in name to actual Hezbollah sites. These
imposter sites presented a decidedly pro-Israeli message to the
visitor rather than the expected Hezbollah rhetoric.

Wrap-Up
The impact of the current range of attacks has the ability to effect
not only those targeted but also other sites and services which rely
on the same connections and bandwidth to access the Internet. In
addition, there is an increased risk to high-profile Web sites which
may find themselves targeted simply because pro-Palestinian or
pro-Israeli attackers may find them a good vehicle through which to
promote their cause. Netvision has reported significant difficulties
in servicing its customers due to the heavy traffic sent to the
targets. Netvision hosts and provides connectivity to 70% of Israel's
Internet users.

The current series of attacks are expected to continue and intensify
as political tensions in the region heighten and support for the cyber
element grows among high-profile Muslim extremist groups, many of whom
have a very strong presence on the Net. The imitation of attack
tactics by either side is expected to continue. Attacks utilized by
one against the other are likely to be turned around in a matter of
hours depending upon the amount of customization and set-up time
required.

iDEFENSE is currently compiling a profile of the actors involved, the
tools being deployed, target sets, a timeline of events and a number
of other aspects about the current conflict. We hope to issue an
initial draft of this report in the next 24 hours, and will continue
to monitor the conflict for its duration.


------------+------------------------+---------
iALERT delivers daily monitoring and analysis of cyber threats,
vulnerabilities, and incidents to iDEFENSE's clients.
This e-mail is delivered to journalists covering the information security
field.
For more information or comment please contact Jerry Irvine at 703.898.8283
<mailto:jirvine@idefense.com>
------------+------------------------+---------
iDEFENSE - The Power of Intelligence

Visit the iDEFENSE Web site for additional information:
<http://www.idefense.com>
Copyright 2000 Infrastructure Defense Inc. (iDEFENSE)
------------+------------------------+---------  

==================?)
bb! U, G° brother !)
  http://www.bugbrother.com                         
  mailto:bigband@bugbrother.com



[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]