FEATURES & COMMENTARY
San Diego, CALIF. — Middle East violence is fueling an online cyberwar as hackers from both sides of the conflict threaten government and business Web sites in the United States, according to the FBI and industry experts.
The FBI has warned that the recent email flooding and so-called denial-of-service attacks that shuttered and defaced both Israeli and Palestinian Web sites in the last month could “spill over” to the United States.
“Due to the credible threat of terrorist acts in the Middle East region, and the conduct of these Web attacks, (Internet users) should exercise increased vigilance to the possibility that U.S. government and private sector Web sites may become potential targets,” said a recent advisory from the FBI’s cybercrime unit, the National Infrastructure Protection Center.
Fairfax, Va.-based iDefense, which has been monitoring the cyberattacks by pro-Palestinian and pro-Israeli groups, said the activity has paralleled the increase in tensions and violence on the ground.
At least 24 sites have been hit by pro-Palestinian attackers, and at least 15 sites have been hit by pro-Israeli attackers, according to iDefense. “This is the first instance we have seen the traditional terrorist organizations, like Hezbollah and those with ties to (suspected terrorist Osama) bin Laden, have actually taken part in this type of activities,” said Ben Venzke, director of intelligence production at iDefense. “These same organizations are disseminating messages to get funds for both terrorism and hacker campaigns.
“It is important to understand that any company that is perceived with having any ties or connections to Israel are going to be attacked,” Venzke added.
Among those hit were the sites of the Bank of Israel, the Israeli Prime Minister, the Tel Aviv Exchange Market and the Israeli Foreign Ministry, Venzke said. Palestinian sites have included those of the Palestinian National Authority – the official Palestinian government body – and the Palestinian organization Hamas.
The cyberwar, dubbed “E-jihad” by pro-Palestinians, was sparked last month by the violence in Israel. More than 150 people, most of them Palestinian, have died in clashes over the past five weeks.
The FBI said the method of attacks against Israeli Web sites included automated email floods and high volumes of coordinated requests for Web services by pro-Palestinians. Some of the documented email attacks are believed to have involved customers of free Web-based email providers Yahoo and Hotmail.
Venzke could not give an exact profile of the typical hacker taking part in the current attacks, but he did say his company is aware of both sides having extensive recruitment campaigns at hacker conventions and on university campuses.
“In the near future, there will be a great number of people within these organizations with just technical training, separate from those with military training,” he said.
There has been at least one threat by a pro-Palestinian hacker to carry out distributed denial-of-service attacks, iDefense said. Current actions by both sides run the full spectrum from system penetrations to more sophisticated tactics.
While the FBI said there have been no indications that any specific U.S. Web sites have been or will be targeted, iDefense warned that prime targets may include U.S. government agencies and private companies.
“In the event that either side more actively utilizes viruses or Trojan horses, it is unlikely that infections will remain confined to their intended targets and are likely to pose problems for users around the world,” iDefense said. “Sympathetic hackers and others around the world are likely to begin offering their services and jumping into the fray as the high-profile nature of the conflict continues to grow.”
The FBI has recommended certain security steps for government agencies and private businesses. Security officials should be prepared to take appropriate steps to prevent email flood attacks, block source email addresses in the event of a flooding, and ensure that appropriate patches are installed to operating systems to limit vulnerability to other denial-of-service attack methods.