Palestinians Behind Cyber Attacks on Israeli Army and Government Targets

Hackers working primarily from Gaza, Egypt, Morocco responsible for attacks on Israeli government, military and infrastructure systems.

A mock cyber attack scenario. Israel is an emerging power in the cyber security market.

Palestinian hackers were behind a series of cyber-attacks on Israeli targets, according to a new report published by the Trend Micro company. The slew of attacks, which began in 2013, were directed at government, Israel Defense Forces, academia and infrastructure websites, and were meant to collect information for the purpose of conducting further cyber-attacks in the future.

The report, entitled Arid Viper, and compiled with cooperation from the U.S. Air Force, reveals that the hackers were working primarily from the Gaza Strip, but also from Egypt and Morocco, and used contaminated emails in order to get harmful programs into Israeli organizations' computer networks. The company did not reveal which companies were attacked, or how much information was stolen.

The hackers' used the tactic, known as Spear Phishing, primarily against employees at Israeli companies. It is a common method among hackers, both those who work for intelligence organizations, as well as hackers with criminal motives. In Israel, the tactic is known for an instance in which it was used to send a fake email, supposedly from outgoing IDF Chief of Staff Lt. Gen. Benny Gantz, to various officials within the Israel Police and the Foreign Ministry.

The emails sent by the hackers included two harmful files, one of which contained a program that would connect from afar to computer networks' command and control systems, and began proceed to scan and send relevant information back to the hackers. The second file, perhaps more interesting, was a pornographic video clip, which would begin playing immediately upon opening, supposedly to divert the target user's attention from the harmful program.

Officials at Trend Micro noted that from the contaminated IP address, it seems that the hackers began their attacks in mid-2013, and focused their attention on research institutions, as well as academia and infrastructure systems. It remains unclear if the hackers acted alone, or as part of a particular organization. The sophistry of the attack makes it plausible that the hackers were not acting alone.

The Trend Micro report also mentioned simultaneous attacks on Egyptian targets, primarily targets for future extortion. These particular attacks were not especially sophisticated, which could mean that the attackers in these cases were not very experienced hackers. Researchers noted that although the two attacks both originated from the same servers located in Germany, the differences between the attacks indicated that they were not carried out by the same hackers. At the same time, it's possible that both attacks were carried out by Islamists that are associated on some level.