The Israeli cyber security firm ClearSky has found 120 Israeli websites that pro-Palestinian hackers have infected with malware to enable remote takeover during an annual cyberattack, known as OPIsrael, planned for April 7.
OPIsrael is an annual coordinated cyberattack where hackers attack Israeli government and private websites, leading to denials of service and other issues.
ClearSky discovered that the attackers had planted a “back door” or shell, to these websites to allow them to perform operations on their infrastructure. The company said that a large number of those preparing to join in the attack aren’t the most sophisticated hackers, as they are using software developed 10 years ago.
The company said that “most of the websites belong to small businesses, which attests to [the hackers’] low professionalism and their focus on getting some publicity, based, as every year, on the quantity of sites that are breached rather than on their quality.”
The program called EL_MuHaMMeD Kitle mha Shell V1 is meant to remain hidden from server owners, and allow the hackers to erase and directly upload files in a matter of seconds. Websites can be vandalized or used as a tool for infecting visitors.
ClearSky said further that attackers can use the shell as a “set it and forget it” weapon – in other words, they can define a series of operations in advance without having to maintain continuous communication with the software.
- Global Cyberattack Could Cause Economic Damage of $85b-$193b, Report Finds
- Gantz Phone-hacking Affair: 9 Questions That Must Be Answered
- U.S. Hackers Helped UAE Spy on Al Jazeera Chairman, BBC Host
The program was identified as being used by a Turkish group called AKINCILAR, who has already used it in a series of network actions against Israel including attacking websites after the Mavi Marmara incident in 2010, Nakba Day events and the transfer of the U.S. Embassy to Jerusalem last year.
ClearSky has identified several sites that have already been vandalized. Most have had their landing pages replaced by text referring to a group called Giant-PS, which is said to be affiliated with Hamas.
OPIsrael first occurred in 2013, when hackers declared April 7 would be the day of the Israeli internet apocalypse, and that the entire country would be erased from the global online map. Every year, OPIsrael hackers manage to bring down or vandalize some websites. Most sites that have been affected are marginal. They also publish lists of Israelis they claim to have obtained through the use of cyber magic. In most cases these are recycled lists already appearing in the millions online.
ClearSky’s report shows that the Middle East’s biggest cyber power isn’t exactly immune to such attacks, and that everyone is good at talking about cyber defenses and hackers, but tend to neglect the need to take the complex protective measures that are necessary to safeguard information security and online applications. The fact that the attackers can infiltrate websites with a 10-year-old shell program that one assumes any updated antivirus or antimalware program should be able to block, testifies to the level of security on these websites, the report says.
It pointed to a disturbing example this month of a a million Israeli web pages destroyed by a third-party accessibility plugin. This attack succeeded despite repeated warnings from developers and security researchers about the possibility of “DNS poisoning,” which exploits vulnerabilities in the domain name system to divert traffic to fake websites under the attackers’ control.
The attackers made do with vandalizing these websites. But an attack against a site that provides plugins installed in many major Israeli websites (the so-called supply chain attack), could potentially do a lot more damage.