Pro-Palestinian Hackers Breach 120 Israeli Websites

Israeli cyber security firm ClearSky's report shows hackers took over the sites to prepare for an annual cyberattack known as OPIsrael and planned for April 7

Oded Yaron
Oded Yaron
אתר שהושחת בידי קבוצת Giant-PS
A website hacked by Giant-PS group. Credit: Clearsky
Oded Yaron
Oded Yaron

The Israeli cyber security firm ClearSky has found 120 Israeli websites that pro-Palestinian hackers have infected with malware to enable remote takeover during an annualcyberattack, known as OPIsrael, planned for April 7.

OPIsrael is an annual coordinated cyberattack where hackers attack Israeli government and private websites, leading to denials of service and other issues.

ClearSky discovered that the attackers had planted a “back door” or shell, to these websites to allow them to perform operations on their infrastructure. The company said that a large number of those preparing to join in the attack aren’t the most sophisticated hackers, as they are using software developed 10 years ago.

>> Read more: Phone hacking? Fake Twitter accounts? You ain't seen nothing yet | Analysis ■ Official Israel election website vulnerable to hackers, exposes voters' info

The company said that “most of the websites belong to small businesses, which attests to [the hackers’] low professionalism and their focus on getting some publicity, based, as every year, on the quantity of sites that are breached rather than on their quality.”

The program called EL_MuHaMMeD Kitle mha Shell V1 is meant to remain hidden from server owners, and allow the hackers to erase and directly upload files in a matter of seconds. Websites can be vandalized or used as a tool for infecting visitors.

ClearSky said further that attackers can use the shell as a “set it and forget it” weapon – in other words, they can define a series of operations in advance without having to maintain continuous communication with the software.

The program was identified as being used by a Turkish group called AKINCILAR, who has already used it in a series of network actions against Israel including attacking websites after the Mavi Marmara incident in 2010, Nakba Day events and the transfer of the U.S. Embassy to Jerusalem last year.

ClearSky has identified several sites that have already been vandalized. Most have had their landing pages replaced by text referring to a group called Giant-PS, which is said to be affiliated with Hamas.

OPIsrael first occurred in 2013, when hackers declared April 7 would be the day of the Israeli internet apocalypse, and that the entire country would be erased from the global online map. Every year, OPIsrael hackers manage to bring down or vandalize some websites. Most sites that have been affected are marginal. They also publish lists of Israelis they claim to have obtained through the use of cyber magic. In most cases these are recycled lists already appearing in the millions online.

ClearSky’s report shows that the Middle East’s biggest cyber power isn’t exactly immune to such attacks, and that everyone is good at talking about cyber defenses and hackers, but tend to neglect the need to take the complex protective measures that are necessary to safeguard information security and online applications. The fact that the attackers can infiltrate websites with a 10-year-old shell program that one assumes any updated antivirus or antimalware program should be able to block, testifies to the level of security on these websites, the report says.

It pointed to a disturbing example this month of a a million Israeli web pages destroyed by a third-party accessibility plugin. This attack succeeded despite repeated warnings from developers and security researchers about the possibility of “DNS poisoning,” which exploits vulnerabilities in the domain name system to divert traffic to fake websites under the attackers’ control.

The attackers made do with vandalizing these websites. But an attack against a site that provides plugins installed in many major Israeli websites (the so-called supply chain attack), could potentially do a lot more damage.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Crowds at Israel's Ben-Gurion International Airport, in April.

U.S. Official: West Bank Entry for Palestinian Americans Unrelated to Israeli Visa Waivers

Haaretz spoke with several people who said they had fled Ukraine, arrived in Israel,  and were asked to undergo DNA tests in order to establish paternity.

'My Jewish Grandmother Has a Number on Her Arm, Why Does Israel Greet Me This Way?'

FILE PHOTO: A Star of David hangs from a fence outside the dormant landmark Tree of Life synagogue in Pittsburgh's Squirrel Hill neighborhood in 2021.

American Judaism Is in Decline. That's Great News for American Jews

People taking part in the annual "March of the Living" to commemorate the Holocaust, between the former death camps of Auschwitz and Birkenau in Oswiecim, Poland, four years ago.

It’s Not Just the Holocaust. Israel Is Failing to Teach the History of the Jews

 A Jewish cemetery in Warsaw, Poland.

Israel and Poland Fight Over History, Truth - and Israeli Students

A collage of the Bentwich family throughout the generations.

Unique Burial Plot in Jerusalem Tells Story of Extraordinary Jewish Dynasty