Hackers launched an estimated 100 million attacks against Israeli websites during Operation Pillar of Defense, but caused relatively little damage.
- Startup of the week / Incapsula offers small firms big security solutions
- Israelis spooked by threat of all-out cyber attack next week
"In the first two days of the operation, we saw as many attempts to hack government websites as we usually see in a full month," said Ofir Ben Avi, acting head of E-Government, the company responsible for the state's websites. "The number of denial-of-service attacks is like nothing we've ever seen before."
Anonymous, a loose group of international hackers, has been putting Israeli sites in its crosshairs since the military operation in the Gaza Strip began, last week. Other groups have joined the fray.
The hackers' main targets were the websites of the president, the Prime Minister's Office and the Foreign Ministry, as well as ones related to Israel's defense establishment.
"After the Marmara incident [when Israeli forces killed nine Turkish citizens in a raid on a flotilla intent on breaking the Gaza naval blockade, in 2010] there were attacks on government sites, but it was minor compared to what we're seeing now and the pace of attacks is only increasing," Ben Avi said this week.
Hackers also went after private websites in Israel, defacing hundreds if not thousands. In most cases they posted pro-Palestinian and pro-Hamas messages on the sites.
One of the more public hack attacks targeted the Twitter and Facebook accounts of Deputy Prime Minister Silvan Shalom. On Tuesday night hackers posted pro-Palestinian and anti-Israel messages from his accounts, including "Get out of Palestine > Israeli Zionists! Stop the attacks! End the slaughter of innocent people!! Power to the people!" and "And to my sociopathic wife Judy > Freedom for Palestine is the only way to achieve peace in the Middle East. #Gaza." The accounts have since been repaired.
Yet despite the visible damage the hackers' achievements have been minimal: They failed to disrupt any important services. The closest they came was to shut down the Bank of Jerusalem's online services for several hours, presumably in the belief they were targeting Israel's central bank, the Bank of Israel. The Israel Defense Forces blog was also apparently affected briefly by a denial-of-service attack.
Hamas TV on Israeli channels
Hamas, meanwhile, also succeeded in interfering with some Israeli television transmissions Tuesday night. For about one minute around 10:30 P.M. Israel Channel 2 and Channel 10 broadcasts were interrupted by Hamas propaganda clips, including one showing a missile hitting a tank and threats against "the Zionist armored corps." The interference mainly affected viewers in southern Israel with private satellite dishes, although some HOT customers in the center of the country also reported problems.
The interference was the result of a very strong signal being broadcast out of the Gaza Strip that interrupted satellite reception on the frequencies of the Israeli stations. The IDF uses similar methods to convey messages to Gaza residents.
The Second Authority for Television and Radio, which oversees channels 2 and 10, said the problem was identified immediately and countered by punching up transmission strength for the channels. In addition HOT was instructed to switch from satellite transmissions to fiber optic cable.
Server attack for $2,000
Anonymous, the main group behind the hacking campaign, has been joined by groups including the pro-Palestinian ZHC and Kings of Saudi Arabia.
"Israeli groups neutralizing cyber attacks have been encountering twice the number of attacks lately, but they're no more sophisticated than usual. Even if hundreds or thousands of websites have been defaced, this could all be due to one server being hacked," said Amichai Shulman, VP-technology of data security company Imperva.
To carry out a denial-of-service attack, hackers do not need to actually break into a website or server. Instead, they overload the site with repeated attempts to access it, harnessing armies of hacked computers known as botnets for the task. This can bring down a website and prevent genuine users from accessing it. As an alternative to using botnets hackers can hire computer networks to carry out an attack for around $2,000 a day.
Most denial-of-service attacks target government websites, which according to Shulman are usually capable of repelling them, and not private websites.
Far more serious than any of these hacks is the possibility of damage to crucial infrastructure, such as the Home Front Command's cellphone warning system. This system will let the Home Front Command send text messages to citizens when their cities are facing a rocket attack, for instance.
But that system is safe, for the simple reason that it has not been activated, despite declarations by the Communications Ministry to the contrary. The IDF Spokesperson told TheMarker that the system is in its final stages of development and is not yet operational.