Moroccan hackers cause chaos in response to IDF incursion.
By REBECCA ANNA STOIL, JAMES GOLDSTEINTeam-Evil 298(photo credit: )
Shortly after IDF tanks rolled into Gaza, another old front of conflict was reopened early Wednesday morning, but in this battle Kassam rockets and artillery shells were replaced by worms and viruses as pro-Palestinian hackers shut down approximately 700 Israeli web domains.
A range of different Web sites were targeted by the group, including Web sites of banks, medical centers, car manufacturers and pension funds.
Well-known companies and organizations, including Bank Hapoalim, the Rambam Medical Center, Bank Otsar Ha-Hayal, BMW Israel, Subaru Israel and Citr en Israel, real estate company Tarbut-Hadiur and the Jump fashion Web site all found their Web sites shut down and replaced by the message: "Hacked by Team-Evil Arab hackers u KILL palestin people we KILL Israel servers".
The group, Team-Evil, has hit Israeli targets before. In April, they took credit for hacking into the Web sites of the Israel Institute for Biological Research and McDonalds Israel. The group, which contains at least six members, claims to be based in Morocco and their signature began appearing in 2004 in attacks focusing on US government Web sites. Even in the anti-American attacks, the messages left by Team-Evil left an anti-Israel message.
Experts said that it was likely that the group gained the ability to hack the Web sites before the IDF's incursion but was now using the event as an excuse to launch their attack.
Team-Evil's hackers seem to be unconcerned about potential punishment, frequently attaching their individual code names and e-mail addresses to their messages.
Some scholars have adopted the term "hacktivism" to describe the phenomenon and to differentiate it from "cyberterrorism," in which terror groups or individuals use the Internet to carry out terror attacks such as disrupting power grids, shutting down phone service or taking control of an airplane. "Cyberterror" attacks are food for popular concern, but no successful cyberterror attacks have been documented.
Instead, hackers' tactics have focused on site defacements, system penetrations, disinformation campaigns and have threatened the possible use of Trojan horses. Throughout what experts call the Israeli-Palestinian cyberwar, which began coincident with the escalation of on-the ground tensions, the two main types of attacks have consistently been Web site defacement - as in Wednesday's attack - and distributed denial of service, in which a hacker uses a virus to take control of many computers and flood a target Web site with thousands or millions of page requests, thereby overloading its resources and shutting it down.
Not only are such attacks not a new phenomenon in the Israeli-Palestinian conflict, the escalation of the Israeli-Palestinian "cyberwar" has become a popular case study for experts in Internet security fields. In 2000, around the outset of violence at the beginning of the second intifada, pro-Israeli and pro-Palestinian hackers started a sideline war of their own, targeting Web sites supporting the opposing side, replacing guns and rocks with worms and Trojan horses.
But unlike the attack on Wednesday morning, the rash of attacks in 2000 focused on Web sites representing government, political and military organizations. Pro-Israel hackers used a FloodNet attack to disable six Web sites directly affiliated with Hizbullah and Hamas, as well as political Palestinian sites. FloodNet attacks are an example of denial of service attacks, reloading a targeted Web page several times per minute, thereby rendering the site inoperable.
Shortly later, Israeli Web sites, including the main government Web site, the Bank of Israel and the Tel Aviv Stock Exchange, fell victim to pro-Palestinian hackers.
One such virus, known as "Injustice," was a pioneer in conveying a pro-Palestinian political message. That virus, which bared its face in 2001, acted as a "worm," infecting computers through the Outlook Express e-mail program. When the e-mail was opened, the text "apologized" for "disturbing" the victim, and then proceeded to tell a pro-Palestinian version of the events surrounding the death of 12-year-old Mohammed al-Dura, whom Palestinians claimed was killed in crossfire by IDF troops.
After victims opened the text file, the virus sent itself to the first 50 listings in the infected computer's e-mail address book, and then to 25 or so other e-mail addresses affiliated with Israel, including 14 government addresses.
Another well-known Palestinian hacker group, known as Unity, even had alleged ties to Hizbullah and launched a detailed four-phase plan for their assault against Israeli cybertargets, with the fourth phase involving a total shut-down of Israeli e-commerce Web sites.
Criminal justice and international agencies find it very hard to target "hacktivists" and bring them to justice. The Internet affords a high degree of anonymity to would-be attackers, and no international war protocols address "cyberwar."
Furthermore, hackers know no geographic boundaries. Studies have shown that, in addition to Israelis and Palestinians, hackers from Lebanon, Germany, Saudi Arabia, Pakistan, Brazil and the United States all added fuel to the cyberwar during the second intifada. In fact, most of the attacks against Israel were launched from outside both Israel and the Palestinian Authority.
Some overseas hacker groups even attacked both sides, turning the conflict into a podium for showing off hacker prowess rather than reflecting a political stand.
