Vice PM Twitter Account Hacked as Israel Ramps Up Cyber-Defense
As the conflict between Israel and Hamas in Gaza has escalated, the Anonymous hacker collective has gained much media attention for its own offensive against Israel, dubbed #OpIsrael. In the week since Israel began its Operation Pillar of Defense, its government says it has endured approximately 44 million cyberattacks from hackers, and thwarted nearly all of them. Despite such claims of a strong cyber-defense strategy, hackers claiming to be from ZCompanyHackingCrew managed to hack into the Twitter and Facebook accounts of Israel’s Vice Prime Minister Silvan Shalom on Tuesday, replacing his tweets with pro-Palestinian messages and defacing the page’s header image with one of a banner that read “STOP KILLING PEOPLE YOU F*CKING TWATS.”
A tweet from a prominent Anonymous Twitter account further hinted that Shalom’s emails may be their next target.
Recent claims from Anonymous have also boasted of hundreds of disabled or defaced websites and leaks of thousands of Israeli officials’ personal data. And after naming the American Israel Public Affairs Committee (AIPAC) as a target and leaking the details of the organization’s president and a list of his political donations, Anonymous claimed to have taken down that site as well.
Tuesday’s hacking of the Israeli Vice Prime Minister’s accounts comes amidst comments made Sunday by Finance Minister Yuval Steinitz that the government has successfully held hackers at bay, according to Times of Israel.
Speaking at a special press conference at the Government Computing Center in Jerusalem about the cyber war against Israel that has accompanied Hamas’s rocket attacks, Steinitz said that hackers “are trying to disable the symbols of Israeli sovereignty, to enter web sites and install anti-Israel content, thus compromising information and data and damaging the government’s ability to serve the public.” Most of the attacks, he said, were against government sites, like the Prime Minister’s Office site, and security-related sites, such as that of the Home Front Command, the body charged with informing Israelis on how to protect themselves in the event of an attack.
Out of those 44 million-plus attacks on government and defense related sites, said Steinitz, only one succeeded – partially. One site, which he did not name, was “wobbly for a few minutes,” but quickly recovered. Even though the government has been successful in warding off hack attacks, Steinitz said that government sites were fully backed up and mirrored, meaning that they could be replaced by a duplicate site instantly if the original site were compromised.
A team of several dozen staff in Israel’s government computing unit is said to have been working 24 hours a day, seven days a week at deflecting hacker attacks, thanks in part to a security technology invented in Israel called Foresight.
Once an existing site struggles under a DDoS, an alternative version is activated. "Our solution is part of a full defensive system based on traditional tools, like firewalls. When those fail, a 'clean' backup created by Foresight automatically takes over, with the site's IP address and DNS now pointing to the new server. Thus, all traffic is directed to the 'clean' site, and the site is able to function as normal," said Foresight CEO Israel Ragutski.
"Sys admins always have handy backup, so when traffic on one server is shaky due to heavy volume, they can just switch to the new server, leaving the destructive traffic to attempt to disable the now-defunct server."
Foresight has been on the market for a bit more than a year, Ragutski said, and the Israeli government computing unit was one of the company's first customers, putting its tech to use in preventing hackers from bringing down the government's websites - even after 44 million tries.
But Anonymous is not Israel’s primary concern when it comes to cyberattacks; rather, Iran and Gaza represent greater threats, according to the New York Times. Security researchers discovered in July that critical infrastructure targets had been infected by malware that appears to have originated in Iran. In another investigation, researchers found that a remote access tool that originated in Gaza had enabled servers to spy on computers in Israel.
The malware was designed to spy on computers by copying images and files, grabbing screenshots and using infected computers as recording devices to record users’ conversations. While many companies have been able to scrub the malware from their systems, security researchers say Mahdi is still actively spying on computers, predominantly in Israel, but also in Afghanistan, the United Arab Emirates, Saudi Arabia and the United States.
More recently, Israel was forced to take its police department offline two weeks ago after security experts discovered that many of the department’s computers had been infected with a remote-access tool, or RAT, which gives attackers realtime control of victims’ machines. The RAT appeared to be an off-the-shelf variation that can be bought on public sites for as little as $50.
After some investigation, researchers at Norman, a computer security firm in Fairfax, Va., noted that the attacks originated from command-and-control centers in Gaza and that the same servers had been spying for over a year, first on computers in Palestine and then in Israel.
As Israel fights back through its own cybersecurity defenses, at least one Pro-Israeli hacker has also entered the mix, further expanding an already complicated landscape of cyberwarfare between opposing regions of the Middle East.