Israeli Hackers: We brought down official Iranian websites

January 26, 2012


Israeli Hackers: We brought down official Iranian websites  A group of Israeli hackers that calls itself “IDF Team” claims that it has brought down the websites belonging to the Iranian Health Ministry and an English-language Iranian television channel, Press TV. According to the group, the cyber attack came in response to Arab hackers’ attacks on Israeli sites.(@ChallahHuAkbar)(#Israel)(#Iran)(YNet)(January 26, 2012)(Dudi Cohen and Aviel Magnezi)


The Guardian, Khaled Diab and the Gilad Atzmon antisemitism test

January 19, 2012

The Israeli cultural is more then just one hacker. The Israeli culture is a culture of intelligence and the free exchange of information. Information can be bought, but it must be bought out of the incubating tech culture that it grew. A hacker who incubated in a Tech culture and then went rogue would be industrious to hide behind a third world regime so that the other hackers who share his knowledge can’t get to him. It is not however a sign that Saudi Arabia is a place that is fertile for thinking.

(CIF) Khaled Diab’s essay at CiF, “Hacking away at Arab and Israeli stereotypes“, is quite misleading. His objective isn’t to tear down stereotypes about Israelis, but to highlight and promote them.
Diab, commenting on recent reports of Saudi hackers who “scaled up their cyber offensive against Israel byparalysing the websitesof El Al airline and the Tel Aviv stock exchange”, quoted an Israeli journalist observing that such Arab tech prowess shattered the “feeling that Israel is a technological ‘superpower’ and a hi-tech nation”. And, later, Diab saw Israeli surprise at the adeptness of the hackers as evidence that Israelis “apparently do regard their nearest [Arab] neighbours as being backward.”
While Diab, later in the essay, acknowledges (albeit in a perfunctory manner) Arab stereotypes of Israelis (which he suggests has nothing whatsoever to do with antisemitism), it’s in the following passage where his polemical veneer of ’peace and reconciliation’ vanishes.
Commenting further on the Israeli reaction to the apparent Saudi hacking, Diab writes.

Some commentators went even further. “The Jewish state is pretty devastated by the idea that a bunch of ‘indigenous Arabs’ are far more technologically advanced than its own chosen cyber pirates,” Israeli jazz musician Gilad Atzmonobserved wryly on his blog.

The “Israeli jazz musician”, Gilad Atzmon, whose blog Diab evidently reads, is the author of a book, The Wandering Who?, which the Community Security Trust characterized as “probably the most antisemitic book published in this country in recent years.”
But, as I noted in a previous post, merely characterizing Atzmon as antisemitic doesn’t do him justice. Atzmon advances crude, hateful, and demonizing rhetoric about Jews which is on par with the most vile Judeophobic charges ever leveled.
In that one video I linked to earlier, Atzmon leveled charges against Jews he has similarly advanced on the blog which Diab refers to.
They include:

  • The explicit charge that Jews are indeed trying to take over the world, and an endorsement of the Protocols of the Elders of Zion.

Gilad Atzmon’s antisemitism, quite simply, is as odious as anything you can find on a white supremacist or neo-Nazi website.
So, here’s a friendly suggestion to Guardian Readers’ Editor Chris Elliott, on how (per his mea culpa in Nov.) he can “avert accusations of antisemitism“, at his paper:
Don’t publish essays which approvingly cite the wisdom of one of the most notorious antisemites of our day!

I’m not really interested in arguing any point beyond the hack/tech/cultural issue. The fact that there is one lone hacker in Saudi Arabia is not a sign that the culture is advanced. It isn’t like the Israelis can go and arrest a hacker working in Saudi Arabia… and it isn’t like as if the Saudis don’t have the money to pay for expertise.

Middle East cyber war escalates: Saudi hackers disrupt Tel Aviv Stock Exchange and El Al , Israeli hackers bring down Arab monetary sites

January 18, 2012

(Eye) Pro-Palestinian computer hackers disrupted the websites of the Tel Aviv Stock Exchange and El Al, Israel’s national carrier, on Monday, escalating a Middle East cyber war.

(Telegraph) The distributed denial-of-service attacks, which also targeted three Israeli banks, were the latest salvo in a month-long offensive between Arab and Jewish hackers determined to give the Middle East conflict an online dimension.
Monday’s hacking incident caused the stock exchange’s website to perform slowly, while El Al’s online services were unavailable for more than an hour.
Responsibility for the attack was claimed by a group of hackers, claiming to be based in Saudi Arabia, which identifies itself by the name “Nightmare”.
It came days after a rival Israeli hacking group called “Israel Defenders” published what it said were the credit card details of hundreds of Saudis. Nightmare had carried out a similar stunt after hacking an Israeli sports website.
The self-proclaimed head of Nightmare, who identifies himself as “0xOmar”, boasted on the microblogging website Twitter that he would never be caught.
“No one is this world going to arrest me,” he wrote. “It’s impossible to find me and I’ll keep attacking Israel. Just stay and watch.”
Setting himself up against 0xOmar is “0xOmer”, the leader of Israel Defenders, who says he is 17. 0xOmer says his counter-campaign has been joined by “7ukk1”, allegedly a soldier in Israeli military intelligence. They claim they are poised to release the credit card details of 300,000 more Saudi nationals.
A second Jewish hacker, Hannibal, has joined the fray, publishing details to allow web users to break into the Facebook accounts of 20,000 Arab users. He claims to have the bank account details of 10 million Iranian and Saudi nationals, which he will release if Israel comes under further cyber-attack.

‘Israel Defenders’ hackers post in forum that attacks are response to “lame” Saudi attack on Israelis.

(JPost) Israeli hackers said they brought down the official websites of the Saudi Arabian Monetary Agency and Abu Dhabi Securities Exchange on Tuesday in retaliation for a denial of service attack on the Tel Aviv Stock Exchange the previous day.
Both websites appeared to be offline following the announcement by the hackers.
An Israeli hacker told The Jerusalem Post that members of the Internet group Israel Defenders were behind the attack.
They said in a forum message that they acted “because lame hackers from Saudi Arabia decided to launch an attack against Israeli sites,” noting the denial of service attacks against TASE and El Al, as well as three Israeli banks on Monday. They signed their message with the name “IDF Team.” The hackers warned “this is only the beginning,” saying “there may be disruption to the [Saudi] government’s stock exchange site” as well.
“If the lame attacks from Saudi Arabia will continue, we will move to the next level, which will disable these sites longer term,” they said, adding that the damage could last for weeks or even months.
Also Tuesday, an Israeli hacker named “Anonymous 972” published the e-mail details, including passwords, of 89 Saudi university students.
“Usually we do not like to hurt innocent sites, but there is now a cyber war, and every war has victims,” the hacker wrote.
“Every time an Israeli site get[s] hacked, the same thing will happen to Saudi sites.”

h/t @TheJewess: Israeli hacker strikes back, publishes Saudi card details

January 11, 2012

( the release of thousands of Israeli credit card numbers by a Saudi hacker last week, an Israeli hacker claims he struck back. An Israeli, calling himself Omer Cohen, said Tuesday that he obtained and published the personal details and credit card numbers of thousands of Saudi Arabian citizens.
Last week, Saudi hackers claimed to have published the credit card details of 400,000 Israelis. Credit card companies said only hundreds of authentic card numbers were published in reality.
The hackers published the list of cards, names and other personal details on the One sports website, which was hacked.
The hackers published a 30 megabyte file containing the details.

let’s go shopping!

Did Israel already launch a major attack on Iran? [UPDATED]

September 23, 2010

Russian technicians work at Bushehr nuclear power plant in Iran

On August 5, I reported on the strong evidence that Iran had become the target of a state-sponsored cyber attack.
At that point it was already understood that the Stuxnet computer worm was almost certainly targeting Iran since that was the location of 60% of the computer systems affected. Moreover, since the worm targets Siemens SCADA (supervisory control and data acquisition) management systems that control energy utilities, and since its design strongly suggested that it had been created for sabotage, it seemed likely that the specific target was Iran’s nuclear program.
A German team of industrial cyber security experts who have analyzed the way the worm operates now claim that it may have been designed to attack the newly operational Bushehr nuclear reactor.
Ralph Langner envisages that the highly sophisticated attack would have required a preparation team that included “intel, covert ops, exploit writers, process engineers, control system engineers, product specialists, military liaison.”
The Christian Science Monitor reports:

Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown.
“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”
On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.
“His technical analysis is good,” says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. “We’re also tearing [Stuxnet] apart and are seeing some of the same things.”
Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner’s analysis.
“What we’re seeing with Stuxnet is the first view of something new that doesn’t need outside guidance by a human – but can still take control of your infrastructure,” says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy’s Idaho National Laboratory. “This is the first direct example of weaponized software, highly customized and designed to find a particular target.”
“I’d agree with the classification of this as a weapon,” Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.
Langner’s research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls “fingerprinting,” qualifies Stuxnet as a targeted weapon, he says.
Langner zeroes in on Stuxnet’s ability to “fingerprint” the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.

Langer speculates that Iran’s Bushehr nuclear power plant may have been the Stuxnet target. He also writes: “The forensics that we are getting will ultimately point clearly to the attacked process — and to the attackers. The attackers must know this. My conclusion is, they don’t care. They don’t fear going to jail.”
If Bushehr was indeed the target, it may have presented itself first and foremost as a target of opportunity. From the point of view of governments with an interest in sabotaging Iran’s nuclear program, Bushehr would not be the most attractive target, but access provided to Russian contractors may have made it the easiest target.
Last September, Reuters reported: “Israel has been developing ‘cyber-war’ capabilities that could disrupt Iranian industrial and military control systems.”
So let’s assume that using Stuxnet, Israel has indeed launched the world’s first precision, military-grade cyber missile. What are the implications?
1. Iran has been served notice that not only its nuclear facilities but its whole industrial infrastructure is vulnerable to attack. As Trevor Butterworth noted: “By demonstrating how Iran could so very easily experience a Chernobyl-like catastrophe, or the entire destruction of its conventional energy grid, the first round of the ‘war’ may have already been won.”
2. The perception that it has both developed capabilities and shown its willingness to engage in cyberwarfare, will serve Israel as a strategic asset even if it never admits to having launched Stuxnet.
3. When it comes to cyberwarfare, Israel ranks as a major global power. It’s own tiny infrastructure makes it much less vulnerable to attack than is the sprawling infrastructure of the United States. It’s highly developed military IT industry means that it not only has great domestic human resources but that Israeli IT specialists, through research and employment, have the best possible access to most of the leading development facilities and vendors around the world.
4. As a cyber arms race takes off, we should not imagine that it will be like other arms races where power resides more in capabilities than in the use of those capabilities. “Whereas nuclear weapons have been used twice in human history, cyber weapons are employed daily and there is therefore an existential need to create some form of regulatory system that allows more than implicit deterrence,” says Robert Fry.
5. If AQ Khan demonstrated the ease with which a nuclear proliferation network can operate, the fact that the raw material upon which cyberwarfare is based is arguably the most easily transferable object on the planet — computer code — means that in certain ways the era of cyberwarfare may prove to be more dangerous than the nuclear era.
6. In the strategic landscape of cyberwarfare the most dangerous player may turn out to be a small but highly developed fortress-state that feels threatened by much of the rest of the world; that neither trusts nor is trusted by any of its allies; that sees its own stability enhanced by regional instability; that has seen its own economic fortunes rise while the global economy suffers; and that views with contempt the notion of an international community.

Paul Woodward says it like a Computer Virii Vs. Iran is a bad thing? Also… Israel is not the only people in the world that want Iran’s Nuclear advancement to move offline. There are myriads of states that fear Iran. I probably shouldn’t be posting this in that this site is beyond bias… but I was amused by the story.

Langner’s analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.

“After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon,” Langner writes in his analysis. “Something big.”

For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid.

“The implications of Stuxnet are very large, a lot larger than some thought at first,” says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. “Stuxnet is a directed attack. It’s the type of threat we’ve been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly.”
Has Stuxnet already hit its target?

It might be too late for Stuxnet’s target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.

A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.

Could Stuxnet’s target be Iran’s Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?

Langner is quick to note that his views on Stuxnet’s target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr’s expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)

But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered.

“This will all eventually come out and Stuxnet’s target will be known,” Langner says. “If Bushehr wasn’t the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that.”

Israeli hacker shuts down IHH website

June 21, 2010

A 30-year old Israeli computer expert from Holon claims to have hacked into the website of the IHH, the terror organization whose thugs attacked Israeli troops on the Mavi Marmara three weeks ago. The hacker – who is remaining anonymous – interrupted the organization’s stunning 9,000 Euro per hour fundraising efforts.

you can’t buy this kind of public relations. IDF should give this guy a job