Re: Hacker War Rages in Holy Land

[security curmudgeon <jericho () attrition org>]

> http://www.wired.com/news/politics/0,1283,40030,00.html
> by Carmen J. Gentile

> Israelis and Palestinians are waging a cyberspace hacking war,
> employing a variety of tactics such as site defacements, system
> penetrations, misinformation campaigns and the possible use of viruses
> or Trojan horses.
>
> Thats the word according to iDefense, an international private
> intelligence outfit monitoring hacker activities for private and
> public-sector clients. Not only has the rash of defacements already
> crashed official government and corporate sites, but it is expected to
> continue and intensify as political tensions in the region heighten.

And if theses clients aren't Irsraelis or Palestinians.. why pay for this
type of 'news'?

> Since Oct. 6, when the Israeli/Palestinian cyberconflict moved into full
> swing, pro-Palestinian hackers have defaced at least 40 Israeli sites
> while Israeli antagonists have marred 15 Palestinian sites.

And the source of this information? Where did iDefense or Wired learn of
these 40+ defacements? I understand if Wired received the information from
iDefense and had no idea that it should have been credited to another
source. But iDefense not crediting the source? Oh yeah, I forget, that
is Standnard Operating Procedure. Charlatans.

> The current conflict is believed to have begun shortly after pro-Israeli
> attackers created a website called Wizel.com -- a host for FloodNet
> attack, which reloads a targeted Web page several times per minute,
> thereby rendering the site inoperable.

A Pentium 100 running Windows 95 and PWS/2.0, connected via ISDN or DSL
could handle that type of 'attack'. If the floodnet reloaded the page
several times a SECOND, it might be effective. Loading a page a couple
times a minute is standard traffic.

> One entity Venzke has taken particular interest in is the
> pro-Palestinian hacker who goes by the name dodi. A skilled hacker,
> dodi has been responsible for some of the most destructive attacks in
> this war.
>
> On November 3, Cognifit.co.il, a service provider for elderly Israeli
> citizens, was defaced by dodi. On the site, the hacker claimed he
> could shut down the Israeli ISP NetVision, which claims it hosts
> almost 70 percent of all the countrys Internet traffic.

Wait. Dodi defaced two .il web sites that I am aware of (and two .com).
On the site, he CLAIMS he could shut down various things. Is this the
"most destructive attacks" referenced above? Web page defacements and
CLAIMS of being able to do more? This seems overly dramatic and deceptive.
And their clients pay for this? Web page defacements are rarely
'destructive', sometimes overwriting a single page at most.

> High-profile websites such as Yahoo! and CNN.com, which have been
> victims of cyberattacks in the past, are thought to be potential
> targets in the current conflict, according to iDefense, simply because
> Palestinians or Israeli attackers may find them a good vehicle through
> which to promote their causes.

This is severely flawed logic.

Yahoo and CNN have not been publicly defaced. So claiming they are popular
targets to promote causes with defacing in mind is wrong. These two sites
WERE victims of DoS attacks earlier this year. BUT, in those attacks, no
'cause' was promoted. Taking a site offline does not deliver a specific
message, be it political, religious, or anything else. Short of making a
public statement claiming credit for such activity, no message will be
delivered. If someone were to make such claims, it would only assist
network administrators and law enforcement to track down the attackers and
filter hostile traffic close to the source. Imagine if an entire country
dropped off the net because a half dozen backbones got tired of dealing
with it.

Anyway, this seems to be more FUD from iDefense, seeking to make a name
for themselves. Stepping into a foreign conflict and helping them to hype
it for their own commercial gain. Nevermind them stealing other non profit
organizations hard work, not crediting them, and claiming the work as
their own. *cough*

Brian
Attrition.org Staff


ps:  hello to you two iDefense people reading ISN

pps: hello to the rest of iDefense who will read this after they forward
     it around the office a bit.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".