The recent Israel Defense Forces ‘Operation Pillar of Cloud’ in the Gaza Strip, which was officially launched on 14 November, 2012, has raised strong protests from the Anonymous cyber group, which have in response launched #OpIsrael, a cyber-attack campaign whose main objectives are:
- Ensure communication channels availability in the Gaza Strip, and provide alternative communication methods in case of an Israeli communication blackout as part of the military operation.
- Take down Israeli and Israeli related Web sites.
- Deface Israeli sites and promote anti-Israeli agendas.
- Stop the violence.
Since #OpIsrael started, several Israeli government sites were reported down, and additionally many other small privately held sites were defaced. The following message was published as a kickoff to this operation: http://pastebin.com/9M0HLC3d, followed by a request to target more substantial infrastructures like banks and airlines. At this point more information started to flow over the IRC channels explaining to new attackers how to download the attack tools of choice, and how to stay anonymous using TOR and free VPN services. As time goes by, more and more attackers are taking part in these attacks and more attack vectors are being discussed over the channels. SQLi and more sophisticated HTTP attack vectors are discussed heavily. Needless to say, the attackers are mostly looking to deface the target sites in order to plant their pro-Palestinian/anti Israeli messages.
The following is a partial list of some of the reported attacks and their impacts:
Attacked Site Impact
Attack Campaign Detailed Information
The attack campaign is being coordinated through Twitter and a dedicated IRC Channel:http://webchat.voxanon.org/ (Channel #OpIsrael). Currently the attackers have published a care package for Palestinian citizens and have made several public announcements, including in Hebrew.
Attack Campaign Specific Targets
Currently the main attack target is www.idf.il. At the time of the writing this document, no outages have yet been reported to this site. Several other targets have also been reported, such as idfblog.com. This site runs WordPress, and brute force attacks have been reported to have taken place which have caused an outage to the site. It seems that in the initial stage of the attacks, the attackers were looking for ‘low hanging fruit’ and did not put much effort or sophistication in their attacks. The same is true for the DDoS campaign delivered by this Anonymous group, using well known, easy to get and operate attack tools.
Published Attack Tools
The following attack tools have been announced by the attack coordinators and other active participants:
Attack Tool
| Attack Vectors
|
ByteDos version 3.2 |
ICMP Flood, SYN Flood |
Mobile LOIC |
HTTP Floods |
LOIC for android devices |
HTTP Floods, UDP Flood, TCP Flood |
Tor’s Hammer |
HTTP Post Flood Using TOR Network |
SlowLoris |
Slow HTTP Attack |
PyLoris |
Slow HTTP POST Attack |
THC SSL DOS |
SSL Renegotiation Flood |