Upcoming Cyber Attack on Israeli Websites, #OpIsrael

November 14, 2012 01:00 PM

The recent Israel Defense Forces ‘Operation Pillar of Cloud’ in the Gaza Strip, which was officially launched on 14 November, 2012, has raised strong protests from the Anonymous cyber group, which have in response launched #OpIsrael, a cyber-attack campaign whose main objectives are:

  1. Ensure communication channels availability in the Gaza Strip, and provide alternative communication methods in case of an Israeli communication blackout as part of the military operation.
  2. Take down Israeli and Israeli related Web sites.
  3. Deface Israeli sites and promote anti-Israeli agendas.
  4. Stop the violence.

Since #OpIsrael started, several Israeli government sites were reported down, and additionally many other small privately held sites were defaced. The following message was published as a kickoff to this operation: http://pastebin.com/9M0HLC3d, followed by a request to target more substantial infrastructures like banks and airlines. At this point more information started to flow over the IRC channels explaining to new attackers how to download the attack tools of choice, and how to stay anonymous using TOR and free VPN services. As time goes by, more and more attackers are taking part in these attacks and more attack vectors are being discussed over the channels. SQLi and more sophisticated HTTP attack vectors are discussed heavily. Needless to say, the attackers are mostly looking to deface the target sites in order to plant their pro-Palestinian/anti Israeli messages. 
The following is a partial list of some of the reported attacks and their impacts:

Attacked Site Impact

Attack Campaign Detailed Information

The attack campaign is being coordinated through Twitter and a dedicated IRC Channel:http://webchat.voxanon.org/ (Channel #OpIsrael). Currently the attackers have published a care package for Palestinian citizens and have made several public announcements, including in Hebrew.

Attack Campaign Specific Targets

Currently the main attack target is www.idf.il. At the time of the writing this document, no outages have yet been reported to this site. Several other targets have also been reported, such as idfblog.com. This site runs WordPress, and brute force attacks have been reported to have taken place which have caused an outage to the site. It seems that in the initial stage of the attacks, the attackers were looking for ‘low hanging fruit’ and did not put much effort or sophistication in their attacks. The same is true for the DDoS campaign delivered by this Anonymous group, using well known, easy to get and operate attack tools.

Published Attack Tools

The following attack tools have been announced by the attack coordinators and other active participants:

Attack Tool

Attack Vectors

ByteDos version 3.2 ICMP Flood, SYN Flood
Mobile LOIC HTTP Floods
LOIC for android devices HTTP Floods, UDP Flood, TCP Flood
Tor’s Hammer HTTP Post Flood Using TOR Network
SlowLoris Slow HTTP Attack
PyLoris Slow HTTP POST Attack
THC SSL DOS SSL Renegotiation Flood

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center