Written by Hila Marudi, Yotam Gutman and Gilad Zahavi
The #OpIsrael Birthday campaign took place as scheduled on April 7 and involved thousands of participants from all over the Muslim world, from Indonesia in the East to Morocco in the West.
It seems that the bulk of the activity focused on leaking data obtained from various breached databases. Some of the data published was simply a recycling of older data dumps, but some was new and included email addresses, passwords and personal details.
Hundreds of government email addresses were leaked and posted on Pastebin. In addition, private password-protected website databases were also leaked. The Islamic Cyber Resistance Group (ICRG), affiliated with Hezbollah and Iran, leaked hundreds of Bar-Ilan University email addresses and defaced a sub-domain of the University’s website.
Summary of the groups participating in the campaign:
|Group name||Group Details||Activity|
|AnonGhost||Tunisian, the campaign instigator||Defaced hundreds of sites, developed and distributed an attack tool named “AnonGhost DDoSer”, leaked email addresses|
|AnonSec||Pro-Palestinian Muslim group||Leaked government email addresses, defaced websites and launched DDoS attacks|
|Fallaga||Tunisian||Built web-based attack tools and shells, launched DDoS attacks against government sites|
|Security_511||Saudi group||Launched DDoS attacks against government sites and leaked government email addresses|
|Izzah Hackers||Pro-Palestinian Muslim group||Launched DDoS attacks against websites and leaked email addresses|
|Hacker Anonymous Military||Pro-Palestinian Muslim group||Launched DDoS attacks against government sites, leaked government email addresses and defaced websites|
|Moroccan Agent Secret||Moroccan Group||Defaced websites and leaked email addresses|
According to the campaign’s official website, approximately 500 Israeli websites were defaced by AnonGhost, most of which were SMBs and private websites.
According to our analysis, we have not witnessed a dramatic change since the previous OpIsrael campaign that took place on April 7, 2013. We can think of at least two reasons for that:
- The level of awareness and readiness in large organizations (but also in small ones) has improved and is improving each day.
- During this campaign we have not seen attacks waged by nation-state actors such as the Syrian Electronic Army, the Izz ad-Din al-Qassam Cyber Fighters and others.
It appears that the attackers focused on attacking government sites and leaking databases. In addition, the number of authentic dumps containing email addresses, passwords and personal details was much bigger than the last campaign.
However, under the surface we have been noticing in recent weeks an emerging and concerning trend. We know that hacktivist groups and terrorist organizations try to develop their own capabilities. Those groups are also share information between themselves (guide books, scripts, tutorials). Lately we even have identified exchange of capabilities between Russian cyber criminals and anti-Israeli hackers and hacktivists.
The next phase, and we are not there yet, might be the purchase of advanced cyber weapons by terrorist organizations. It can be only a matter of time until terrorist groups (al-Qaeda for example) use sophisticated tools to attack critical infrastructure systems. If this happens, the results of the next OpIsrael campaign would be completely different.