Written by Yotam Gutman
When the cannons roar, the muses stay silent (but the hacktivists hack).
As we reported last week, operation “Protective Edge” instigated a flurry of activity by Muslim hacktivists, targeting Israel. In the following post we will review the activities which took place so far and try to characterize them.
Attackers can by divided into three types: individuals, hacktivist groups and cyber terror organizations. Individuals usually join larger campaigns by hacktivists groups and show their support on social media sites.
Hacktivist groups taking a stance make extensive use of Facebook as a “command and control” platform. The largest “event” dubbed #OpSaveGaza was created by Moxer Cyber Team, a relatively new group who probably originated from Indonesia whose event page has 19,000 followers.
The event included many lesser known Islamic groups, mainly from Indonesia, who did not participate in previous campaigns against Israel. Another event page by the Tunisian AnonGhost announced that the attack will include 38 groups from around the Muslim world. The campaign is planned to continue until the 14th of July.
Cyber terror organization in the form of the SEA (Syrian Electronic Army and ICR (Islamic Cyber Resistance) have not officially declared their participation in the campaign but have waged several high profile attacks, such as hacking into the IDF spokesman blog and Twitter account (SEA) and leaking a large database of job seekers (ICR).
The participants in this campaign use similar tools as previous campaigns – Generic DDoS tools, SQLi tools, shells and IP anonymization tools.
Results (Interim Summary)
#OpSaveGaza campaign included to date mainly defacement attacks (about 500 sites have been defaced), DDoS attacks of minor scale and some data dumps. Two interesting trend we’re seeing are recycling older data dumps and claiming it to be a new one, and posting publicly available information which was allegedly breached.
We estimate that these activities will continue until the hostilities on the ground subside, with perhaps more substantial denial of service or data leak attempts.