Did Turkish Hackers Actually Hack the Israeli “Iron Dome”?

Ayyildiz Tim (AYT) is one of the more prominent Turkish hacker groups today. The group was founded in 2002 by Turkish hackers residing outside of Turkey. AYT advocates Turkish state ideology and has declared its intention to fight against “every form of attack on the Turkish Republic”, or attempts to threaten Turkish unity and Islam. Israel, the U.S., Armenia, Syria and the Kurdistan Workers’ Party (PKK) are counted among the group’s main targets.

A number of sources and web surfers refer to AYT as “The Turkish Cyber Army”, claiming that the group directly represents the tactical arm of the Turkish government with regard to everything surrounding cyberwarfare.

AYT founder, Mehmet İshak Telli (Cedkan Bir Yafes), was interviewed by the Ihlas News Agency (IHA) – one of the leading video news agencies in the world – on August 7, 2014. In the interview, Telli claimed that Turkish hackers had hacked Israel’s “Iron Dome” air-defense system and that it would be a good answer to Israel aggression. In his statement, Telli claimed that the Arrow 3 anti-ballistic missile software had also been hacked. He further stated that a secret war has been waged between the Turkish and Israeli intelligence units and AYT had proven their cyber superiority.

Following this interview, numerous media outlets published his statements, falsely and mistakenly adding that “BBC editor” Brian Krebs had congratulated AYT and MIT (the Turkish National Intelligence Agency) on their hacking of Israel’s “Iron Dome”. However, the reports about Brian Krebs also misspelled his name “Vrian Krebs.” According to RedHack (another Turkish hacker group), AYT is merely exploiting the media to fool people.

Twit of a Member of Redhack Group
Tweet made by a RedHack member

What Krebs actually wrote on July 28 was: “According to Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. (CyberESI), between October 10, 2011 and August 13, 2012, attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies…”.

Another investigation undertaken by security expert Reza Rafati also concluded that the information supporting the AYT claim regarding “Iron Dome” was fake.

March 10, 2014 – Anti-Israeli Hackers Plan a Cyber Campaign against Israel

On February 9, 2014, anti-Israeli hacker groups announced a cyber operation against Israel scheduled for March 10. According to a press release issued on Pastebin, all hacktivists worldwide are called upon “to wipe Israel yet again off the cyber web on March 10th, 2014 on the anniversary of Israels attack on Palestinian leader Yasser Arafat’s office in Gaza City”.

#OpIsrael3.0 press release
#OpIsrael3.0 press release

The attackers published a target list of about 1,360 websites, including government websites, banks and financial institutions, media outlets, academic institutions, defense industry, etc. We have identified several hacker groups that will participate in the campaign. One of them is AnonGhost that initiated the April 7, 2014 campaign. Another interesting group is RedHack – a Turkish hacker group that recently waged several high-profile attacks.

The attackers have also created an official Twitter account and a Facebook page, where they have posted links to download various attack tools, such as  DDoS, SQL, RAT, keyloggers and more.

@OpIsrael3 Twitter account
@OpIsrael3 Twitter account

As was the case in previous campaigns, we assume that pro-Palestinian hacker groups will launch cyberattacks against Israeli websites, but with a low success rate, especially with regard to banks and critical infrastructure websites.

SenseCy is coming to town! Come meet us at the RSA USA 2014 conference, February 24-28, in San Francisco.

RedHack – A Turkish Delight

On February 4, 2014, it was reported that members of the RedHack group hacked into the systems of three major telecoms companies: TTNET (Turkey’s largest ISP), Vodafone and Turkcell (the leading mobile phone operator of Turkey). The hackers claim to have obtained large amounts of data, and thus far they have published online information that belongs to Turkish officials and government employees, including names, ID numbers, phone numbers, email addresses and more.

RedHack is a Turkish Marxist–Leninist computer hacker group founded in 1997. The group has claimed responsibility for hacking institutions that include the Council of Higher Education, the Turkish police force, the Turkish Army, Türk Telekom, and the National Intelligence Organization. The group’s core numbers are said to be 12 but the group has hundreds of supporters and over 700,000 followers on Twitter.

RedHack's official Twitter account
RedHack’s official Twitter account

RedHack first made a name for themselves by hacking the Ankara Police Department’s official site in 2012, and later launched a number of attacks against governmental websites, including the Finance and Interior ministries, as well as the Religious Affairs Directorate.

During the last month the group has waged several high-profile attacks against Turkish entities: On January 16, 2014, the group leaked the phone numbers of over 4,000 people who work for Turkcell; On January 15, members of RedHack breached the systems of the General Directorate of the EGO, which serves as the Public Transports Department in Ankara. On January 11, hackers from the group waged several cyber attacks against a number of Turkish organizations, such as the Parliament, the Turkish State Railways, and the Justice and Development Party (AKP).

We believe that in the near future RedHack will continue to focus on attacking official Turkish entities. An interesting observation is their shift from defacing governmental websites to breaching major organizational systems and leaking sensitive information.

Related Posts

Turkish Hacking Group Cyber Warrior’s e-Magazine : TeknoDE on December 18, 2014 by Sheila Dahan

Did Turkish Hackers Actually Hack the Israeli “Iron Dome”? on August 18, 2014 by Sheila Dahan

Turkish Government Bans Twitter and Hijacks IP Addresses for Popular DNS Providers on March 31, 2014 by Sheila Dahan