Inside Cyber Warfare - Jeffrey Carr [20]
XX_Hacker_XX is a moderator on soqor.net, and like Nimr al-Iraq, he provides advice and links to download tools, such as RAT programs. He is the moderator of the “hacking programs” section of the soqor.net website. His profile describes him as an 18-year-old from Kuwait.
Methods of Attack
Analysis of discussions on Arabic hacker forums and general pro-Jihad forums indicates that anti-Israeli hackers would like to carry out serious cyber attacks against Israeli targets. However, they do not have a demonstrated capability to carry out such attacks, and their actions have been limited to small- to mid-scale denial of service attacks and mass website defacement attacks. They may also have attempted to compromise individual computers via Trojans, particularly the Bifroze Trojan, a variant of which was developed by members of the 3asfh hacker forum. Additionally, they talk of the desire to use viruses against Israeli computers, although the kind of viruses under discussion are relatively old and many computers would already have been updated with protections against them.
Distributed denial of service (DDoS) capability
Muslim hackers are using both indigenously developed and borrowed DDoS tools and making them available for download on hacker forums. One tool, named after Mohammed al-Durra, a Palestinian child allegedly shot and killed by Israeli soldiers in 2000, was first developed in 2006. An updated version has been provided by Nimr al-Iraq for use in the current conflict.
With the al-Durra program, a user voluntarily downloads the program and then checks to see which target websites are on Arabic hacker forums. He then plugs in the target and the program will repeatedly send requests to it. When a sufficient number of people utilize the al-Durra program against a site, they can overwhelm it and bring it down. Other DDoS tools developed by hackers outside this community, such as hack tek, are also being used.
Such tools do not require sophisticated technical skills or training. This makes them useful in a political dispute such as the Gaza crisis, when there is a very large global community willing to assist in cyber attacks against Israel but not necessarily skilled enough for more sophisticated attacks.
Website defacements
The hackers download vulnerability scanners from hacker forums to find websites with exploitable vulnerabilities. On the Arabic hacker forums, they have discussed using a few different methods, including SQL injection, cross-site scripting (XSS), and other web server software vulnerabilities.
In most cases, they are reusing previously released exploit code to attack known vulnerabilities that the scanners identify. This is somewhat more difficult than the denial of service attacks, but it is still not considered sophisticated within the larger spectrum of hacking activities. The vulnerabilities being exploited by these hackers have already been identified, and patches and updates have been released to fix them. The only websites that are still susceptible are those whose administrators have been lax in updating their software and downloading patches. There is no evidence that this community is locating “zero day” vulnerabilities—that is, those that have not yet been discovered—at this time.
Viruses and Trojans
Hacker forums reveal a desire to use viruses against Israeli targets, but there is no evidence of success thus far. A couple of hackers have boasted of successfully using Trojans and RATs to gain wide access to individual Israeli computers. This could give them the ability to capture passwords and other important data, facilitating financial crime and harassment. However, there is not yet much evidence that they have been successful with these tools.
Israeli Retaliation
Israel and its supporters have also participated in this cyber conflict in a couple of ways. The Israeli government is behind an effort to recruit supporters who speak languages other than