How Israel withstood major Anonymous attack using a little Foresight

How Israel withstood major Anonymous attack using a little Foresight

Summary: Israeli government sys admins managed to ward off 44 million attacks against its sites in five days. Here's how they did it.

SHARE:
TOPICS: Security
13

The war going on now in the Middle East between Israel and Hamas has had Israeli sys admins working overtime – 24/7, actually – keeping Israel's computer systems up and running.

Last weekend, Anonymous and other hacking groups declared war on Israel's IT systems. What set off the hacker group, according to its press release, was a supposed Israeli threat to cut off internet access in Gaza (something that didn't happen). "We will use all our resources to make certain you stay connected to the internet and remain able to transmit your experiences to the world," Anonymous said.

Whatever Israeli sites the hackers did or didn't manage to take down, it appears that virtually none of them belonged to the Israeli government or army.

At a press conference on Sunday, Israel's Finance Minister, Dr Yuval Steinitz, said that between the beginning of Israel's Operation Pillar of Defense, there had been some 44 million attempted attacks against Israeli government sites (22 million alone against the site of Israel's President, Shimon Peres). The government computing unit, consisting of a staff of several dozen, had managed to ward all of them, he added – except for one, which left a single site acting a bit "wobbly" - that is, slow to load - after the particularly intense attack.

Roni Bachar
Roni Bachar

Steinitz did not identify those responsible for the online assault directly, but did say that many of the attacks were from IP addresses in the US and Europe. According to the minister, the hackers were "trying to disable the symbols of Israeli sovereignty, to enter websites and install anti-Israel content, thus compromising information and data and damaging the government's ability to serve the public."

That the hacks failed to such an extent is not so surprising, said Roni Bachar, penetration and cybersecurity team manager at Israel's Avnet Information Security.

"Naturally, the government would have the top defences, such as the best firewalls and technology to deflect attacks by immediately shutting down connections from problematic IP address blocs, or even countries unfriendly to Israel," he said.

Pakistani hackers also claimed to have taken down several major Israeli sites this week, such as the local versions of Groupon and Microsoft. "There is probably no good reason for heavy IP traffic coming from a place like Pakistan at this time," said Bachar, "so it's likely the government IT team shut down that IP connection altogether."

Bachar is also skeptical that hackers – Anonymous, Pakistani, or otherwise – were able to get into many Israeli sites. "It's more likely they got hold of a DNS table and changed things around, re-routing [the] address to make it appear that they had actually hacked sites," Bachar said.

Israel Ragutski
Israel Ragutski

One trick that Anonymous, based on its Twitter and web postings, had hoped to rely on to take down Israeli sites was DDoS, where tens of thousands of machines overload servers with traffic, hoping to bring it down at least temporarily.

In order to fend off the DDoS attacks, the government used an Israeli-invented security technology by a company called Foresight.

Once an existing site struggles under a DDoS, an alternative version is activated. "Our solution is part of a full defensive system based on traditional tools, like firewalls. When those fail, a 'clean' backup created by Foresight automatically takes over, with the site's IP address and DNS now pointing to the new server. Thus, all traffic is directed to the 'clean' site, and the site is able to function as normal," said Foresight CEO Israel Ragutski.

"Sys admins always have handy backup, so when traffic on one server is shaky due to heavy volume, they can just switch to the new server, leaving the destructive traffic to attempt to disable the now-defunct server."

Foresight has been on the market for a bit more than a year, Ragutski said, and the Israeli government computing unit was one of the company's first customers, putting its tech to use in preventing hackers from bringing down the government's websites - even after 44 million tries.

Topic: Security

David Shamah

About David Shamah

David Shamah has been writing about Israeli technology news for over a decade, both in print and on the web, and knows the Israeli tech scene and its start-ups inside out.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Israeli propaganda

    The whole premise of this headline and article is a nonsense.

    The primary goal of Anonymous was, as quoted by this very same article, to ensure internet access was preserved in Gaza and not blocked by Israel as the regime had threatened. This goal was achieved.

    "We will use all our resources to make certain you stay connected to the internet and remain able to transmit your experiences to the world"

    Whatever Israel "withstood" it was clearly not this.

    P.S. It seems unwise for Israeli sys admins to brag about surviving an attack by Anonymous. Such arrogance surely risks provoking a serious attack to prove them wrong.
    Tim Acheson
    • Anonymous bunch of communist socialist dirtbags

      For a group of people supposedly pro-freedom; their support of Hamas against Israel indicates a massive case of cognitive dissonance on their part.

      On the other hand, considering that Anonymous is comprised of mostly nerdy, socially inept, female-rejected misogynists incapable of accepting criticism; it's small wonder that they support a Muslim regieme which wants to keep women as 2nd class citizens and slaves.
      Dr_Zinj
    • and it was my goal

      to have the sun rise in the east this morning.
      frylock
      • Congratulations (nt)

        Hallowed are the Ori
    • Nerd Propaganda

      Tim, there is much humor to be found in the fact that you accuse others of nonsense when your own response is itself nonsense. You quote part of the article while ignoring an important part that clarifies the portion you quoted. The alleged goal of Anonymous in attacking Israel's computer systems may have been to keep Internet access up in Gaza, though, one wonders how denial of service attacks directed toward certain Israeli websites has anything to do with preventing Israel from cutting off Internet access in Gaza? However, the article states Israel never tried to cut off Internet access in Gaza, nor has there been any evidence offered aside from rumor that Israel ever threatened to cut off access to the Internet in Gaza. Also, the article explains that Israeli military servers and major government servers have been unaffected by the Anonymous attacks. In fact, if Israel wished to engage in some sort of cyber attack on Gaza's computer's system, it would certainly have capabilities in place to do so, and the actions of Anonymous have done nothing to prevent such an attack. So, no, Anonymous did not achieve much of anything, unless you consider the non-occurence of an event that was never going to happen (i.e. the supposed take down of Gaza's Internet access) to be the achievement of a goal.

      P.S. Given the miserable failure of Anonymous in inflicting any sort of damage on the Israeli government's IT infrastructure, it seems perfectly natural for Israeli sys admin to brag about surviving an attack by Anonymous. There is certainly arrogance involved, but it is not on the part of the Israeli sys admins, rather it is the false pride of Anonymous in overestimating its abilities and importance.
      Cratz
    • Who cares about Anonymous

      They are a bunch of computer anarchists. The onlything positive that they have done since their exidstance began is to leak out the pedophile and perverts. Everything else they did has been useless to everyone else.

      Wouldn't be surprised if the Anonymous threats mentioned weren't from Anonymous but by someone who is pro-Gaza just using the "Anonymous" name. Cowards.
      Gisabun
  • Confused sources

    "they got hold of a DNS table and changed things around, re-routing [the] address to make it appear that they had actually hacked sites"

    That would be a legitimate and successful attack. Nothing to do with trying to make it look like anything.
    Tim Acheson
    • Seriously...

      Serioulsy, you know how thrilled the Russian mafia would be to hijack DNS records for Bank of America, Citibank, Wells Fargo, etc even for just a few minutes?

      Brushing it off as "they just hijacked our DNS servers" is kinda like saying "It's just terminal cancer, no biggie."
      dsf3g
  • Slit throats from Mexican Narcoes are nothing......

    .....if the "Security Service" goes after you!
    :-(
    kd5auq
  • IP addresses in the US and Europe

    I'm guessing a few of the people sitting behind those IP addresses just crapped their pants. :)
    William Farrel
    • You don't think they know do you?

      You seriously don't think Anonymous registers its own IP addresses used for such attacks?

      Botnets are used for such attacks; typically without the users knowledge.

      EU and US computers are popular becuase of their better IP infrastructure; particularly intercontinental fibre.
      Richard Flude
  • They talk like DNS hijack is nothing !!!!

    Really Surprised that how these people even think that They will use their own Registered IP to hack into a nations national System??? And They Talk like "DNS hijacking" is nothing. Looks like these people are god damn genius, in front of them Stuff like "DNS hijack" is like Power cut !
    Oritro Ahmed
  • Lobo-Tommy

    That's the way you do it! Hackin' for nothin' and the clicks for free.
    lmatth@...