How Israel withstood major Anonymous attack using a little Foresight

Israeli government sys admins managed to ward off 44 million attacks against its sites in five days. Here's how they did it.
Written by David Shamah, Contributor

The war going on now in the Middle East between Israel and Hamas has had Israeli sys admins working overtime – 24/7, actually – keeping Israel's computer systems up and running.

Last weekend, Anonymous and other hacking groups declared war on Israel's IT systems. What set off the hacker group, according to its press release, was a supposed Israeli threat to cut off internet access in Gaza (something that didn't happen). "We will use all our resources to make certain you stay connected to the internet and remain able to transmit your experiences to the world," Anonymous said.

Whatever Israeli sites the hackers did or didn't manage to take down, it appears that virtually none of them belonged to the Israeli government or army.

At a press conference on Sunday, Israel's Finance Minister, Dr Yuval Steinitz, said that between the beginning of Israel's Operation Pillar of Defense, there had been some 44 million attempted attacks against Israeli government sites (22 million alone against the site of Israel's President, Shimon Peres). The government computing unit, consisting of a staff of several dozen, had managed to ward all of them, he added – except for one, which left a single site acting a bit "wobbly" - that is, slow to load - after the particularly intense attack.

Roni Bachar
Roni Bachar

Steinitz did not identify those responsible for the online assault directly, but did say that many of the attacks were from IP addresses in the US and Europe. According to the minister, the hackers were "trying to disable the symbols of Israeli sovereignty, to enter websites and install anti-Israel content, thus compromising information and data and damaging the government's ability to serve the public."

That the hacks failed to such an extent is not so surprising, said Roni Bachar, penetration and cybersecurity team manager at Israel's Avnet Information Security.

"Naturally, the government would have the top defences, such as the best firewalls and technology to deflect attacks by immediately shutting down connections from problematic IP address blocs, or even countries unfriendly to Israel," he said.

Pakistani hackers also claimed to have taken down several major Israeli sites this week, such as the local versions of Groupon and Microsoft. "There is probably no good reason for heavy IP traffic coming from a place like Pakistan at this time," said Bachar, "so it's likely the government IT team shut down that IP connection altogether."

Bachar is also skeptical that hackers – Anonymous, Pakistani, or otherwise – were able to get into many Israeli sites. "It's more likely they got hold of a DNS table and changed things around, re-routing [the] address to make it appear that they had actually hacked sites," Bachar said.

Israel Ragutski
Israel Ragutski

One trick that Anonymous, based on its Twitter and web postings, had hoped to rely on to take down Israeli sites was DDoS, where tens of thousands of machines overload servers with traffic, hoping to bring it down at least temporarily.

In order to fend off the DDoS attacks, the government used an Israeli-invented security technology by a company called Foresight.

Once an existing site struggles under a DDoS, an alternative version is activated. "Our solution is part of a full defensive system based on traditional tools, like firewalls. When those fail, a 'clean' backup created by Foresight automatically takes over, with the site's IP address and DNS now pointing to the new server. Thus, all traffic is directed to the 'clean' site, and the site is able to function as normal," said Foresight CEO Israel Ragutski.

"Sys admins always have handy backup, so when traffic on one server is shaky due to heavy volume, they can just switch to the new server, leaving the destructive traffic to attempt to disable the now-defunct server."

Foresight has been on the market for a bit more than a year, Ragutski said, and the Israeli government computing unit was one of the company's first customers, putting its tech to use in preventing hackers from bringing down the government's websites - even after 44 million tries.

Editorial standards