Middle east cyberwar heats up

Pro-Israeli and pro-Palestinian sites continue to be hit as hacktivists go beyond mere Web defacements and denial-of-service

An online battle between Israeli and Palestinian vandals escalated this week with the theft and public posting of a database containing the personal information of 700 members of the American Israeli Public Affairs Committee on Wednesday and the posting of information by Israeli-affiliated hackers regarding Palestinian communications.

"This is no different than in the real world, where activists have gone into terrorism," said Paul Robertson, a senior analyst with security services provider TrueSecure, formerly ICSA.net. "The big issue now is how are we going to defend against it."

More than 180 people, most of them Palestinian, have lost their lives during six weeks of violence in the Middle East.

On Friday, two more Palestinian citizens died during clashes between Israeli soldiers and demonstrators.

Until this week, the groups supporting either side had limited their online activities to defacements and denial-of-service attacks against Web sites affiliated with the Palestinian movement or Israeli nationalists.

More than 30 sites have been defaced or taken off the Net by pro-Palestinian cybervandals, many from Pakistan, and almost 20 other sites have been likewise disrupted by their Israeli counterparts.

But that changed on Wednesday afternoon, when the AIPAC Web site was replaced by another decrying the violence in the Middle East and denigrating Jewish people.

"The hack is to protest against the atrocities in Palestine by the barbarian Israeli soldiers and their constant support by the US government," stated a Pakistani Web vandal using the handle "Doctor Nuker", the founder of the Pakistani Hackerz Club.

In addition, Doctor Nuker broke into two databases that AIPAC had kept on its Web site: one containing 3,100 e-mail addresses of those people interested in updates on the Israeli crisis and another containing the personal information of 700 members, including about 200 credit cards.

So far, only one case of fraud has been reported as a result of the database theft and public posting of those card numbers.

Allowing such information to be accessed from the Web is considered a mistake by security experts, said Robertson. "If they had been using [our practices], this would not have happened," he said. "We require all our client to keep databases off the Web server."

AIPAC has already contacted the FBI, which is investigating the matter, as well as other government agencies that spokesman Ken Bricker refused to name. "We have done everything humanly possible to get the word out," said Bricker.

AIPAC, a relatively new member of the Web community, is trying its best to protect its members, said Bricker, but he pointed to the hacks of Microsoft and the military as examples of how difficult such a task is.

"If Microsoft and the Pentagon can't protect their own sites, then no one can."

Far from ending, the online conflict seems to be getting worse, said Fred Cohen, a computer-security professor, consultant and researcher.

"This represents an escalation. Each side is going to fight harder and harder," he said.

On Friday, MAGLAN, an Israeli information warfare research lab, reported that "Polo0", a Israeli supporter, posted Palestinian leaders' cell phone numbers, plus information about accessing the telephone and fax systems of the Palestinian Authority, as well as 24 different Web sites, 15 IRC channels, and an IRC server through which the Palestinian movement communicates.

Supporters have also posted automated tools aimed at flooding Palestinian sites with garbage data, effectively removing them from the Internet.

Cohen thinks more attacks, and of a worse nature, are sure to come.

"When you talk about war, you are talking about turning off the constraints that hold back people," he said. "You have people who want to break into computers, and now they have an excuse -- they can do it for a cause."

Take me to Hackers

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.