According to a March 19th post on the Solidarite avec la Palestine Facebook page, multiple hacker groups are joining hands to launch a massive attack on Israeli cyberspace. AnonGhost, one of the campaign initiators, has announced that the attack will be launched on April 7th with the objective of disconnecting Israel from the Internet. Radware’s Emergency Response Team (ERT) is currently monitoring the situation closely.
Similar to the #OpIsrael attack that took place in November, the motivation for the attack is political. However, while the attack in November took place following clashes between Israeli forces and Gaza militants, this most recent campaign is being launched as a response to what the attackers describe as “Israel’s behavior towards the Palestinian people.”
Groups & Hackers
Multiple groups and hackers have announced their participation in the attack, including:
- Algerian Hackers
- Mauritania HaCker Team
- Ajax Team
- Moroccan Hackerz
- Gaza Hacker Team & Gaza Security Team
- Anonymous Syria
- The Hacker Army
- X-BLACKERZ INC
- Devil Zone Team
- Moroccan Hackers
In addition to the list above, the post stated that there are another 15-20 teams who have declared that they will be taking part in the attack as well as a large number of individuals that have made clear that they will be participating from around the world.
The Anonymous-affiliated hacker group claims that the April 7th #OpIsrael campaign will be much bigger than the November 2012 attack where hundreds of Israeli websites were targeted.
While no specific targets were mentioned in the post, previous attacks carried out by some of these groups lead us to believe that the April 7th attack will target government sites as well as Israeli banks and businesses.
Attack Vectors and Tools
Using the November 2012 attacks as our guide, there is evidence to suggest that the April 7th #OpIsrael attack will include both DDoS attacks and web site defacements, with each of the teams trying to create the maximum amount of damage based on their capabilities and knowledge.
To achieve their stated goal, which is defined as “a total blackout”, it is also possible that a massive DNS attack will be launched on Israeli root domain servers.
Attack tools that were published are PyLoris and ByteDos, which are two common tools utilized by hackers.
PyLoris is a slow HTTP DoS tool, which enables the attacker to craft her own HTTP Request headers. These include the packet header, cookies, packet size, timeout and CRLF option.
PyLoris’ objective is to keep TCP connections between the attacker and the victim servers open for as long as possible. This results in exhausting the server’s connection table resources.
ByteDos is a Windows desktop DoS application. It is a simple, standalone executable file, which does not require any special installation on the attacker’s PC. ByteDoS is equipped with embedded IP resolver capabilities that allow the attack tool to resolve IPs from domain names. The tool supports two attack vectors: SYN flood and ICMP flood, allowing the user to choose which vector to use during the attack.
Radware’s ERT will continue to monitor information around the April 7th #OpIsrael attack. Be sure to check back for frequent updates as April 7th draws closer in order to remain informed and prepared.