Entries in Cyber Attacks (3)


Israel Combats Cyber Attacks During Gaza Offensive

iStockphoto/Thinkstock(JERUSALEM) -- The Israeli government said Monday that since the beginning of its military operation in Gaza, cyber attackers have launched more than 44 million attempts to disrupt the operation of various Israeli government websites, but were only successful in knocking out one site for a short period.

"One hacking attempt was successful and took down a site for a few minutes," Carmela Avner, the chief information officer at the Finance Ministry, told ABC News. Avner said the website in question belongs to a "small unit of one of the ministries," but declined to comment further.

Israeli Finance Minister Dr. Yuval Steinitz ordered the government CIO unit to operate in emergency mode but said he remains confident in its abilities.

"We are reaping the fruits on the investment in recent years in the development of computerized defense systems, but we have a lot of work in store for us," he told reporters during a visit to the Government Computing Center in Jerusalem.

The prime minister's office, the Ministry of Foreign Affairs and the president's residence were among the government websites targeted. Israeli government websites are a common target of cyber attacks, Avner said, but the sheer volume this time around indicated a clear escalation during the Gaza operation.

The dramatic spike comes after the loose hacking collective Anonymous announced online that it would be targeting Israeli websites "in retaliation for the mistreating of people in Gaza and other areas."

Anonymous, the same group that reportedly took out the CIA's public website for a few hours in February, claimed it had attacked approximately 10,000 Israeli websites, both government and private.

Avner said most of the attacks on the government websites were designed to overload the site servers with excessive data. One method of doing that, known as a Distributed Denial of Service (DDos) attack, is a fairly rudimentary tactic historically favored by Anonymous.

Tweeting under the hashtag "OpIsrael" after the name it had given to its campaign, Anonymous claimed to have disrupted service on dozens of private Israeli websites, including the website for the Bank of Jerusalem and the local servers for news outlet MSN and search engine Bing. Both MSN and Bing's Israeli home pages appeared to have experienced trouble earlier Monday but were functioning properly as of this report. The Bank of Jerusalem's website's homepage was functioning but its English section was inaccessible.

Anonymous also tweeted a link to what it presented as the personal contact information of more than 3,000 "donors to Israel," including members of the U.S. Congress. Much of the data appeared to be a compilation of publicly available contact information.

As the real-world military operation gained steam last week, Anonymous posted what it dubbed as a "Gaza Care Package," containing information in Arabic and English about how to circumvent Israeli online surveillance by shielding IP addresses and how to set up alternative WiFi access in the event of an Internet shutdown.

Anonymous made the care package apparently in response to what it called Israeli threats to cut off electricity and Internet access in Gaza. That threat was not reported elsewhere and there have been no reports of Internet or power outages in Gaza so far.

"For far too long, Anonymous has stood by with the rest of the world and watched in despair the barbaric, brutal and despicable treatment of the Palestinian people in the so called 'Occupied Territories' by the Israel Defense Force," Anonymous said in its statement last week. "Like so many around the globe, we have felt helpless in the face of such implacable evil. And today's insane attack and threatened invasion of Gaza was more of the same."

Israeli officials said they are acting only to defend Israel from rocket and terrorist attacks by militants in Gaza.

"We will not accept a situation in which Israeli citizens are threatened by the terror of rockets. No country would accept this, Israel will not accept it," Israeli Prime Minister Benjamin Netanyahu said last week.

More than 100 Palestinians, including women and children, and three Israelis have been killed since the start of Israel's Operation Pillar of Defense last week, according to international news reports.

Copyright 2012 ABC News Radio


Researchers Say ‘Extremely Targeted’ 'MiniFlame' Cyber Attack Hit Lebanon, Iran

iStockphoto/Thinkstock(MOSCOW) -- Researchers said Monday they have identified part of the powerful Flame cyber espionage program as a stand-alone, “highly flexible” spy program that centered its attacks on computer systems in Lebanon and Iran.

MiniFlame, as cyber experts at Moscow-based Kaspersky Labs dubbed the malware, is an “info-stealing” virus designed to hit only a few high-profile targets -- perhaps just a few dozen computer systems. Kaspersky researchers said in a blog post they actually discovered MiniFlame in July but at the time believed it to be just a module within Flame.

The larger Flame virus was described by researchers as the most sophisticated cyber espionage program ever discovered and was a veritable “toolkit” for cyber spying programs. It could take remotely take screenshots of infected computers, record audio conversations that took place in the same room as the computer, intercept keyboard inputs and wipe data on command. Researchers said that malware infected thousand of computers, mostly in Iran.

In May, a top Israeli official dropped vague hints that his country may have been behind the creation of Flame, and the U.S. and Israel have long been suspected of mounting a sophisticated cyber campaign against Iran that included the Stuxnet worm, which is credited with physically disrupting the operation of one of Iran’s nuclear facilities.

Lebanon is home to the Iran-backed militant group Hezbollah, which the U.S. considers a terrorist organization.

Kaspersky Chief Security Expert Alexander Gostev said he believes MiniFlame is used as a “second wave” of attack after Flame or another virus called Gauss, has already hit a target system.

“MiniFlame is a high-precision attack tool,” Gostev said. “After data is collected [via Flame] and reviewed, a potentially interesting victim is defined and identified, and MiniFlame is installed in order to conduct more in-depth surveillance and cyber espionage.”

Kasperky’s announcement comes weeks after U.S. officials said they suspected Iranian hackers of having a hand in a large but relatively unsophisticated cyber attack on Western financial institutions.

Last week, Secretary of Defense repeated warnings that if America doesn’t step up its cyber security on a national scale, it could face a “cyber Pearl Harbor.”

Copyright 2012 ABC News Radio


Government's Swift Response to Cyberweapon Stuxnet 

Hemera/Thinkstock(WASHINGTON) -- An Iranian nuclear facility may have taken the brunt of the cyber superweapon Stuxnet believed to be built in part by the U.S., but the American government was concerned enough with its spread to a facility back home that a fast response team was deployed to deal with an infection, according to a new report from the Department of Homeland Security.

The report, released Thursday by the DHS’s Industrial Control Systems Computer Emergency Readiness Team (ICS-CERT), gives scant details on the incident, except to say that after Stuxnet was discovered on thousands of computer systems around the world in 2010, a DHS team “conducted an onsite incident response deployment to a manufacturing facility infected with the Stuxnet malware and helped the organization identify all infected systems and eradicate the malware from their control system network.”

The worm was found on “all their engineering workstations as well as several other machines connected to the manufacturing control systems network,” the report said.

The DHS declined to identify the facility, but whatever it was, it was unlikely to have been in real danger from Stuxnet, as the malware was designed to be an extremely precise weapon that only targeted a specific system related to Iran’s nuclear enrichment and harmlessly floated through other computer networks, according to researchers who have dissected the worm. A spokesperson for the DHS told ABC News that the worm “did not impact control processes or operations of the manufacturing company.”

But a cyber expert with Russia-based Kaspersky Labs, which analyzed Stuxnet, said that just the presence of the worm on U.S. industrial systems meant things could have gone “very wrong.”

“This very clearly shows the inherent danger of cyber weapons, especially when they function autonomously,” Kaspersky Labs senior researcher Roel Schouwenberg told ABC News.

When it was discovered in 2010, Stuxnet was considered the most sophisticated cyber weapon in history, capable of physically altering or damaging critical industrial control systems -- the same systems that are used in everything from water treatment plants to the electrical grid and nuclear facilities all over the world.

Cyber experts, as well as a Congressional report published in late 2010, said that Stuxnet was most likely developed by a nation-state and put the U.S. and Israel at the top of a short list of nations capable of such a feat. The New York Times reported earlier this year that Stuxnet had been one tool developed in a joint U.S.-Israeli cyber war waged on Iran.

After Stuxnet two other highly sophisticated cyber espionage weapons, Duqu and Flame, were discovered on computer networks in Iran and the Middle East and were found to share code with Stuxnet -- leading researchers to believe all three were developed by teams that at least had access to each other’s original work.

The report also revealed that between 2009 and 2011, U.S. CERT experienced a dramatic increase in reported incidents of possible cyber attacks on critical infrastructure facilities -- from just nine in 2009 to 198 in 2011.

There were 248 total incidents but only 17 were serious enough to prompt the DHS to send fast response teams to the facilities to deal with the problem hands-on.

For each year, the energy or water sectors combined reported a majority of incidents, but DHS said that sophisticated “spear-phishing attacks” had targeted unsuspecting workers in the nuclear, government and chemical sectors as well.

“ICS-CERT and the [industrial control system] community have worked together successfully to identify and mitigate malicious cyber activity in critical infrastructure assets, but much remains to be done,” the report says. “Sophisticated and targeted cyber intrusions against [industrial control systems] across multiple critical infrastructure sectors continue to increase.”

Copyright 2012 ABC News Radio

ABC News Radio