After the Cease-Fire in Gaza, Will the Cyberwar Continue?

You didn’t need to be a Middle East specialist to understand that something was seriously off-kilter early Wednesday when Israel’s vice Prime Minister Silvan Shalom displayed a “Free Palestine” photo on his Facebook page, and wrote on his Twitter feed, “FREE PALESTINE! END THE OCCUPATION!” No fan of Hamas, Shalom was the latest target in a hacking campaign that has raged through eight days of actual, lethal warfare in Gaza. Shortly after the postings on Shalom’s sites, the online tech magazine Gizmodo announced that Anonymous, the hackers’ activist group, had finally “swallowed a big fish,” having threatened days earlier to turn the Gaza conflict “into a cyberwar.” “Pretty embarrassing for a high ranking official!” Gizmodo writer Casey Chan snickered.

In a measure of how drastically the Internet has changed since the last Gaza war in 2008, this week’s conflict has been marked by a blitz of tweets and Facebook posts, in which tit-for-tat fury has spewed forth, second by second, minute by minute, from both sides. The Israeli Defense Forces spokeswoman Avital Leibovitch has kept a running commentary on her Twitter feed, some signaling supposed successes like the attack on Wednesday against an underground rocket launcher, as well as more ominous messages, like one late on Tuesday night, warning the large contingent of journalists currently in Gaza to “stay away from Hamas operatives & facilities,” since the organization “will use you as human shields.” Hamas’s military wing, the Al Qassam Brigade, has kept up a similar stream on Twitter, with both claims of attacks and details of their weaponry, and a snide retort on Tuesday night, warning Israelis to stay clear of IDF personnel. Still, much of the tweeting has been left to Hamas’s sympathizers, as well as to activists like Anonymous, which vowed on its blog last week to make “November 2012… a month to remember for the Israeli defense forces.”

And yet, while the hacking of Shalom was perhaps “embarrassing”—the Israeli officials’ Twitter feed was still spitting out pro-Palestinian messages early Wednesday afternoon—it has hardly been the “cyberwar” that Anonymous promised. Instead, tech analysts, including in Israel, say the hacking campaign has exposed the activists’ technological weaknesses, while at the same alerting them to more sophisticated cyberattacks against Israel. It is those attacks—some originating as far away as Iran—that Israelis, by their own admission, could find far tougher to stop.

Take one example: Last Saturday a computer virus hit the email account of an IDF communications officer, effectively allowing hackers to control it, and then to use it to send infected messages on whichever contacts were listed in the computer. With no outward sign that one has been hacked—in contrast with Silvan Shalom’s patently fake postings—the virus can go undetected for a while. In fact, it was uncovered by chance, when Jonathan Singer, an Israeli Labor Party politician, wondered whether an innocuous looking attachment describing Hamas’s rocket attacks on Israel might in fact be malware, or malicious software. Singer approached Seculet, an Israeli computer-programming company, to examine it. Indeed it was. “You get the article opened, and in the background the virus starts working,” Aviv Raff, Seculet’s chief technology officer, told TIME by phone from Tel Aviv. “It allows the attackers to take control of the machine.”

Raff was not surprised. Earlier this year Seculet tracked a stealth virus called Mahdi, which seemed to have been created by technicians at the Islamic Azad University, a chain of private institution headquartered in Tehran. The so-called “spear-phishing” attacks were dropped into normal-looking documents (the one Seculet tracked was mentioned in a Daily Beast story concerning Israel’s own cyberwarfare), allowing hackers to target specific computer accounts, including of “infrastructure companies, financial services and government embassies.”

According to Seculet’s description of how it discovered the virus, Mahdi targeted key accounts within Israel, although Raff says he believes it might have created largely to monitor the online activists of dissidents within Iran itself. Even more worrying for Israel was the Iranian-made malware called Flame, which was uncovered last May be Kaspersky Lab, the computer antivirus company in Moscow, working on assignment for the U.N.’s International Telecommunication Union. Described as “a backdoor Trojan,” Flame multiplies itself as it spreads, targeting entire computer systems. In an email to TIME on Wednesday, Kaspersky Lab said the malware is “programmed to steal valuable information from infected machines, including computer display contacts, information about targeted systems, stored files, contact data and audio conversations.” The worst-hit countries, it says, have been, in order, Iran, Israel, Syria and Lebanon.

Israel, of course, is all too familiar with the strategy. The Stuxnet computer worm, uncovered in 2010, seemed to have been designed specifically to try to disable Iran’s nuclear operation, and—still not officially confirmed—is thought to have been built by Israeli and American engineers.

But fighting off the new kind of cyberwarfare might not be easy—even for a country with superb technicians like Israel. Raff says he believes Mahdi might be active in the current Gaza conflict, as hackers attempt to disrupt Israel’s military. Indeed, both Mahdi and Flame might have existed for a while, without notice. “Any company or government can be infected, even if they use the most sophisticated defense solutions,” he says. “Mahdi went under the radar for months, or years, until it went public. The main problem isn’t how to defend against it, but how to detect it as soon as possible.”

By contrast, the more visible hacking blitz by Anonymous this week is brushed off by some analysts as a nuisance, rather than as a serious threat to the IDF. When Chan posted his news about the group’s takedown of Shalom, a reader shot back sarcastically, “oh that will hurt Israel so bad, their whole missile dome defense system will come down now!” Even Gizmodo’s editor Sam Biddle admits this week’s Gaza conflict has made Anonymous look ineffective and foolish. “It had some swagger at first. But as the days go by, we’re seeing a weak, confused Anon, not a group of Internet freedom fighters,” Biddle wrote on Monday. Far from cyberwar, he said the group’s Gaza campaign had targeted thousands of Israeli “mom and pop” business websites and dumped 2,000 email addresses of Israeli “ordinary nobodies.” Biddle says Anonymous’s ineffectiveness has a clear reason: Many truly dangerous hackers are laying low or have been arrested. “Anyone with the brains and bravery to do something like hack a major government military contractor…is either in the hands of the cops, or afraid of winding up there,” he says. Unless, of course, those brains and bravery reside in Tehran.[]

Leave a Reply

Your email address will not be published. Required fields are marked *