Anti-Israeli factions of the Anonymous collective opposed to US foreign policy recently declared that they would be launching attacks against any and all websites deemed to be Israeli- or US-government affiliated in their latest #OpIsrael campaign.
The attacks come as the most recent of many campaigns that began back in 2013 on the eve of Holocaust Remembrance Day, and since has been marked with an annual cyber-attack with the goal of “erasing Israel from the Internet”.
The most recent actions are in response to President Donald Trump signing a waiver in June 2017 then on 6 December 2017 recognising Jerusalem as Israel's capital and planning to move the US embassy from Tel Aviv to Jerusalem.
In 1995, the United States Congress passed the Jerusalem Embassy Act, with the purposes of initiating and funding the relocation of the Embassy. The law has since remained unimplemented by US Presidents Clinton, Bush and Obama who viewed it as a Congressional infringement on the executive branch's constitutional authority over foreign policy. Governments around the world condemned the move as East Jerusalem is also claimed by Palestinians as their capital and any final status of Jerusalem under stalled UN promoted Peace agreements was intended to be resolved as part of final status agreements to achieve a settlement.
Anonymous groups are calling for hacktivists around the world to join forces and are urging participants to hack, deface, dox, hijack, leak and DDoS any target in Israel and any websites associated with the US government.
Radware's Emergency Response Team warn attackers may turn their sights on small and medium size businesses that are indirectly involved as large government agencies are often well protected, according to a 12 December blog post. So far they have witnessed several SQL injections, data dumps and service outages and denial of service attacks leveraging TCP flood, UDP Flood and HTTP/S Flood as a result of the most recent operation.
Researchers expect the attacks to continue through December as the US begins to move its embassy to Jerusalem and officially recognise it as the capital of Israel.
"This type of attack happens every year-- usually it takes place in April,” Amit Dori, security research at Votiro told SC Media. “However, this time due to President Trump's declaration to recognise Jerusalem as the capital of Israel - it's possible that this is a replacement of the usual attack that takes place, but it may also be another one.”
Dori added they often “gather the troops” and prepare a big list of targets to use Script kiddies to attack, some of which are very technical and sophisticated while other hackers use sophisticated tools and direct them at the sites they were told to target. Attackers might also spam a specific set of email addresses, he said.
Hacktivism tends to primarily focus on vandalism and service disruption to gain publicity as even unsophisticated attacks that cause little real damage can succeed at making the news, Willy Leichter, vice president of marketing at Virsec said.
“We're seeing a convergence of a hyper-charged political environment, with widespread availability of effective hacking tools that bypass conventional security,” Leichter said. “Pick a cause and come up with a good hashtag and you have a credible threat.”
Some researchers feel attackers could still pose a threat to government agencies. Alec Calic chief revenue officer for The Media Trust warns Government website operators should be on the defence and said preventative steps should include identifying and authorising all parties contributing code to the website and continuously monitoring this code for anomalous behaviour, which will alert security teams to emerging attacks.
"In today's politically-charged environment, the threat to government websites is very real. In addition to grassroot traffic flooding and organised large-scale DDOS attacks, websites are at significant risk of defacement, where the home page is vandalised with unauthorised messaging and/or appearance,” Calic said. “Compromising websites through third-party code is a likely avenue, as evidenced by the increasing number of high-profile attacks.”