“Vigilance is the only way to prevent these attacks,” former black hat hacker David Allouch, CTO of AppliCure.
While Hamas rockets disrupt Israeli life in the Negev, supporters of the terror group are fighting against Israel on another front – over the Internet. Groups of sophisticated hackers, with names like Moroccan Hackers, Islamic Crew, and Iran Black Hats, have been working overtime to “own” Israeli web sites, using them to send messages protesting the Israel Defense Force’s operation in Gaza, chalking up a “cyber-victory” against Israel.
Lucky we have David Allouch, CTO of Israeli security company AppliCure Technologies, on our side. Allouch has been on both sides of the cyber war – a former “black hat” hacker who attacked business and government sites in his native France, now helping protect Israeli sites from the onslaught of hacker teams around the world, determined to hack Israeli sites.
Today, most businesses and individuals have plenty of protection on their computer networks – including firewalls, e-mail spam catchers, anti-virus programs, etc. – so hackers bent on computer mischief don’t concentrate on those installations. Instead, they go for the one “door” that remains open for data from the outside – a company’s web server, which hosts web pages, applications, and databases.
Web site programmers use one of several popular site server software (Apache, Microsoft IIS, etc.), which allow users to interact with sites and site designers to set up things like streaming music and video, as well as logging, site security, and other “back end” stuff. Hackers work endlessly to exploit weaknesses in the server software, and when they find such weaknesses, they’re quick to develop an “exploit” to take advantage of it.
Hackers insert new content
Once a weakness is discovered, the programmers responsible for the hole issue a fix to close the security hold. But not all web programmers get the memo – so there are lots of sites out in cyberspace that have old weaknesses that haven’t been repaired, and it’s these sites the hackers attack. Using an automatic attack script – a bot – hackers can parse thousands of sites in a short time, looking for sites to take over. And when they find them, those sites can be compromised, with the most common exploit being a change in the home page by hackers, where they insert their own content.
Usually, that message consists of something like “we wuz here,” with a list of the cyber-names of the “heroes.” But there’s a political side to hacking, Allouch says. “Since the beginning of the operation in Gaza we’ve seen a huge increase in politically motivated hack attacks, done in a very sophisticated manner,” he tells ISRAEL21c.
While just a few years ago the average hacker was likely to be a kid, today’s hackers are older and more highly skilled. The Israeli sites they have taken over in the past couple of weeks include video, photos, music, and other advanced features, all of them aimed at demoralizing Israelis who come across the sites.
Messages include condemnations of IDF activities, threats against Israelis, and anti-Semitic caricatures and rants. If a site is popular, the rogue messages can be seen by thousands of people before site owners have a chance to fix the problem. And it’s not just Israeli sites, Allouch says. “We’ve seen many sites with Jewish content hit as well, meaning the hackers are aiming for sites beyond the Israeli domains of org.il and co.il.”
Creating mass havoc on Israeli sites
And the hackers pulling off these attacks aren’t just “script kiddies,” who copy and paste exploits; they’re much more sophisticated. “We’re talking about groups of hackers who live in different places and are able to seek out and take advantage of very subtle weaknesses that most programmers would miss,” says Allouch.
Last Friday, for example, the hackers were able to detect a problem in an Israeli domain name server, the server that directs web surfers to sites in the entire .il domain. Without even having to monkey around with the original sites, hackers were able to reroute users to a rogue page with anti-Israel messages.
Apparently, the site director said, the hackers were able to get into the site’s database and lift some user names and passwords, thus enabling them to log in as administrators and create mass havoc on Israeli sites.
AppliCure’s solution can prevent web server attacks, he says, by anticipating them in advance. “We scan clients’ sites remotely to determine their weaknesses, and then we advise them how to patch them up, catching problems before the hackers get to them,” Allouch says.
Fending off attack
“AppliCure’s solution is one of the few that can be installed remotely, meaning we save valuable time in resolving problems for customers.” According to Allouch, companies using AppliCure technology have been able to fend off attacks that have succeeded on other sites, based on the log files the company parses.
Israel is not the only victim of political hacking. “There are dozens of Chinese hackers who spend day and night hacking into South Korean sites, and it’s become a major problem there,” Allouch says.
Other favorite targets are Western European countries, and of course the US – with hackers coming from Russia, Iran, Venezuela, and of course Israel.
“These hackers are relentless, hammering away at sites in target countries day and night,” Allouch says, leaving them little time to make a living. Does this mean they are being funded by their governments – that China and Russia are paying hackers to attack the West? Allouch says it’s impossible to know, “but it’s entirely possible. The new hackers are well organized and highly skilled, and are much more dangerous than the ‘script kiddies’ who would try to break into sites – even super secure ones like the Pentagon – just to be able to say they did it.
“These hackers are interested in spreading mayhem and destruction wherever they can,” he adds.
Unsurprisingly then, Herzliya-based AppliCure, which was founded in 2004, and went public on the Tel Aviv Stock Exchange in 2007, has many clients in all the targeted countries.
Allouch knows what goes on inside the head of a hacker, because he used to be one himself. In fact, he says, he had to flee his native France when he was a kid in order to get away from the clutches of security officials who were after him. But he worked things out, and now he’s firmly on the side of “white-hat” hacking – using his skills to help protect sites, and to point out where they need help.
“This is a much better way to work anyway,” he says. “The white hat community helps those who seek to learn new skills, while the black-hatters are shunned among legitimate hackers.”
Meanwhile, he says, Israeli sites are in for a long bout of hack attacks by black-hat anti-Israel hackers. “Vigilance is the only way to prevent these attacks,” Allouch says – and his company is happy to help web sites raise their vigilance levels.