stinian Crackers Share Bugs by Carmen J. Gentile

2:00 a.m. Dec. 2, 2000 PST Palestinian supporters are using a combination of hacking tools and viruses to gain what appears to be the upper hand in the Middle East’s ongoing cyber war.

They are distributing the tools and viruses for destroying Israeli sites using a recently created attack site.

Visitors to the site are greeted with the message, "I swear that I will not use these programs on anyone but Jews and Israelis." The site comes complete with a list of directions on how to use the attack tools.

LoveLetter, CIH and the Melissa Virus -– along with 12 Word macro viruses –- form the arsenal for attacking Israeli sites.

Apparently, it's an effective system.

According to sources at iDefense, an international security firm monitoring the situation, pro-Palestinian hackers are using a variety of tools to orchestrate a well-organized attack against the 90 or more Israeli websites which have been hit during the conflict.

Ben Venzke, the director of intelligence production at iDefense, says it is hard to say for sure who is winning. But he does admit the pro-Palestinian hackers have "successfully impacted more sites."

"The pro-Palestinians have been much more aggressive in scope," said Venzke. "Instead of just targeting specific sites, they’ve been methodically working through all the .il sites, broadening their agenda."

Over 115 websites have been targeted by both sides for denial-of-service attacks, attempts to gain root access, system penetrations, defacements and a variety of other attacks. Many sites have been indirectly affected, due to the strain that the attacks have placed on the Net infrastructure in the Middle East.

The conflict began on Oct. 6, when pro-Israeli hackers created a website to host FloodNet attacks. Since then, both sides have sustained blows to vital-information and financial-resource sites such as the Palestinian National Authority site and the Tel Aviv Stock Exchange.

Sixteen tools have been identified as those actively distributed among attackers, with many others being discussed or suspected of already being deployed.

One such tool is called the EvilPing, believed to have been created especially for this war. The tool launches a "ping of death attack" that, when utilized by several users against the same target, crashes the system.

Then there is QuickFire, an attack tool that sends 32,000 e-mails to the victim from what appears as the same address. Used simultaneously by multiple attackers, the tool crashes an e-mail server.

QuickFire strength is that it does not relent, continually firing off thousands of e-mails until the server is shut down and the address blocked. It is believed to be the tool used for hack attacks on the Israeli Foreign Ministry site and its webmaster’s e-mail address.

A group called Hackers of Israel Unite originally used another popular tool called WinSmurf, which also uses mass pinging to bring down a site. Borrowing amplifying power from broadcast sites, the hackers send out pings that are boosted 10,000 fold, or more. According to the group, they were able to shut down Almanar.org using one computer with a 56K modem and an ADSL line.

According to Netscan.org, a site that provides a list of broadcast sites with an average amplification of times five, a dial-up user with 28.8 Kbps of bandwidth, using a combination of broadcast sites with an amplification of 40, could generate 1152.0 Kbps of traffic, about two-thirds of a T1 link.

"With tools like these, a 56K can become a powerful weapon and your bandwidth irrelevant," said Venzke.

Netscan.org creators call themselves a "small group of concerned network administrators who got fed up with being smurfed all day." But they recognize the fact that their site has become a hacking tool, as well.

Pro-Palestinians recently turned the tables by using broadcast-site attack tools against Israeli sites. Although the leaders in the war -- groups such as UNITY, dodi and G-Force Pakistan -- remain in the limelight, many previously unknown hackers are taking the cyber war to another level.

According to Venzke, hackers are making moves to gain root access to Israeli computers and servers. "Root access is the ultimate possession, it means doing whatever you want with a system," he said.

In essence, a hacker who gains root access control of a computer can scan, delete and add files, use it as an attack tool against others, and even view and hear users whose computers are equipped with cameras and microphones.

With no end in sight to the Middle East cyber war, talk of targeting U.S. interests on the Web has been popping up in chat rooms and IRC channels frequented by pro-Palestinian hackers.

Recent aggression against Lucent.com, coupled with last year’s hits on cnn.com and other mainstream sites, has many high-profile companies watching their backs for the next wave of attacks.

Hackers like dodi have come out and said that the current war isn’t just against Israeli, but the U.S. as well. But Arab activists such as Mustapha Merza believe the American media continues to portray Arabs as terrorist aggressors, even in cyberspace.

Merza is the webmaster for Arabhackers.org, a meeting place for Arab computer buffs to chat and exchange views. He says that the media and government are biased against Arabs and openly supportive of Israeli interests.

"The irony of the matter is that the times (that) U.S. government sites were targeted by Israelis are way more numerous than those times they were targeted by pro-Palestinians," Merza said. "Yet the American media fail to identify its real perpetrators and victimizes the Arabs as usual."

For its part, the National Infrastructure Protection Center -- a division of the FBI concerned with cyber warfare, threat assessment, warning and investigation -- lists both Israeli and Arab sites that promote the cyber war.

http://www.wired.com/news/politics/0,1283,40449,00.html

-- Martin Thompson (mthom1927@aol.com), December 02, 2000