Today's News
ELAL 800×100
Peerles 800×100
S&P 600×100
Community Sports 800×100
Shlomo Artzi 800×100
Israel Bond RRSP Jan 2017
S&P 600×100
ELAL 600×100
Shlomo
Photo: CIJnews

Cyber-attacks against Jewish and Israeli sites planned on April 7

The hacking group anonymous, and in particular a Palestinian off-shoot of the organization are already in the midst of heated discussions, on various online forums, their intent to proceed with the annual campaign of attacking Jewish and Israeli websites and other related digital assets beginning Friday April 7, 2017. The annual campaign which originally dates back to 2013, became an annual event as part of the Palestinian offensive against Israel, Jews and Zionism or any entity believed to be affiliated with Jews.

Back in 2016, anonymous has claimed to take down 54 Israeli government sites, and a number of other businesses that have been identified has either owned by Jewish organizations or somehow believed to be affiliated or somehow sympathetic to Israel.

This year too, April 7th should be treated as an opportunity to educate people and businesses as to the impact cyber-attacks can have on an economy extremely reliant on the Internet, 24×7 connectivity and associated data that such websites may contain.

In reality, the majority of successful attacks are as a result of outdated software, the use of easy to guess passwords or poor overall technology infrastructure design.

The attackers in this particular instances are looking for websites that they can breach easily, and within the 24-hours they have designated for such a campaign, and one they refer to with the hashtag and title #opIsrael. Various underground forums have been setup for the attackers to post their achievements so that they can be praised by their peers.

The focus of the attacks is to corrupt or bring down targeted websites. This is called a Denial of Service (DoS) and Defacing attacks. Attacked websites either cease to operate due to the amount of traffic they experience or the attackers may gain access to the website administrative control panel and upload their political web pages thereby overwriting their original content. It has also been observed that in some instances, the attackers forego any political messaging whatsoever and instead opt to upload nothing more than pornographic content, likely in an attempt to discredit the victim.

This initiative is not driven primarily by greed, but rather by political ambitions, thus the more websites that can be defaced or breached the higher ranking the particular attacker will receive among their peers.

Typical praise on underground forums would look like the following:

It is important to note that some attacks have in the past continued until the end of April although the frequency and participation rates have declined rapidly post the April 7 date. This year, April 7th falls on a Friday, which means that the attackers can take their time and continue attacks throughout the weekend with relative ease, therefore it is expected that the majority of attacks will take place April 7th to the 9th.

Anonymous Hacking groups have claimed in the past that they have hacked hundreds of websites, thousands of PayPal and Email accounts. It is therefore advisable to ensure appropriate activities are taken to increase the security of your accounts.

Follow these relatively simple rules to improve your online security:

  • Ensure you are running the latest software on your websites – outdated software is usually vulnerable to attacks
  • Change your online passwords – use passphrases rather than an 8 character (or less password). It is far more difficult to attack a long passphrase (e.g. mypasswordisnoteasilyguessableonmondays) versus a short password such as: password123. Secure your administrative account credentials on a regular basis (at least every 90 says).
  • Do not use the same passwords for different services
  • Install appropriate security devices and software to protect your business (e.g. Firewalls)

In addition, it is highly advisable that if your online presence is significant enough that you conduct an in-depth security assessment using a reputable cyber-security firm as there are a number of complex forms of attack vectors that may apply to your business.

ELAL 600×100
Buzaker 600×100
S&P 600×100
Israel Bond RRSP Jan 2017

About Ed Dubrovsky

Ed Dubrovsky
Ed Dubrovsky is a leading cybersecurity expert, CISO, speaker and university educator. Ed is frequently found working on securing critical information assets and systems such as critical infrastructure (power grids, water treatment facilities) and businesses. Ed can be reached at [email protected]

Send this to friend