Mideast hackers may strike U.S. sites, FBI warns

[InfoSec News <isn () C4I ORG>]

Forwarded by: Eric Wolbrom <eric () shtech net>

http://news.cnet.com/news/0-1007-200-3359667.html?tag=st.ne.1007-203-3359667..ni

By Erich Luening
Staff Writer, CNET News.com
November 2, 2000, 4:00 a.m. PT

Middle East violence is fueling an online cyberwar as hackers from
both sides of the conflict threaten government and business Web sites
in the United States, according to the FBI and industry experts.

The FBI has warned that the recent email flooding and so-called
denial-of-service attacks that shuttered and defaced both Israeli and
Palestinian Web sites in the last month could "spill over" to the
United States.

"Due to the credible threat of terrorist acts in the Middle East
region, and the conduct of these Web attacks, (Internet users) should
exercise increased vigilance to the possibility that U.S. government
and private sector Web sites may become potential targets," said a
recent advisory from the FBI's cybercrime unit, the National
Infrastructure Protection Center.

Fairfax, Va.-based iDefense, which has been monitoring the
cyberattacks by pro-Palestinian and pro-Israeli groups, said the
activity has paralleled the increase in tensions and violence on the
ground.

At least 24 sites have been hit by pro-Palestinian attackers, and at
least 15 sites have been hit by pro-Israeli attackers, according to
iDefense.

"This is the first instance we have seen the traditional terrorist
organizations, like Hezbollah and those with ties to (suspected
terrorist Osama) bin Laden, have actually taken part in this type of
activities," said Ben Venzke, director of intelligence production at
iDefense. "These same organizations are disseminating messages to get
funds for both terrorism and hacker campaigns.

"It is important to understand that any company that is perceived with
having any ties or connections to Israel are going to be attacked,"
Venzke added.

Among those hit were the sites of the Bank of Israel, the Israeli
Prime Minister, the Tel Aviv Exchange Market and the Israeli Foreign
Ministry, Venzke said. Palestinian sites have included those of the
Palestinian National Authority--the official Palestinian government
body--and the Palestinian organization Hamas.

The cyberwar, dubbed "E-jihad" by pro-Palestinians, was sparked last
month by the violence in Israel. More than 150 people, most of them
Palestinian, have died in clashes over the past five weeks.

The FBI said the method of attacks against Israeli Web sites included
automated email floods and high volumes of coordinated requests for
Web services by pro-Palestinians. Some of the documented email attacks
are believed to have involved customers of free Web-based email
providers Yahoo and Hotmail.

Venzke could not give an exact profile of the typical hacker taking
part in the current attacks, but he did say his company is aware of
both sides having extensive recruitment campaigns at hacker
conventions and on university campuses.

"In the near future, there will be a great number of people within
these organizations with just technical training, separate from those
with military training," he said.

There has been at least one threat by a pro-Palestinian hacker to
carry out distributed denial-of-service attacks, iDefense said.
Current actions by both sides run the full spectrum from system
penetrations to more sophisticated tactics.

While the FBI said there have been no indications that any specific
U.S. Web sites have been or will be targeted, iDefense warned that
prime targets may include U.S. government agencies and private
companies.

"In the event that either side more actively utilizes viruses or
Trojan horses, it is unlikely that infections will remain confined to
their intended targets and are likely to pose problems for users
around the world," iDefense said. "Sympathetic hackers and others
around the world are likely to begin offering their services and
jumping into the fray as the high-profile nature of the conflict
continues to grow."

The FBI has recommended certain security steps for government agencies
and private businesses. Security officials should be prepared to take
appropriate steps to prevent email flood attacks, block source email
addresses in the event of a flooding, and ensure that appropriate
patches are installed to operating systems to limit vulnerability to
other denial-of-service attack methods.


____________________________________________________________________
Eric Wolbrom, CISSP                     Safe Harbor Technologies
President & GCD                         106 Corporate Park Drive
Voice 914.644.6060 ext. 6000            White Plains, NY 10604
Fax   914.644.6050                              http://www.shtech.net



We are here to help you keep your communications yours!!!
_____________________________________________________________________

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".