INTERNATIONAL LANGUAGE ICON

OPISRAEL – The annual cyber attack that is driving Israel crazy

OPISRAEL

OpIsrael Cyber Attack

Operation Israel refers to a series of cyber attacks that occur each year in early April, and are carried out by pro-Palestinian hackers, who identify as part of the Anonymous group.

History of OpIsrael attacks

2013-

The first attack began in 2013 and was planned for Holocaust memorial Day – April 7, 2013. The website of the “Bigger Than Life” organization, which accompanies families whose children are diagnosed with cancer, was attacked and its home page was vandalized with antisemitic and anti-Israel messages. Other sites such as Yad Vashem, the Ministry of Defense, the Election Commission and the Ministry of Foreign Affairs were shut down for several hours.

The attack was also accompanied by false reports published by the hackers, including damages worth 5$ billion allegedly caused.

 

2014

A group of hackers calling themselves “Anonymous-Arab” announced a denial of service attacks against Israeli websites. E-mail addresses and passwords belonging to the Israeli Export Institute were also published, according to the attackers. The Export Institute stated in response that this is an old list of addresses that can be easily found on the website and that the passwords published are incorrect. In addition, a list of more than 1,300 e-mail addresses from various sources combined with passwords was published, and users were advised to change their passwords following the attack.

 

2015

On March 29 pro-Palestinian hacker organizations that belonged to the international hacker group, Anonymous announced a cyber attack that would also be coordinated on April 7 of that year. The attack came in response to Operation Resilient Cliff.

As part of the threat, the spokesman announced that they intended to bring down military and government sites on the day of the attack.

In the days leading up to the attack, Meretz, a left-wing party, experienced a hack that transformed their website homepage and implanted pro-Palestinian messages. 

 

The main attack came on April 7, 2015, during which personal details such as e-mail accounts, credit card numbers and Facebook accounts were leaked, most of which are inactive or incorrect. The sites mainly affected by the attack were musicians’ official sites and a few others. 

 

Types of OpIsrael attacks

 

Ransomware

Popular among hackers and involved in 22% of all cyberattacks, a ransomware attack begins with the installation of malicious software. This malware is designed to lock our data and hold it “captive” until the hacker’s demands are fulfilled. The malware can encrypt the information or lock our device, thus preventing us from access. 

Bad Rabbit ransomware

There are several types of ransomware:

Encryption- This type of malware locates files that seem important to the user – texts, documents, images, PDFs and more. It encrypts the information, thus preventing access to it.  When the victim is an individual, the ransom usually amounts to several hundred dollars, and the requirement includes a transfer of the payment up to 72 hours, otherwise, the data is permanently deleted.

Lock- When the user is locked out of the device, and the ransom message appears on the screen.

Scareware- Perhaps the most cynical of them all, this attack mimics software that scans for security issues, such as antiviruses, and alerts us of critical findings. The error messages that appear to detect faults mimic legitimate antivirus software, and give a sense of reliable source by providing the IP address and geographic location information, or using the names of reputable and trusted companies. Afterward, access is denied until the victim allows the malware to repair these issues, for an additional fee. 

DoxWare- Ransomware that threatens to leak victims’ data to sites on the Dark Web. the attacker might sell this information or leak it to sites for free. 

Utilizing security vulnerabilities in websites

Exploiting security vulnerabilities in websites in order to infiltrate databases that contain sensitive information such as usernames, passwords, email addresses, residential addresses, and credit card information.

XSS attack-  This attack uses vulnerabilities in websites based on java scripts, which is basically any website these days. Javascript is a very powerful language, however, it can be easily vulnerable if not configured correctly. The language uses characters such as / sign to mark the end of a command. If not properly configured, the javascript can read a malicious code injected into it and run it. 

 

SQL injection

SQL is very similar to its predecessor, the XSS,  only it tries to retrieve information from the site’s database. The SQL attack also injects code into sensitive places on the site for example form fields and search fields, and when performed on an unprotected site can retrieve information from the site database such as usernames and passwords.

 

 

DDOS service denial

An attempt to make an Internet service – like a website – unavailable to its users, usually by temporarily disrupting the server on which the site is located. There are many types of DDoS, but the essence is flooding the site and its server with malicious traffic that will cause it to shut down due to overload, sometimes by using many devices that were once hacked and exploited without the knowledge of the device owner. Hackers have been perfecting these attacks by using AI (artificial intelligence). But not all is bleak in our future, and artificial intelligence can be used to look for the vulnerabilities of the systems, especially if there is a large amount of information.

 

SMS and panic calls

Events of this kind are intended to cause the public to panic, during OpIsrael 2015 SMS messages were sent to a large number of Israelis.

Website Corruption

Replacing the home page of a particular site with a low level of security. Instead of a proper home page, there will be abusive sentences, political slogans, or any other message that a hacker wants to convey.

Share on facebook
Share on twitter
Share on whatsapp
Share on linkedin

View Free
Pen Test Report

מבדק חדירות רדאנטרי

Latest Cyber News

Start Your Path Towards a
Safer Cyber-World

בואו לקבל דו"ח לדוגמא
של בדיקת חדירות

מבדק חדירות רדאנטרי

העדכונים האחרונים
בעולם הסייבר