Israeli Intelligence Hacks Back Against Anonymous

Dating back to 2013, every April 7th Anonymous launches an all out blitz on various websites, systems and servers attached to the Israeli Government in protest of their illegal occupation of Palestinian land. The Operation is known as #OpIsrael and is primarily lead by a group of hackers known as RedCult, one of the most well known splinter groups of the Anonymous hacker collective.

Their attacks are no secret, in fact they are widely publicized across the internet for weeks in advance every year and this year is no different. For example, here is the 2017 release for #OpIsrael currently circulating around YouTube – a much simpler message than years past:

If you hadn’t guessed by now, the Israel Government is also well of Anonymous’ actions and as these attacks have evolved over the years, so too has Israel’s strategy to defeat it. For example, last year the Israel Government released a preemptive statement towards Anonymous in The Times of Israel, warning that Israeli authorities were “prepared for all forms of aggression.” Adding that “Israel is well-protected” and would track down any perpetrators.

The writing is on the wall though, despite being “prepared” for the yearly cyber attack, hackers took down 54 websites associated with the Israeli Government and a group known as GhostSquad managed to hack into Israeli Government servers, leaking 10,000 personal email addresses, 8,00 phone numbers and over 1,000 social media accounts belonging to members of Israel’s Defense Force – including pilots known to have conducted bombing raids on Gaza in 2014.

In light of last years epic fail, it appears members of Israels Defense Force are trying to take a more proactive approach to the problem this year. As reported by Roi Perez of SC Media, “unknown” assailants are disguising a Remote Access Trojan (RAT) as a popular Denial of Service (DoS) tool being market for use in conjunction with #OpIsrael.

According to the report, the RAT was first identified by Digital Shadow, leader of Ghostsec, whom claims to have personally observed two versions of the RAT over recent weeks – one for Windows devices and another for Android. In an official statement made available to Mr. Perez, Digital Shadow stated:

These findings suggest that the actors responsible for these tweets have sought to use Anonymous collective imagery and hashtags to socially engineer supporters of OpIsrael to compromise their machines. While the nature and objectives of the actor(s) responsible for this campaign are not known, opposing pro-Israel campaigns such as OpIslam, often emerge to counter OpIsrael.

Therefore while it is possible that this distribution campaign was the work of an opportunistic criminal actor, we also assessed it to be plausible that it was part of an attempt by pro-Israeli actors to compromise the machines of OpIsrael participants. If this is the case, it would indicate the possibility that the actors responsible for this distribution campaign might use it to act against OpIsrael participants prior to 7 April. It remains to be seen whether evidence of such targeting will emerge.

For all you N00bs out there, Digital Shadow is no small contact to be quoting. At one point in 2015 and early 2016, Digital Shadow was deemed by many to be one of the worlds best hackers, leading the most well known hacking group in existence at the time – Ghostsec, in their fight against the Islamic State.

In all due respect though, I have never seen #OpIslam used to disseminate pro-Israel material. I have seen #OpIslam used as a platform to combat Islamophobia, raise awareness about the religions practitioners (not trying to convert people) and generally promote peace between all religions and peoples.

Categories: Hacking News

%d bloggers like this: