Saturday, June 05, 2010

Pro-Gaza hackers target Israeli websites

When it comes to website hacking, the Turks seem to be consistently at the top of the pack. This is mostly because their government tolerates their activities with little regard for international law. The oldest and most complete collection of website defacements is Zone-H, a site run by Roberto Preatoni that tries to document defacement activity by archiving the defaced websites. Defacement rates are rising, with a typical day seeing between 1500 and 3000 defaced websites, with a large number of these by Turkish defacement groups.

After various protest groups chose to stage a so-called "Freedom Flotilla" protest and attempt to deliver supplies to Gaza despite the well-known Israeli blockade. As YNet News reports:
The deputy head of Israel's mission to the United Nations, Dan Carmon, told the Security Council, "Although portrayed in the media as a humanitarian mission delivering aid to Gaza, this flotilla was (not) a humanitarian mission. If indeed it were a humanitarian mission it would have accepted, weeks ago, during the planning stages, the offer by the Israeli authorities to transfer the aid, through to the port of Ashdod, to Gaza through the existing overland crossing, in accordance with established procedures. Many states and organizations, including the UN, are using those mechanisms on a daily basis.


This interpretation of events is backed up by the IDF's YouTube channel. The Israeli military has been using YouTube to spread the official version of various contested events for more than a year, justifying their military actions by showing video of smuggling, rocket attacks, and other activities.

The nine demonstrators killed on the Mavi Marmara, a Turkish flagged ship, and eight of the nine killed were Turkish citizens. This is a guarantee that the various Turkish hacking groups will respond, and bring the cyberforces of Islam to bear on any website that ends in a ".il".

As you'll see below, although the Turks may have started the cyber protest, it has spread throughout the Islamic world, including Moroccans, Indonesians, Yemeni, and others.

Website Security and YOU


Some people say we are "glorifying the hackers" when we talk about their defacements, or "just giving them what they want" meaning publicity.

I'd like you to think, dear reader, as you look at these sites below about a different message. IF YOUR WEBSITE IS NOT SECURED, criminals, activists, terrorists, script kiddies, and phishers can break into your website and use it to spread whatever message they want.

Think about one of these images being associated with the name of YOUR COMPANY or YOUR ORGANIZATION.

How do you review your website security? Is someone reviewing your log files regularly? Do you have a mechanism to review statistics about your server? Would you even know it if someone added a page like one of those below to your server?

Yes, there is a cyber protest going on, but try not to think in terms of Israeli-Palestinian-Turk. Think in terms of hackers and YOU.

The Current Conflict


Here are a few of the SEVERAL THOUSAND websites defaced since those actions went down, and a few notes about some of the defacers that are attacking them.

Islamic Ghosts Team


srudi.co.il was hacked by the Islamic Ghosts Team, with the typical poorly structured English messages:

Who are the rightful terrorists in this world !!!!
Be sure that the whole world has become known the real Terror
./ Islamic Ghosts Team


According to Zone-H, the Islamic Ghosts Team has hacked more than 6800 websites, with many dozens in the past few days being this attack against Israeli sites. Of course they are also still attacking the government of Mexico.

They include the official graphic of this "campaign", which I'm linking to from its regularly used site at espacetunisien here:



They also have other far more disturbing images on recent defacements, many featuring a ripped burning Star of David Israeli flag.

Ma3str0-Dz


Algerian Hacker, Maestro-DZ, hangs out on the website Sec4ever.com and uses a german hotmail account - o5m@hotmail.de. Maestro-DZ has hacked more than 5,400 websites, including 390 Israeli sites.

His defacement yesterday of the Weissman Law firm demonstrates his foul mouth and poor english, along with this graphic:



He's been doing anti-Israeli website defacing since at least October 2009, when he did a defacement "For the Kids of Gaza" by hacking ballas-eng.co.il.


Jurm-Team (RealFaciaXXX)


If that name sounds familiar, it should. Jurm has been a member of several very high profile website defacement groups. He's invited to quite a few "All star" parties. His current team mates, Jurm, Dr.Noursoft, RedDoom, and Kingofp4 are hiding behind a group hotmail account, Jurm-Team@hotmail.com and using their defacements to show a video of Israeli atrocities.

Jurm and friends are "Moroccan Hackers" according to their defacements.
RealFaciaXXX must have just joined the team. His "For Palestina" hacks have not mentioned Jurm before yesterday, and most recently show an Arabian-head-garbed man with a shoulder launched missile facing into the camera.

1923Turk


Many Turkish hackers prefer to post their defacements on "Turk-H.org" instead of Zone-h.org. Looking over there briefly, there are many additional defacements not indexed on Zone-H. One of the more confusing groups is 1923Turk. This group's members post defacement stats using the common name, but actually have dozens of individual hacking groups that are assigned to different "missions". For example, one defacement claimed by "1923Turks" today is www.gerontology.org.il, but the defacement itself says it was committed by "Hackspy & Hate", two hackers who are members of a 1923Turks squad consisting of members, ÖlüM - xoxmemo - HaCkSpY - Devil_Boy - LegendSemih - TheEnd - Deadly - HaTe - Hydr4 - LifeOrDeath. The Team leader is usually listed first, but any of the members can do a defacement as long as the team leader is listed and the credit is given to the 1923Turk group.

Many of the current 1923Turk defacements use this image:


(Potentially offensive image: Click to see)

The 1923Turk group actually has more than 45,000 members, including 2600 new members during the past 30 days. They aren't all hackers - they have many groups dedicated to "patriotic" security of all sorts, including helping Turkish citizens getting malware off their computers. There are thousands involved in hacking though - some assigned exclusively to hacks against the PKK, and others to various "enemies of Islam", in teams divided by the country they are targeting. Some of their forums are Turkish culture, computer programming, and Islamic education forums as well.

1923Turk is an homage to "the Ataturk", Mustafa Kemal. Although he is credited with ruling the first secular Turkey, beginning after World War I, the Ataturk is celebrated by these young hackers for his ability to have multiple religions living "at peace" with one another. They claim we need to return to this style of tolerance shown (at least in their twisted memories) by the Ataturk. (I actually read an enormous biography of the Ataturk to help me understand these guys - Ataturk: the Biography of the founder of Modern Turkey, by Andrew Mango - very helpful and interesting!)

Team Hitman Hacker


This team, consisting of Yemeni hacker Mr.NSR (oi3@hotmail.com) and Moroccan hacker, RaYm0n (n5b@hotmail.com) has posted a portrait of Hitler on various Israeli websites. The words on the Hitler poster are in Arabic, and I'm not sure yet what they say.

Team Hitman has defaced 8,700+ websites, including well over 100 Israeli sites in the past 48 hours.

Their current defacement technique is actually a redirect-injection that takes the visitor to RaYm0n's website:

http://raym0n.com/fuck-il.html

Raym0n's WHOIS data says his email is "w_@hotmail.fr"

He hosts his anti-Semitic content at "club4hosting.com"

BobyHikaru


Each new cyber protest acts as a recruiting event for new script kiddies. One of the new comers this time is BobyHikaru, who calls himself a member of the "Indonesian Hacker Team" and lists a website Devilzc0de.org on his defacements, along with this graphic:



In his spare time, Boby hacks the government of Indonesia. he's only hit less than 100 sites in his entire career.

Turkish Hacker, AKINCILAR, has also picked up this graphic, and added his own art to the bottom of it for use in defacements, such as this one:

http://yygranot.co.il/gallery

H4X0R-x0x


Another Indonesian hacker, with only 90 website defacements, has joined the cause, hacking a design school in Israel showing a metallic skeleton bursting through a bloody Israeli flag with his middle finger extended, and calling to "Stop War in Gaza"

Arumbia Team


The "Arumbia Team" (never heard of them) has also hacked an Israeli law firm and a half dozen other Israeli websites. They list 18 members, probably mostly Indonesian.

In Conclusion


No conclusion yet. This thing is just getting started. This morning's news had several references to synagogue websites in other parts of the world being defaced, most notably in Massachusetts by "Pintu Maya Team", although this seems to be a case of a very widely spread story originating from a single report. I can't find an archive of the actual defacement, and have never heard of Pinta Maya Team. If anyone knows a forum or website where they hang out, let me know . . . gar at uab dot edu

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.