After the Cease-Fire in Gaza, Will the Cyberwar Continue?

  • Share
  • Read Later
ALESSIO ROMENZI FOR TIME

A Hamas government office is seen from a nearby building after Israeli air strikes in Gaza City on Nov. 21, 2012

You didn’t need to be a Middle East specialist to understand that something was seriously off-kilter early on Wednesday when Israel’s Vice Prime Minister Silvan Shalom displayed a “Free Palestine” photo on his Facebook page and wrote on his Twitter feed, “FREE PALESTINE! END THE OCCUPATION!” No fan of Hamas, Shalom was the latest target in a hacking campaign that has raged through eight days of actual, lethal warfare in Gaza. Shortly after the postings on Shalom’s sites, the tech website Gizmodo announced that Anonymous, the hacking activist group, had finally “swallowed a big fish,” having threatened days earlier to turn the Gaza conflict “into a cyberwar.” “Pretty embarrassing for a high-ranking official!” Gizmodo writer Casey Chan wrote.

In a measure of how drastically the Internet has changed since the past Gaza war in 2008, this week’s conflict has been marked by a blitz of tweets and Facebook posts, in which tit-for-tat fury has spewed forth, second by second, minute by minute, from both sides. The Israel Defense Forces (IDF) spokeswoman Avital Leibovich has kept a running commentary on her Twitter feed, some signaling supposed successes like the attack on Wednesday against an underground rocket launcher, as well as more ominous messages, like one late on Tuesday night, warning the large contingent of journalists currently in Gaza to “stay away from Hamas operatives and facilities,” since the organization “will use you as human shields.” Hamas’ military wing, the al-Qassam Brigade, has kept up a similar stream on Twitter, with both claims of attacks and details of their weaponry and a snide retort on Tuesday night, warning Israelis to stay clear of IDF personnel. Still, much of the tweeting has been left to Hamas sympathizers, as well as to activists like Anonymous, which vowed on its blog last week to make “November 2012 … a month to remember for the Israel Defense Forces.”

(MORE: Who Won in Gaza? Body Language and the Cease-Fire)

And yet, while the hacking of Shalom was perhaps “embarrassing” — the Israeli officials’ Twitter feed was still spitting out pro-Palestinian messages early Wednesday afternoon — it has hardly been the cyberwar that Anonymous promised. Instead, tech analysts, including in Israel’s, say the hacking campaign has exposed the activists’ technological weaknesses, while at the same time alerting them to more sophisticated cyberattacks against Israel. It is those attacks — some originating from as far away as Iran — that Israelis, by their own admission, could find far tougher to stop.

Take one example: last Saturday a computer virus hit the e-mail account of an IDF communications officer, effectively allowing hackers to control it, and then to use it to send infected messages on whichever contacts were listed in the computer. With no outward sign that one has been hacked — in contrast with Shalom’s patently fake postings — the virus can go undetected for a while. In fact, it was uncovered by chance, when Jonathan Klinger, an Israeli Labor Party politician, wondered whether an innocuous-looking attachment describing Hamas’ rocket attacks on Israel might in fact be malware, or malicious software. Klinger approached Seculert, an Israeli computer-programming company, to examine it. Indeed it was. “You get the article opened, and in the background the virus starts working,” Aviv Raff, Seculert’s chief technology officer, tells TIME by phone from Tel Aviv. “It allows the attackers to take control of the machine.”

Raff was not surprised. Earlier this year Seculert tracked a stealth virus called Mahdi, which seemed to have been created by technicians at the Islamic Azad University, a chain of private institution headquartered in Tehran. The so-called spear-phishing attacks were dropped into normal-looking documents (the one Seculert tracked was mentioned in a Daily Beast story concerning Israel’s own cyberwarfare), allowing hackers to target specific computer accounts, including those of “infrastructure companies, financial services and government embassies.”

(PHOTOS: A New Gaza War: Israel and Palestinian Militants Trade Fire)

According to Seculert’s description of how it discovered the virus, Mahdi targeted key accounts within Israel, although Raff says he believes it might have been created largely to monitor the online activists of dissidents within Iran itself. Even more worrying for Israel was the Iranian-made malware called Flame, which was uncovered this May by Kaspersky Lab, the computer-antivirus company in Moscow, working on assignment for the U.N.’s International Telecommunication Union. Described as “a backdoor Trojan,” Flame multiplies itself as it spreads, targeting entire computer systems. In an e-mail to TIME on Wednesday, Kaspersky Lab said the malware is “programmed to steal valuable information from infected machines, including computer display contacts, information about targeted systems, stored files, contact data and audio conversations.” The worst-hit countries, it says, have been, in order: Iran, Israel, Syria and Lebanon.

Israel, of course, is all too familiar with the strategy. The Stuxnet computer worm, uncovered in 2010, seemed to have been designed specifically to try to disable Iran’s nuclear operation and — though still not officially confirmed — is thought to have been built by Israeli and American engineers.

But fighting off the new kind of cyberwarfare might not be easy — even for a country with superb technicians like Israel. Raff says he believes Mahdi might be active in the current Gaza conflict, as hackers attempt to disrupt Israel’s military. Indeed, both Mahdi and Flame might have existed for a while, without notice. “Any company or government can be infected, even if they use the most sophisticated defense solutions,” he says. “Mahdi went under the radar for months, or years, until it went public. The main problem isn’t how to defend against it, but how to detect it as soon as possible.”

By contrast, the more visible hacking blitz by Anonymous this week is brushed off by some analysts as a nuisance, rather than as a serious threat to the IDF. When Chan posted his news about the group’s takedown of Shalom, a reader shot back sarcastically, “Oh that will hurt Israel so bad, their whole missile dome defense system will come down now!” Even Gizmodo staff writer Sam Biddle admits this week’s Gaza conflict has made Anonymous look ineffective and foolish. “It had some swagger at first. But as the days go by, we’re seeing a weak, confused Anon, not a group of Internet freedom fighters,” Biddle wrote on Monday. Far from cyberwar, he said the group’s Gaza campaign had targeted thousands of Israeli mom-and-pop business websites and dumped 2,000 e-mail addresses of Israeli “ordinary nobodies.” Biddle said Anonymous’ ineffectiveness has a clear reason: many truly dangerous hackers are lying low or have been arrested. “Anyone with the brains and bravery to do something like hack a major government military contractor … is either in the hands of the cops, or afraid of winding up there,” he said. Unless, of course, those brains and bravery reside in Tehran.

MORE: How the Gaza Truce Makes Egypt’s Muslim Brotherhood a Peace Player