Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack
War of words and hacked websites continues, even as the Palestinian territories receive upgraded state status from the United Nations.
In the wake of the eight-day war between Hamas and Israel in the Gaza Strip -- halted last week after a mutually agreed ceasefire -- a majority of the United Nations General Assembly voted Thursday to elevate Palestine from a U.N. "entity" to a "non-member observer state." The vote passed despite strong opposition from the United States and Israel.
In the online realm, however, despite the ceasefire and U.N. vote, related skirmishes have continued without stop, with hacktivist supporters from both sides continuing to knock websites offline and release sensitive information.
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
White PapersMore >>
Notably, Anonymous -- as part of its Operation Israel (OpIsrael) campaign -- announced Thursday that it had hacked the Debka news agency in Israel, and released login email names and passwords -- all in plain-text format -- for 91 of the site's users.
"We have managed to hack their systems and acquire highly sensitive information, including employees' and authors' personal information, labs details and of course their subscribers," according to the Anonymous statement, which was released via Pastebin. "For now, we [will] only release [a] portion of what we have got."
That data breach followed the online release, earlier this week, of the email addresses for 167 people who are allegedly connected to Israel's nuclear weapons program. The data was apparently stolen from the U.N.'s International Atomic Energy Agency (IAEA), which is currently investigating Iran's nuclear program. A never-before-seen hacking group, Parastoo -- which in Persian means "swallow," as in the bird, and is a popular female name in Iran -- claimed credit for the breach, which it said involved an IAEA server located in Vienna.
[ Izz ad-Din al-Qassam Cyber Fighters resurface. See U.S. Bank Attackers Dispute Iran Ties. ]
"You will be hearing game changing news from us frequently from now on," the group said via Pastebin, signing its message with a variation on the Anonymous hacktivist-collective's "We are Anonymous" tagline: "You are not anonymous. Expect us."
The IAEA has confirmed the data breach. Spokeswoman Gill Tudor told Reuters that the data was stolen from "an old server that was shut down some time ago," said that the agency "deeply regrets" the incident and noted that the vulnerability exploited by attackers has been mitigated.
"The IAEA's technical and security teams are continuing to analyze the situation and do everything possible to help ensure that no further information is vulnerable," she said.
The ceasefire between Israel and Hamas, signed in Cairo, took effect on November 21, thus putting an end to eight days of conflict, including Israeli airstrikes, that the U.N. estimates resulted in the death of 158 Palestinians -- including 103 civilians -- as well as 1,250 being injured. Meanwhile, four Israeli civilians, as well as two soldiers, were reportedly killed by Palestinian rocket fire, and 224 Israelis were injured.
In the wake of the ceasefire, however, supporters from both sides intensified their distributed denial of service (DDoS) attacks against each other. Matthew Prince, CEO of CloudFlare, which helps businesses defend against DDoS attacks, told Wired that while the identity of the attackers remains a mystery, his company has recently signed up as customers 10 "fairly high-profile" websites from both sides of the conflict that were hit with DDoS attacks. He said the pace of DDoS attacks noticeably increased in the hours after the ceasefire was signed.
A security information and event management system serves as a repository for all the security alerts and logging systems from a firm's devices. But this can be overkill for a company that is understaffed or has overestimated its security information needs. In our report, Does SIEM Make Sense For Your Company?, we discuss 10 questions to ask yourself in determining whether SIEM makes sense for you--and how to pick the right system if it does. (Free registration required.)