Israeli, Saudi Hacker Battle Escalates

After several days of credit card breaches and payback hack attempts, Anonymous chimes in, purportedly releasing access credentials and URLs for Israeli industrial control systems.

Mathew J. Schwartz, Contributor

January 11, 2012

3 Min Read

A war of words and website hacks is escalating in Israel over the purported hack of credit card data by a hacker from Saudi Arabia.

Last week, a hacker known as xOmar 0, who claimed to be part of the Saudi hacking group Group-XP, released credit card numbers and other sensitive information he'd stolen, saying it affected 400,000 Israelis. The Israeli banks affected, however, said the total number of people involved was only about 14,000.

The hack led Israel's deputy foreign minister, Danny Ayalon, to declare Sunday that such breaches of Israeli cyberspace should be treated as terrorism, and would be grounds for Israel to use its cyber strike-back capabilities. "No agency or hacker will be immune from a response," said Ayalon.

[ Could cyberattacks take utilities offline? See Feds Seek Stronger Security For Power Grid. ]

In retaliation for the Group-XP hack, a group of Israeli hackers said Monday that they'd hacked into multiple Saudi e-commerce websites and stolen credit card details on thousands of customers. "At the moment, we're holding on to the information and waiting for the right moment to publish it," according to a statement released by the group. But it said that "if the leaks continue, we will cause severe damage to the privacy of Saudi citizens," reported China Radio International.

By Tuesday, however, Ayalon's warning against anyone who hacked Israeli organizations had led a group of self-described Arab hackers--one hailing from the "Gaza HaCKeR Team"--to deface Ayalon's personal website Tuesday with protest images, reported China's official Xinhua news service, based on an interview with Ayalon's media advisor, Ashley Perry. Perry said the non-defaced site was restored in less than an hour.

Interestingly, the Israeli credit card details may have been stolen by a 19-year-old hacker who's not from Saudi Arabia, but rather the United Arab Emirates, and who's now based in Mexico and works in a cafe when he's not studying computer science at a local university. At least, that's the theory of Israeli blogger Amir Fadida, reported Haaretz Newspaper in Israel. "The not-so clever hacker, to put it mildly, made many mistakes," said Fadida on his blog, detailing how he'd traced the attacks back to an individual based in Mexico.

In other Israel-related information security news, an Anonymous and AntiSec affiliate Tuesday purportedly released password details for 10 Israeli supervisory control and data acquisition (SCADA) systems. A Pastebin post purporting to be "from Anonymous with love" listed the URLs of what it says are 10 SCADA systems based in Israel, and said that they could be accessed using default credentials, with the password in question being "100." While the veracity of that assertion couldn't be fully verified, at least one of the provided IP addresses resolved to an Edimax wireless broadband router that listed its default credentials on the log-in screen, and which appeared to be located near Tel Aviv, Israel.

In terms of authenticity, a tweet from the Twitter account of TheRealSabu, aka the former leader of LulzSec, had instructed his followers to watch the Twitter channel that was used to publicize the attack, not long before a link to the Pastebin post was publicized.

Unauthorized access to SCADA systems is a concern, because such systems can control dangerous or sensitive manufacturing environments, ranging from chemical centrifuge controls and nuclear power stations to water utility treatment plants or prison cell doors. From a security standpoint, numerous SCADA systems have been built with hardcoded--and publicly known--access credentials. While that's useful from a safety perspective, for example if there's a plant accident and the control system must be quickly accessed and disabled, such credentials create enormous information security risks if the control systems should be Internet-connected and not properly secured.

InformationWeek is conducting our third annual State of Enterprise Storage survey on data management technologies and strategies. Upon completion, you will be eligible to enter a drawing to receive an Apple iPad 2. Take our Enterprise Storage Survey now. Survey ends Jan. 13.

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights