Hacktivists are often blusterous. Sensationalism helps recruit for campaigns and raises awareness of their cause via the resulting media coverage. As a consequence, it’s easy to pick out grandiose threats from recent memory – taking down the internet or crashing Facebook – that failed to materialize.
However, Anonymous earlier this month called for support to ‘erase Israel from the Internet’ on April 7. It is rightly drawing considerable attention; as reported by CyberWarZone, the campaign announced by hacker AnonGhost is being supported by a myriad of known hacktivists with a history of carrying out state-targeted attacks and solidarity attacks are already underway. This is not a “faceless” warning loosely aligned with the Anonymous cause, and it comes at a time when persistent attacks against state run sites including properties owned by Israel have been successfully carried out. Need more examples? See attacks against the United States, Turkey, and most recently, South Korea.
This planned event is actually a revitalization of Anon’s #OpIsrael campaign in support of Palestine during the Israel-Gaza conflict last November. Aside from the date for initiating this second round of #OpIsrael, what has publicly appeared about the campaign since it’s initial promotion?
The first event that bubbles up on the timeline for mentions of “OpIsrael” since March 11 comes from a since deleted Facebook post describing analysis of the actors allegedly involved in the campaign:
The attributions are to the best of our knowledge, based on language analysis, history and helps from our sources who speak Arabic ( various forms ) and Farsi ( various forms, mostly Persian ) natively: AnonGhost ( distributed – freelance ) AnonymousPal ( U.S and E.U – freelance ) OsamaTheGod ( false flag ) Teamr00t ( Pakistan – ideological ) Hannibal ( Anti-OPISRAEL , inside fight , Indian – freelance ) PunkBoyinSF ( Egyptian ties – freelance ) Mauritania HaCker Team ( distributed – freelance ) ajax Team ( unknown ) MLA – Muslim Liberation Army ( ties to Pakistan ) Gaza Hacker Team ( Palestinians in U.S and E.U , perhaps some members in Arab countries as well ) Gaza Security Team ( same ) Gaza Security Team ( ties to Syria – Syrian nationals – freelance ) Algerian Hacker ( unknown ) Iranian Cyber Army ( Iran , hired hackers based in Iran ) Remember Emad ( Joint Lebanese and Iranian effort – high likely state-backed ) Parastoo ( Iranian , reported to have ties with IRGC-QF and Hezbollah ) Syrian Electronic Army ( reported to be controlled by elements of pro-Hezbollah activists ).
There are two other points of interest:
- An attack reported on March 18 against 1600 websites, many Chinese, carried out by Anonymous Algeria that was done allegedly as a “sign protest and give a wake up call to the government of the world on Palestinian issue”.
- The appearance on Facebook of material, instructions, and attack vectors used during the original OpIsrael campaign that may be prepared for reuse in the planned April 7 campaign.
The rise of Anonymous and other nebulous hacktivist groups has created a fascinating challenge with regards to attribution in information security threat assessment. The “We Are Anonymous” motto provides a convenient shroud for cyber activity, including savvy state operatives, whether philosophically associated with the movement or not. We think back to the “Shamoon” attack on Saudi Aramco when several different suspected attackers were cited ranging from vigilante hackers to a cyber Jihadi group to the Iranian government. Misdirection and the amplification of disinformation is easier than ever, and those of us acting as analysts should be wary.
Irrespective of your feelings on the credibility of the latest #OpIsrael campaign, we’d like to get your thoughts on the use of open source web intelligence in evaluating and monitoring forewarned cyber attacks such as this one. As noted above, there are already faint signals of capability and dissemination of campaign information. Where else should analysts be looking?