Cyber War in the Middle East
The unprecedented battle raging in cyberspace between pro-Israeli and pro-Palestinian/Moslem hackers may have serious consequences for the entire Internet.
It's a new type of warfare, launched by young civilians who go into combat armed with a mouse and a keyboard, and who, even after several battles, have yet to suffer even one human casualty. Although real blood is not being spilled, the war is no less grave for its virtuality.
"Internet violence, or virtual violence on the Internet and in cyberspace is a scary option because you never know where it will end," says Prof. Gabriel Weimann, chairman of Haifa University's Department of Communications. "I see it as very risky when virtual blows are exchanged on the Internet in the form of harming one another's sites. The whole idea of the Internet is that it is free, that nobody controls it, and everybody can say what he wants."
Since the beginning of October, pro-Israeli and pro-Palestinian/Moslem hackers have been battling it out in cyberspace - spamming some sites with junk mail and false requests until overload knocks them off the Web and defacing others.
It's getting so bad that the FBI's National Infrastructure Protection Center, which combats cyber crime, has issued an advisory warning that Mideast cyber violence could spread.
"Due to the credible threat of terrorist acts in the Middle East region and the conduct of these Web attacks, [users] should exercise increased vigilance to the possibility that US government and private sector Web sites may become potential targets," the advisory said, according to story in this week's The New York Post. One industry source told The Jerusalem Post that the CIA has sent officials here to observe the cyber violence in real-time, but the US Embassy has denied that any such visits are taking place.
WEIMANN says the Israelis fired the first shot in early October - right after the first bout of Palestinian violence that coincided with Rosh Hashana. Arabs say the virtual war started with a spam attack on the Middle East portal Al-Bawaba, based in Jordan.
The attack, called denial of service, the same type that crashed the Israeli Foreign Ministry and Knesset sites in late October, flooded the portal's political forum chat room with heavy graphics files insulting Islam, the Prophet Mohammed, Yasser Arafat, and the Palestinian Authority, forcing it to shut down.
The assault was apparently taking the forum's hot debates one step further, said Ramzy Khoury, Al-Bawaba's editor in chief, who added that the attack was the first in a series; the last of them came this week on the site's e-mail server. The first few attacks have already been traced to an organized Israeli effort to attack the Arab portal, with Web pages posted on Israeli sites automatically starting an assault when opened.
"We consider this a form of terrorism and the sort of violence that a lot of people don't think can cause major harm, but it does. It is very costly. When you have to take down servers and reprogram them it costs a lot of money and takes a lot of energy and a lot of time," Khoury said. "It is similar to taking down a building."
After the attack on Al-Bawaba, the blows fell fast and furious.
"This was the first time in the history of the Internet when real warfare between two sides took place in a very clear manner," says Weimann.
Likud MK Michael Eitan, head of the Knesset's Internet committee, agrees, noting that while similar attacks have been made on commercial sites, this was the first time that the motive for such assaults has been clearly political.
Hizbullah sites were the main target of Israeli hackers, apparently seeking revenge after they took three Israeli soldiers hostage at the end of September.
First, a Hizbullah site was defaced with an Israeli flag and a file playing "Hatikva." Then, an anonymous hacker posted on http://www.hizballa.org/, the flickering word "War," an Israeli flag, and the Hebrew and English note: "This page was uploaded to protest against Arabic attacks in the past few days."
Response was not long in coming. The Israeli Foreign Ministry site was blasted with illegitimate e-mails and requests that brought it down for several days. The Knesset site also crashed due to overload, losing files that have yet to be recreated.
The IDF site also apparently came under attack; although the military denies seeing any evidence of an assault, it recently hired AT&T as a second Internet Service Provider (ISP) to strengthen its connection on the World Wide Web. And it didn't stop there.
The site of Hizbullah TV station al-Manar was defaced by an Israeli hacker who signed off as Nir M. and posted an Israeli flag with a link to photographs showing what he said were "The Real Story of the Palestinians in Judea, Samaria and the Gaza Strip." The pictures were of Palestinian stone throwers, the lynching of the two Israeli soldiers in Ramallah, and the funeral of the rabbi killed during a day trip near Nablus.
Even The Jerusalem Post, whose connectivity is through the same ISP as the Knesset, the Foreign Ministry and the IDF, was targeted when sometime last week hackers tried to overload its server.
In Lebanon, The Daily Star has meticulously covered the maneuvering on the cyber battlefield, first noting an Israeli site it said users could log on to in order to "attack and destroy Hizbullah."
The site, which the Daily Star identified as http://www.wizel.com, did not allow unauthorized users to enter this week, but its technology was apparently quickly adopted by the Arab side.
In a letter sent out by a pro-Arab group called Unity, readers were asked to "help us by opening the attack window 24 hours a day. The attack is working as long as you are on the Net, you will not feel that something big is happening, but you are indeed sharing in a big battle. Please visit our link at ummah.com."
The link, however, has since been eliminated - the site posts an apology: "The bandwidth providers to our ISP, after receiving many complaints from ZionistsÉ have threatened to cut off our Internet connection if this site was not removed. We have removed this site in order to keep the rest of ummah.com online."
THE attacks such as those reportedly launched by ummah.com or wizel.com, work by overloading a system, much as a small office with ten phone lines would be overwhelmed if it suddenly received 10,000 simultaneous calls. Such an assault would not only affect the office in question, but everyone else on that telephone exchange.
This is why users of Netvision, the ISP for the Knesset, Foreign Ministry and the IDF, encountered extremely slow service during the last two weeks, at times experiencing difficulty just logging on.
The easiest way to counter such attacks, says Shimon Gruper of Aladdin Knowledge Systems, is to improve Israel's overall Internet connectivity by linking it to more than one foreign Web backbone like Sprint, allowing for more ISPs within Israel and giving each more maneuverability. In this way, if a site is attacked through Netvision, like the IDF apparently was, it could still be accessed through AT&T or any other service.
While annoying, the denial of service type of attack is quite primitive, says Gruper, capable of doing nothing more than shutting down a site's accessibility without getting anywhere near the actual content. It also requires the cooperation of a large group of surfers who must sacrifice their personal dial-up connection to attack other Web sites.
"Eventually people will give up," notes Gruper, adding that the latest rounds of cyber attacks have proved that Israel's sites were far more secure than those of the Hizbullah, which Israelis managed to penetrate and deface.
Israeli hi-tech, much of it stemming from the military, is considered one of the world centers for Internet security. Even as the cyber attacks continued on the Foreign Ministry, and the Knesset struggled to gets its site back up, an Israeli start-up was preparing to launch its content accelerator technology that offered protection against the assaults.
MagniFire Networks technology works by creating a buffer zone between the Internet site and its attackers, drawing the cyber fire to its Virtual Hosting Accelerator (VHA), and preventing direct access to the site's server, thus preventing its shut down. At the same time, the VHA channels authentic users to the site through a different path, guaranteeing the site's accessibility while protecting it from hackers.
The company - which is developing its technology with E-Trade and ISPs in Europe, Singapore, Taiwan and Australia - plans to launch a working system in the next two months. While today the world is focused on the political cyber war, the real problem will come later, says Michael Shafir, chief technical officer of MagniFire.
"Two, three, four or five months down the line, after every teenager has had access to the tools of attack and has acted as a soldier against the Hizbullah or against Israel, we will start to see these same kids attacking commercial sites," says Shafir. "Today everybody can be a soldier in the Internet world and every kid has the key to harm." And that is exactly the reason why MK Eitan is worried.
"We need to send a message to our public that it needs to be more restrained and understand that, like in any other area, it can't take the law into its hands [on the Internet]. Part of this is the understanding by the Israeli citizen and the Israeli surfer that the Internet is not an arena of war, but one for exchanging information. Even in a state of war, battles aren't held everywhere and they are not without limits."
The decision to attack sites posting anti-Israel propaganda, if one should even be made, says Eitan, definitely does not fall into the public domain, since a private citizen does not have to answer for his actions. Indeed, it is the government that today is paying for the private attacks.
In any case, cyber warfare is considered a criminal offense under Israeli law, adds Eitan He would like to see the US promote an international convention that would obligate signatories to take steps against citizens "wreaking havoc on the Net."
Eitan says such an agreement could put a stop to attacks in the future, but Weimann is not so sure. For one thing, the enforcement of such an international law would be difficult. "You can have all the declarations in the world and one teenager can sit at home on his PC and still decide that today is the day to destroy someone else's site. Many hackers are just looking for something forbidden to do."
THE focus, says Weimann, should be on educating people about the price of violence on the Net and the value of freedom of speech in the new medium. The Internet is a place to post one's viewpoints, attitudes and perspectives, and on the Web, terrorists have just as much right to their opinions, however despicable, as anybody else, he says. "I don't see it as any different from any other means of political propaganda you find in history," notes Weimann. "It is just using a different medium."
While reliance on the Internet today is small compared to the use of conventional media like television, radio and newspapers, the Web will emerge as a strong player in the arena of shaping public opinion as the Internet-oriented generation grows up. And perhaps this is the most important lesson to be learned from the present round of cyber warfare.
This time, at least, it took Israel some 10 days to get its information machine in gear, abandoning the media stage to the Palestinians and spurring frustration at the lack of a strong Israeli presence. This failure on the part of the government could have had led to the spate of hacker attacks on Hizbullah sites, acknowledges Weimann.
Today the IDF site is seeing 130,000 hits per week (each of them staying for some seven minutes), compared to 7,000 a week before the violence started in September. Lt.-Col. Orly Gal, head of information at the IDF Spokesman's Office, says that some 3,000 of the weekly hits are from Saudi Arabia and 1,000 from Egypt, with other visitors from Morocco, Iran and Lebanon.
The Foreign Ministry site is also seeing increased traffic - up to 350,000 hits a week from 120,000 before the conflict started.
Ori Noy, director of the information division at the Foreign Ministry, admits that the site, which is still being attacked, is not objective and does not claim to be.
"We support the display of all kinds of material on the Net and are against censorship. Everyone can browse, surf and find what he wants. What he can find at our site is the official position of the government of Israel or the Ministry of Foreign Affairs.
"The fact that someone doesn't agree with us," says Noy, "does not mean that they should shut off others from accessing our site."