Anti-American and anti-Israeli factions of the Anonymous collective recently declared that they would be launching attacks against any and all websites deemed to be Israeli- or U.S.-government affiliated in their latest #OpIsrael campaign.
The attacks come as the most recent of many campaigns that began back in 2013 on the eve of Holocaust Remembrance Day, and since has been marked with an annual cyberattack with the goal of “erasing Israel from the Internet”.
The most recent actions are in response to President Donald Trump signing a waiver in June 2017 then on December 6, 2017 recognizing Jerusalem as Israel's capital and planning to move the U.S. embassy from Tel Aviv to Jerusalem.
In 1995, the United States Congress passed the Jerusalem Embassy Act, with the purposes of initiating and funding the relocation of the Embassy. The law has since remained unimplemented by U.S. Presidents Clinton, Bush and Obama who viewed it as a Congressional infringement on the executive branch's constitutional authority over foreign policy.
Anonymous groups are calling for hacktivists around the world to join forces and are urging participants to hack, deface, dox, hijack, leak and DDoS any target in Israel and any websites associated with the US government.
As of recent, Radware's Emergency Response Team warn attackers may turn their sites on small and medium size businesses that are indirectly involved as large government agencies are often well protected, according to a Dec. 12 blog post. So far they have witnessed several SQL injections, data dumps and service outages and denial of service attacks leveraging TCP flood, UDP Flood and HTTP/S Flood as a result of the most recent operation.
Researchers expect the attacks to continue through December as the U.S. begins to move their embassy to Jerusalem and officially recognize it as the capital of Israel.
"This type of attack happens every year-- usually it takes place in April,” Amit Dori, Security Research at Votiro told SC Media. “However, this time due to President Trump's declaration to recognize Jerusalem as the capital of Israel-- it's possible that this is a replacement of the usual attack that takes place, but it may also be another one.”
Dori added they often “gather the troops” and prepare a big list of targets to use Script kiddies to attack some of which are very technical and sophisticated while other hackers use sophisticated tools and direct them at the sites they were told to target. Attackers might also spam a specific set of email addresses, he said.
Hacktivism tends to primarily focus on vandalism and service disruption to gain publicity as even unsophisticated attacks that cause little real damage can succeed at making the news, Willy Leichter, vice president of marketing at Virsec said.
“We're seeing a convergence of a hyper-charged political environment, with widespread availability of effective hacking tools that bypass conventional security,” Leichter said. “Pick a cause and come up with a good hashtag and you have a credible threat.”
Some researchers feel attackers could still pose a threat to government agencies. Alex Calic chief revenue officer for The Media Trust warns Government website operators should be on the defense and said preventative steps should include identifying and authorizing all parties contributing code to the website and continuously monitoring this code for anomalous behavior, which will alert security teams to emerging attacks.
"In today's politically-charged environment, the threat to government websites is very real. In addition to grassroot traffic flooding and organized large-scale DDOS attacks, websites are at significant risk of defacement, where the home page is vandalized with unauthorized messaging and/or appearance,” Calic said. “Compromising websites through third-party code is a likely avenue, as evidenced by the increasing number of high-profile attacks.”
