Is this Just the Beginning? 15,000 Israelis Hacked on Facebook

by Ilan Gattegno, Shlomo Cesana, Lilach Shoval

Ahead of the massive cyberattack threatened for April 7, Facebook accounts of 15,000 Israelis are hacked • Israel's cyber bureau assures citizens vital infrastructure is secure • IDF pilots and some soldiers ordered not to use their real names on social networks.

The looming massive cyberattack on Israel is already being felt on Facebook. | Photo credit: GettyImages

An international hacktivist group has claimed it will launch a giant cyberattack against Israel this Sunday (April 7), and the first signs of it may have been seen Wednesday, when some 15,000 Israeli Facebook users found that their computers had been attacked by a powerful virus that traveled through the social network.

On Wednesday afternoon, a Facebook user named Bekir Yangeç sent out an apparently innocuous but malicious link. The link directed users to the address orospumtugcebakir.com, and connected the unwitting victims to the malicious IP address 87.98.175.60. 

About 15,000 Israeli Internet users clicked on the link, thereby sharing it with their Facebook friends without the original Facebook user's knowledge. 

According to the URL-shortening service BIT.ly, Yangeç's Facebook profile has been removed, but his link continues to wind its way through the social media website between Facebook friends. Facebook users rendered their computers vulnerable to the virus by clicking "Like" on an external website. The malicious software then transformed those users' computers into portals through which the virus could attack other computers. 

To prevent their system's corruption, users who clicked on the link must make sure they do not approve any new Facebook applications. If they have already done so, they need to remove the application immediately and change their Facebook password. 

Meanwhile, also on Wednesday, a unique cyberattack affected the Google Chrome browser. The malicious program Theola tells hackers when a user logs onto the site of a major bank, documents their activity, and sends the information to a third party. Most of the attacks were seen in Holland and Norway, but hundreds of Israeli computers were also compromised. 

Avnet Information Security Cyber Security Team Manager Roni Bachar played down the supposed impending major cyberattack, which an international hackitivist group said it had scheduled for Sunday. Bachar said he believed attacks on various commercial enterprises in Israel had already been carried out over the past weeks and months, and that those to be carried out on April 7 would mostly be showpieces, as the public release of data that had already been gathered secretly. 

The planned assault is part of hacktivist group Anonymous's ongoing #OpIsrael campaign, which was launched in March in a show of solidarity with the Palestinian cause. As part of the campaign, Anonymous — which has since been joined by several other hacktivist groups including Sector404 and RedHack — said it would "launch a coordinated, massive cyberattack on Israeli targets with the intent of erasing Israel from the Internet." 

"All of these threats are nothing new," said Bachar. "The [hacktivists] have no new tricks up their sleeve, aside from pinpointing the event to a specific day." 

"The goal is to scare people, there isn't necessarily a real danger that will directly impact Israeli citizens," Amichai Shulman, vice president of technology at Imperva, told Israel Hayom. 

'Israel is protected'

The national cyber bureau in the Prime Minister's Office was quick to allay public fears following the attack. 

"Israel is prepared and protected from cyberattacks. Not every virus is an attack," the office stated. At the same time, the bureau expects continued assaults on Israeli web sites for the psychological effect they have on the public. 

Israel's political echelon believes that Israel's essential infrastructure as well as Israeli economic and financial systems are well protected. 

"No system is hermetically sealed, but all the necessary preparations and protections have been undertaken," said a political source. 

"The attempts to attack Israeli websites are an ongoing, routine occurrence," said Rami Efrati, a senior department head in the civilian sector of the cyber bureau. "Israel is frequently attacked by terror groups, hacktivists and hackers. Their goal is to crash Israeli websites." 

Staff at the cyber bureau said that an organized attack could cause various sites to crash temporarily. But this would not affect vital infrastructure, which is less vulnerable to attack. 

Rather, various websites could go offline, causing the public stress or panic. That is why the bureau views such attacks as a form of terrorism. 

"When they try to create psychological pressure on a country, that is a kind of terrorism," Efrati said. 

At the same time Efrati does not believe we should reject the attacks outright, since hackers are getting better all the time. 

"These are highly skilled people who are always sharing their information and methods," Efrati said.

Nevertheless, the bureau, along with Tehila, the organization responsible for securing government ministries, is constantly expanding and developing Israel's readiness, trying to stay one step ahead of the hackers. Israel is widely viewed as having impressive results in thwarting cyberattacks and developing advanced anti-hacker products. 

Information security professionals largely believe that private citizens are more vulnerable than state or large institutions. These organizations deploy a series of defenses that constitute a "virtual Iron Dome." The government has asked citizens to exercise caution and enter their "Internet protected space," advising web users not to open unfamiliar files or click on unfamiliar links. 

IAF pilots: Change your Facebook name 

Soldiers and officers serving in units where the names of servicemen are classified were recently warned not to use their real names on Facebook and other social networks, Israel Hayom has learned. 

Pilots, air crews, soldiers and officers serving in classified units received this order. At the same time, according to the Israel Defense Forces, the cyber bureau still has primary responsibility for the issue. The new regulation is part of an IDF crackdown on holes in its information security. There is a long-standing IDF order to soldiers not to post photos and information about their IDF service on the Internet, particularly classified information. 

Some bases in the past have prohibited telephones with cameras, and soldiers have been ordered to remove photos from the Internet that indicated where they are serving. In addition, IDF policy blocks Facebook, Twitter and Gmail on some IDF computers. 

Lacking an official policy on a soldier's use of social networks, the IDF in recent weeks decided to ramp up its regulations, prohibiting soldiers whose names cannot be publicized in the Israeli press from using their real names on social media websites. It is possible that the order was born of an incident last year when a Palestinian website published photos of Israelis it claimed were Israel Air Force pilots. 

"There is no specific order in the IDF as to how one should identify oneself on social networks," the IDF Spokesman's Office said in a statement. "At present, we are working on the issue. The instructions will be disseminated to the pertinent people in the near future."

Ilan Gattegno, Shlomo Cesana, Lilach Shoval

Source: http://www.israelhayom.com/site/newsletter_article.php?id=8395

Copyright - Original materials copyright (c) by the authors.