Computer Networks as a Battle Ground in the Middle East and Beyond Kenneth Geers NCIS Dr Peter Feaver Duke University Asymmetric warfare o o o o o o o o Unconventional weapons Innovative strategy Leveraging inferior strength to tactical advantage Aimed at attacking the will of your target Leads to fighting chances for the weaker opponent Used by terrorists Used by the media Used by computer hackers Asymmetry and hacking o o o o o o Anonymity Deniability Affordability Myriad avenues of attack Non-state actors can join the fight Subcultures can mobilize The globalization of warfare o Private and state interests sometimes indistinguishable o Citizens of country X might fight for country Y o Anyone anywhere can volunteer at any time o Corporations are active participants both as targets and possibly as combatants Let's Go Fight o No traditional chain of command o Coalitions of the willing o Opportunistic participants - Spanish civil war - Hacktivism gives everyone a chance to impact the course of history o Outsourcing warfare Cyber targets o Two predominant attacks DoS and defacements o Business loses revenue government face o Is target significant or merely vulnerable to attack o Nation-state involvement Zone-H statistics - Why did you deface this website By attack Heh jLiSt fer fun Na Specified IjLiSt want ta be the beat facer AS a challenge Patriatiam Palitieal Revenge against that website Netscan org ii netscon org Current count 9 535 broken networks Average ampli cation 3x Welcome to netscan org This site contains a searchable and browsable list of broadcast smurf ampli ers giirected broadcast info View the 255 ASNs or 2048 netblocks announcing the most smurf ampli ers The mmplete list of nan-works 1 5 MB 300k by IP adore ess _ about netscanerg Internet - Lists broadcast sites average amplification 5x The Challenges of Privatized War Retaliation o Who really hacked me or the problem of the last hop o What if the hack was state-sponsored o Sue hack back or bomb the hell out of them o What do the lawyers say Challenges of Privatized War Legal o Hacking is illegal but state-sponsored hacking occurs every day o The question of patriotic hackers o FBI sting operation in Russia o The U S may have more legal liabilities than some of its adversaries Case in Point The Middle East cyberwar o Core hackers less than 100 - provide the ideas the tools o Volunteers and conscripts a few thousand - From all over the world - Provide brute force scanning and DoS power o Cyber attack intensity has mirrored the intensity of fighting on the ground Hacktivist volunteers o Middle East conflict stirs emotions - - - - Emotional Ideological Patriotic Religious o Everyone everywhere has a strong opinion about something Cyber tools used by both sides o o o o o o Ping-flood Ping of Death EvilPing Winsmurf QuickFire Defend o HTTP Bomber 1 001b o FakeMail o MailBomber o Attack 2 5 1 o PutDown The Defend attack tool o FloodNet-type o New attack method - Requests non-existent webpages - Specifies the current date time - Defeats Web-caching security mechanisms o o o o Many versions developed during war Mirrored on many partisan websites Dozens of targets successfully attacked Effectiveness relies on number of attackers The victims o Pro-Israeli attacks - Official organizational in nature - Terrorist extremist websites first - ME government sites second o Pro-Palestinian attacks - Israeli official government - Commercial corporate technology telecommunications media financial Types of targets o o o o o o o o Web sites E-commerce servers E-mail servers Internet relay chat IRC channels WWW chat rooms Domain name servers DNS Internet service providers ISPs File transfer protocol FTP sites Government websites attacked o o o o o o o o Israel Palestine Iran Lebanon Malaysia Qatar United Arab Emirates United States Israeli hackers o o o o o o o Deri Schriebman Mossad Nir M Polo0 Wizel Israel Hackers Unite Mike Buzaglo o o o o o o o Israeli Internet Underground a israforce com SmallMistake Hizballa - No More Lion type_o ha k'eil ViRii The Analyzer Nov 9 2000 mug-Jar mm mm 5315 211 341 Inn-N111 I 1 11 1 1 VJ 113 Nb um 1m 11 11 mum nnm aanwnu um 1511 7mm n um 113m 11 me 1mm hm 511m 1131er rim bat-Hm rm June 2004 - r mas-mm 4 1mg Brew design by L-Iushronm of Doom Get a better design for this page Post it as an attached zip or forever hold your peace 3135 as N3 are -- Hackerina For nomadic javascript-based totals see 'IJik C'ipherSaber t etc Jabber meta messaging - use nnw Launch ava $9211 menu w-m The Disorder of Johnny RandomS eed Become an indicsiple Prove lat you are one Youcan exchange keys here powered by Tag-Board 13 24 MuShKiLa hi all 526 304 23 51 raad hf phease tn to look in 15 38 Citizen f01f04 21 23 skidz 508 03 13 05 Goat boy is open source lileickCAT is 26 102 5 04 Nimrod want a web based aggregator f0 3 price of 10 minutes work 16 16 Nimrod Dazz As i1 Da223 it going mate j13f02 14 15 Dazz l1-i n- run nil rni- r-n-uJQI lwzd- llCC-nl' Targets of Israeli hackers o o o o o o o Palestinian National Authority HAMAS Hizballah U S Pentagon VISA Iranian government Israeli sites including Knesset mOsad defacements Attacked bv rn sad 6 of which 54 are single IP and 13 mass defacernents Legend Homepage defacement - Mass defacement click to view all defacements of this Redefacement click to view all defacements of this site '31 Special defacernent Time Attacker Domain 2001f01f03 m0sao' 2001f01j02rn0sad 2001f01f02rn0sao 200lf0lf02 m0sao 2001f01f01 m0sao' 2000 1281 m0sad 2000f12f31rn0sao 2000 1329 m0sao 2000 l2f20 m0sao' m0sad 2000f12f15rn0sao m0sao 2000 12le m0sao' 2000f12f03rn0sad 2000f12f01rn0sao 2000 llf29 m0sao 2000 r ll r 22r m0sao' svs eoo ok rnL s afaciaas corn soicer's corn rnooelli corn doi ne i ' i'u'eocorngk iI_ gaza eciL alkislarncorn ocaaLJigovae islam gov oa i-veohosjng ajeeocon islarnw'eo ne Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows View view rnicr'or view mirror view rnir'r'or- viev I I micro view view mirror view mirror- viev I I micro view micro - view mirror view rnir'r'or- viev I I micro view view mirror view mirror- viev I I micro view micro - Shot across the bow website October 25 2000 Poisoned pen tactics Disinformation campaign Israeli tactic Used against Hizballah websites Israelis registered and configured websites using misspellings of Hizballah o Hizballa org hizballa com etc o Great opportunity for free propaganda o o o o www wizel com o FloodNet-style DoS attack tools o Tools targeted six different Hizballah sites o Activates a file to target the site every second o Oct 6 2000 Ali Ayoub Hezbollah site webmaster The Web site will automatically do the attacking for them Mao mmEEoU 355 5qu Kn 2 Hana nun xp an xn HIE at Enznr E 9E n3 FEB 2090 an Cant znr an E rnn a nn EFF Cr rp h nnuac 59 7E FE nn n ENE En EQEE nn n an na nr EL n25 55 EE EE xn Hr urn EmpD ZEF comm an F- min a 2 83 0 nEn 2n 5qu 55 5 annan rEn nmr GE an E DrfEr XE Er an DEEP ESE Fm d E In 2L hn rnnE Zn n1 nEnE Ez r czar EQEE an 95 nuann who H mzonwmm mw gmma mkw n nil 55% er ZFEF GEE ID 311 Eur Er l Zn p nx n ran an ass 3 an nun Ea E2 Ezp ir 9r Down F- mam n 9% En EmnE nz n 2 nEn In ranch Eur HEB uncn nmrn an nun zcr n n EFL Earn nan E Luna z an parzn EC nn n x EFF an KER LELCELE ququ HUD QUGEHD m L'un mum ma 10030192 92 uLi # ch m i ii mm mm qua Md uncut mug Kauai i ii mun man qn'mLL cm mama Emu mqmii ELNI mum m gm man mutt mama Linn mm mm umi M cg mcuu mum ML m LdlL cc mt match nmub qua mun um mcqnu ummuim qucu gum CHL mum cmu mun mm nu Lug Nldu The search for more targets o There were not enough Palestinian sites to attack o Israelis began attacking sites indirectly involved in conflict o Iranian Min Foreign Affairs Agriculture o Lebanese television o www almanar org attack Interfada Counterattack o Pro-Palestinian hackers began to work methodically through il sites o At height of ME Cywar defaced 5x number of websites as pro-Israeli side o Paralyzed half of Israel's e-mail system for several days o Took aim at Israeli e-commerce sites Israel cyber target o o o o o o o Unlike Palestinian side extensive target list Thus Israel potentially had more to lose Most of population nation wired Millions of Internet connections More than all Arab countries combined More targets more vulnerable boxes Pro-Palestinian hackers successfully attacked many more sites during the conflict Pro-Palestinian Hackers o o o o o o o UNITY G-Force Pakistan Doctor Nuker Pakistani Hackerz Club ReALiST PROJECTGAMMA World's Fantabulous Defacers WFD o Arabhackers org o dodi o Xegypt o Hezbollah o Ummah net o Arab Hax0rs o al-Muhajiroun o m0r0n o nightman QM w 1914139 91 3 1 1 g J-gw 6W1g3654L 341m You will attack 1P 212 143 256 4 IF 212 143 256 51 1P 194 90 202 20 You Will Attack Wbankisraelgovil Tel Aviv Stock Exchang wlasacmil Ministry Of ce IP 1412317193 W wiael com Pro-Palestinian attack portals o www ummah com unity o Pro-Palestinian attack portal o Due to complaints moved and renamed - http defend unity-news com - http members tripod com irsa2003 - http members tripod com irsa2004 Non-cyber cyber attacks the Muslim Director online ummah urivac about e ntail us We have been forced to remove this site The bandwidth providers to our ISP after receiving rnanvr complaints from Zionists and their supporters in the UK have threatened to cut off our internet connection it this site was not removed We have therefore rernoved this site in order to keep the rest of urnmahcom online Most sincere apologies The urnmah com tearn the Muslim Directory online privacv about e mail us Israeli victims o o Official gov't portal o o Israeli Foreign Ministry o o Israeli Knesset o o Israeli Army o o o Israeli Central Bank o o Haaretz Jpost o o Netvision TA Stock Exchange Bank of Israel www wizel com AIPAC Prime Minister Likud party Israeli universities AT T USA caught in the crossfire o The friend of my enemy is my enemy o Israeli hackers had been hacking U S sites for years o Pro-Palestinian hackers including the anti-American Brazilians found a natural target in Israel's ally the U S A Hacking the U S A Largest player in international politics Largest IT infrastructure Corporate Internet security still inadequate Vulnerable to same tactics used in ME FBI's NIPC warned early that ME Cywar could spread to US-based sites o Should expect shots in future cyber conflicts o o o o o The USA versus China o May 2001 PRC hackers attempted a national coordinated cyber attack on U S o EP-3 triggered a major conflagration o Chinese U S hacking portals built USA Kill China Killer o U S retaliation Poizonbox o NIPC warning 26 April 2001 Impact perception and reality o Cyber war is a new avenue through which to take part in global conflicts o Computer exploits can be good PR o ME Cyber War may serve as a test bed for cyber weapons and strategies o DoS and defacements worth guarding against but they are not WMD o The question of defacements and free speech National defense strategies o o o o o o o o Still in flux like early nuclear era Europe squashing all hacking activities United States laissez-faire attitude International agreements not likely Widespread scanning for zombies Incentives to security law enforcement Encourage the White Hats Fine those with poor security practices Can hacking affect military operations o Before the fighting - Intelligence collection - Indications and warning o During the fighting - Denial and deception - Negative e-mail campaigns - Poisoning military blogs Could populist cyber attacks spark a real war o Cyber attacks usually follow and react to international events not vice versa o If governments are not in control hackers could affect level timing of tension o In Middle East not enough proPalestinians are yet wired o U S -China case American hackers have more independence thus more power The most powerful cyber attack propaganda o Old fashioned o Some faked in English papers o The Internet dissemination of the Abu Ghraib photos did more to damage the political interests of the U S than all of the cyber attacks since the beginning of the Internet age Who is most at risk from hackers o o o o o Corporations have the most to lose Loss of trust Public ridicule Money lost from downed e-commerce Time and effort needed to fix the problem costs even more money The Future o Populist cyber attacks will be part and parcel of highly-charged emotional conflicts o So far not very effective at accomplishing political goals o They are best for targeting corporations o Sophistication of attacks is increasing over time o Will anti-globalization forces launch the next cyber war o Will traditional extremist groups begin to work with these hacker groups Computer Networks as a Battle Ground in the Middle East and Beyond Kenneth Geers NCIS Dr Peter Feaver Duke University References Billington Mike UPI Pentagon Reporter Hacker 'confederacy' hits Pentagon 1998 03 20 Bit666 Wise bit666wise@hotmail com FBI Chases Analyzer Hacker Original Format Newsgroups alt 2600 hackerz 1998 03 11 Cole Richard Associated Press Writer San Francisco Hacker Hunt AP US World Samstag 7 3 1998 19 45 00 AP Gentile Carmen J Hacker War Rages in Holy Land Nov 08 2000 Gentile Carmen J Israeli Hackers Vow to Defend wired com Nov 15 2000 02 00 AM PT http www wired com news politics 0 1283 40187 00 html Gentile Carmen J Palestinian Crackers Share Bugs http www wired com news politics 0 1283 40449 00 html Allen Patrick D Demchak Chris C U S Army CGSC Military Review March 1 2003 SECTION No 2 Vol 83 Pg 52 ISSN 0026-4148 IAC-ACC-NO 106732244 Harman Danna Associated Press Writer Jerusalem Report Hacker Had U S Students AP Online Montag 9 3 1998 03 01 00 AP Hershman Tania Israel Discusses the 'Inter-fada' wired com Jan 12 2001 06 00 AM PT http www wired com news politics 0 1283 41154 00 html Hockstader Lee Pings and E-Arrows Fly in Mideast Cyber-War Washington Post Foreign Service October 27 2000 Page A01 http www washingtonpost com ac2 wp-dyn pagename article node contentId A21154-2000Oct26 notFound true Israeli-Palestinian Cyber Conflict iDEFENSE Intelligence Services Report Version 2 0PR PUBLIC RELEASE Jan 3 2001 Leibold Dave djcl@bnw debe fl us Subject Israeli Hacker Caught View Newsgroups comp dcom telecom 1991-09-17 10 24 12 PST Lemos Robert 'Hacktivism' Mideast cyberwar heats up ZDNet News November 5 2000 http zdnet com com 2100-11-525308 html legacy zdnn References cont'd Makowsky David Lee dlm@mars mcs net Subject Re Hackers Worldwide Fan Flames In Middle East Conflict Newsgroups soc culture iranian soc culture usa talk politics mideast soc culture palestine 2000-11-20 18 04 13 PST masakim masakim@kun ne jp Re asymmetrical warfare Newsgroups alt usage english 2001-09-12 00 07 25 PST McAuliffe Wendy Hackers put porn on militant Muslim site ZDNet UK March 08 2001 http news zdnet co uk business legal 0 39020651 2084887 00 htm Mishmari Aviva Hacking for Israel A security company employing Ehud Analyzer Tenenbaum probes Israeli sites vulnerable to attack - then offers them protection Israel's Business Arena 15 Nov 00 15 00 http new globes co il serveEN globes DocView asp did 450980 fid 984 Neo202 bachafrancois@my-deja com cyber war 2 leb vs israel Newsgroups soc culture lebanon 2000-10-30 06 10 11 PST Page Barnaby Pro-Palestinian Hackers Threaten AT T TechWeb News November 11 2000 10 19 a m EST http www techweb com wire story TWB20001110S0010 Petersen Erik ROOT@TRILOS han de Subject Israeli Pentagon Hacker Original Format Newsgroups de org ccc 1998 03 09 Schwartz John WEB WAR When Point and Shoot Becomes Point and Click nytimes com November 12 2000 http www nytimes com 2000 11 12 weekinreview 12SCHW html ex 1074574800 en 122ebe8d97cdc75b ei 5070 Verton Dan U S may face net-based holy war COMPUTERWORLD NOV 13 2000 http www computerworld com managementtopics ebusiness story 0 10801 53940 00 html Zone-h org http www zone-h org en index                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu