Team Evil.

Team Evil gained widespread notoriety for defacing thousands of websites in 2006 in protest of Israel"s military activities in the Gaza Strip and Lebanon. The group defaced more than 8,000 websites between June and November 2006. In addition to Israeli and Western sites, this tally also included websites a.s.sociated with the governments of China, Saudi Arabia, and Indonesia. In all, Team Evil defaced 171 significant websites, according to records on zone-h ( a website that serves as an archive of hacker exploits. The team often left anti-Israel or anti-Semitic messages on their defacements, regardless of the country of origin of the website.

Israel"s Ynetnews reported that Team Evil was responsible for the majority of damage to Israeli websites in the first half of 2006, including sites belonging to banks, hospitals, major companies, NGOs, and political parties. When Ynetnews contacted the group, its members told the paper that they were Moroccan hackers who "hack into sites as part of the resistance in the war with Israel."

The group has resurfaced to take part in the current campaign against Israeli websites, but it is not as active as it was in 2006. Its greatest recent accomplishment was to reroute traffic from Ynetnews, Discount Bank, and other Israeli websites to a page with an anti-Israel message.

The Israeli IT security company Beyond Security released an extensive case study of Team Evil"s 2006 attacks. Its report concluded that Team Evil demonstrated a higher degree of technical skill than typically seen in similar groups. Given the skill and commitment it has previously demonstrated, it is unclear why Team Evil has not partic.i.p.ated in the current campaign to a greater extent. It is possible the group is planning something for the future.

Cold Zero (aka Cold Z3ro or Roma Burner).

Cold Zero first gained notoriety for an attack on the Likud Party website in August 2008. He has since claimed responsibility for 5,000 website defacements, according to Gary Warner, an expert in computer forensics. He has a profile on the Arabic Mirror website, which lists 2,485 of these defacements. According to the Arabic Mirror site, 779 of these are related to the Gaza crisis.

Cold Zero is a member of Team h.e.l.l (discussed in the next section). Whereas most members of Team h.e.l.l are Saudi, Cold Zero is a Palestinian and is proficient in Hebrew. He runs a website at Zero is engaged in rivalries with other anti-Israeli hackers. He has hacked both al3sifa.com and soqor.net, leaving messages criticizing their administrators. His own website was also attacked by DNS Team, which we"ll discuss later.

According to a French-language news source published on January 9, 2009, Cold Zero was arrested by Israeli authorities. The news source identified him as a 17-year-old Israeli Arab and reported that he appeared on January 6 before the Federal Court of Haifa, where the Israeli Justice Department alleged that he attacked commercial and political sites, mentioning the Likud Party website hack, as well as an attack on the website of the Tel Aviv Maccabis basketball team. According to the same source, he worked with accomplices in Turkey, Lebanon, Saudi Arabia, and elsewhere. He was caught in a "honey pot" set up by authorities. Authorities also uncovered his ident.i.ty from a database stolen from Turkish hackers.

The information from this news report has not yet been corroborated by other sources. The last hack for Cold Zero listed on the Arabic Mirror website was recorded on January 2, 2009, after a period of high activity, suggesting an abrupt interruption to his hacking campaign. Zone-h records hundreds of websites hacked by Cold Zero in late December, followed by a lull for one month. On January 29, 2009, Cold Zero returned with a defacement of rival hackers DNS Team"s website. Cold Zero has committed no Israeli or other website defacements after late December on zone-h, lending credibility to the report of his arrest.

Team h.e.l.l (aka Team H3ll or Team Heil).

The graffiti from many websites hacked by Cold Zero name him as a member of Team h.e.l.l. Team h.e.l.l self-identifies as a Saudi-based hackers group, usually consisting of Kaspersky, Jeddawi, Dr. Killer, BlackSh.e.l.l, RedHat, Ambt, and Cold Zero.

Team h.e.l.l"s politically oriented hacks include more than just Israeli sites. In April 2007, Team h.e.l.l hacked Al-Nusra, a Palestinian-focused Jihadist website. They left a message indicating they a.s.sociated al-Nusra with religious deviancy. On websites they have defaced, Cold Zero and Team h.e.l.l have expressed support for the secular, nationalist Fatah party. This would explain why Team h.e.l.l would hack Al-Nusra, a Salafist-Jihadist website, even though it is also anti-Israel. The group has also defaced the website of the Syrian parliament.

Agd_Scorp/Peace Crew (aka Agd_Scorp/Terrorist Crew).

Agd Scorp/Peace Crew are Turkish hackers who defaced NATO and US military websites in response to Operation Cast Lead. On three subdomains of the US Army Military District of Washington website and on the NATO parliament site ( the group posted a message reading: "Stop attacks u israel and usa! you cursed nations! one day muslims will clean the world from you!" The group also used an SQL injection attack to deface the website of the Joint Force Headquarters of the National Capital Region.

Previously, the group has hacked websites belonging to a number of high-profile organizations, including the United Nations, Harvard University, Microsoft, Royal Dutch Sh.e.l.l, and the National Basketball a.s.sociation. They also attacked US military websites earlier in 2008.

Jurm Team.

Jurm Team is a Moroccan group that has partnered with both Agd_Scorp and Team Evil. They have recently defaced the Israeli portals for major companies and products, including Kia, Sprite, Fanta, and Daihatsu. Their members call themselves Jurm, Sql_Master, CyberTerrorist, Dr. Noursoft, Dr. Win, J3ibi9a, Scriptpx //Fatna, and Bant Hmida.

C-H Team (aka H-C Team).

C-H Team consists of two hackers or hacker teams: Cmos_Clr and hard_hackerz. C-H Team targets Dutch and Israeli websites, leaving threatening messages in Hebrew on the latter. Both team members are Algerian. Besides defacing sites, Cmos_Clr claims to have used a variant of the Bifrost Trojan horse to break into Israeli computers, infiltrating 18 individual machines.

Hackers Pal.

Hackers Pal is the administrator of the Hackers Hawks website and has claimed 285 defacements of Israeli websites. He is a supporter of the secular Fatah party.

Gaza Hacker Team.

Gaza Hacker Team runs the website of the same name. It is responsible for defacing the Kadima party website on February 13, 2009. The team consists of six members: Lito, Le0n, Claw, Virus, Zero code, and Zero Killer.

DNS Team.

DNS Team is an active Arab hackers team focused primarily on apolitical hacking. However, it occasionally exhibits politically motivated attacks-targeting websites in Denmark and the Netherlands during the fall of 2008 in retaliation for the cartoon controversy, and it partic.i.p.ated in recent anti-Israeli hacks. DNS Team maintains a hacking and security forum at RaBaT-SaLe! (aka Team Rabat-Sale or Team Rabat-Sala).

Team Rabat-Sale (named after the two Moroccan cities of Rabat and Sale) is unique because it has partic.i.p.ated in this campaign and garnered press coverage without actually targeting Israeli websites. Instead, the group targets a variety of websites (probably opportunistic hacks; the group seems to specialize in websites using Linux) and then leaves startling messages and Jihadist imagery. It may reason that if the whole Western world is against the citizens of Gaza, any English-language website is a conduit for their message. They have recorded 380 such defacements on the Arabic Mirror site and 196 on zone-h. Their members go by the aliases Mr. Tariklam, Mr. Sabirano, X-Diablo, Mr. Konan, and Virus T.

Team Rabat-Sale"s graffiti features the message, "For the Kids of Gaza...This Hack iS To DeFend Islam That Has Been Harrased by Denmark and USA and Israel." The defacement includes an image of a sword piercing a skull with a Star of David on it, surrounded by skulls with the US, UK, and Danish flags superimposed on them.

On another Team Rabat-Sale defacement, a Jihadist anthem commonly used as the soundtrack to insurgent videos plays in the background. It also features a picture of Osama Bin Laden, as well as a Team Rabat-Sale group logo depicting a Kalashnikov and crossed swords against a globe, with a Salafist flag waving from the barrel of the weapon. It includes an image that may imply a threat against a tractor-trailer truck. The photograph of the masked man with a laptop and a handgun by his side suggests physical violence in addition to cyber mischief.

DZ Team.

DZ Team consists of Algerian and Egyptian hackers who use the aliases AOxideA, Maxi32, Skins, The Legend, Cyb3r-Devil, and The Moorish. It first made headlines in April 2008 when it hacked the Bank of Israel website over Pa.s.sover weekend. DZ Team defaced several Israeli websites during Operation Cast Lead, including the Israeli portals of Volkswagen, Burger King, and Pepsi, the website of Israeli defense contractor BVR systems, the Kadima party website, and the Hillel Yaffe hospital website. Videos of the group"s successful defacements were posted to YouTube.

In an interview following its hack of the Bank of Israel site, members of the group reached by the press claimed they were religiously motivated: "We do everything in the name of Allah," said one of them. Although one member of DZ team expressed support for suicide bombers in the interview, another stressed that the group members were not terrorists themselves. According to the interview, one member of the team specializes in creating Trojan horses, and another, a Hebrew-speaking Egyptian, specializes in locating security breaches.

Ashianeh Security Group.

The Iranian Fars News Agency reported that the Ashianeh Security Group hacked 400 Israeli websites, including the websites of the Mossad and Israeli Defense Minister Ehud Barak. The group does not seem to partic.i.p.ate in online hacker forums. It is possibly state-supported.

Nimr al-Iraq ("The Tiger of Iraq") and XX_Hacker_XX.

Nimr al-Iraq provides advice and links to download tools on hacker forums, especially the soqor.net forum. He is credited with updating the al-Durrah distributed denial of service tool for use during Operation Cast Lead (see the next section, ). He also provided links to download a remote access tool (RAT) program called hackattack, which permits hackers to gain remote control of another person"s computer. According to his profile on soqor.net, Nimr al-Iraq is a 22-year-old Iraqi named Mohammed Sattar al-Shamari and is listed as a former moderator on that site.

XX_Hacker_XX is a moderator on soqor.net, and like Nimr al-Iraq, he provides advice and links to download tools, such as RAT programs. He is the moderator of the "hacking programs" section of the soqor.net website. His profile describes him as an 18-year-old from Kuwait.

Methods of Attack.

a.n.a.lysis of discussions on Arabic hacker forums and general pro-Jihad forums indicates that anti-Israeli hackers would like to carry out serious cyber attacks against Israeli targets. However, they do not have a demonstrated capability to carry out such attacks, and their actions have been limited to small- to mid-scale denial of service attacks and ma.s.s website defacement attacks. They may also have attempted to compromise individual computers via Trojans, particularly the Bifroze Trojan, a variant of which was developed by members of the 3asfh hacker forum. Additionally, they talk of the desire to use viruses against Israeli computers, although the kind of viruses under discussion are relatively old and many computers would already have been updated with protections against them.

Distributed denial of service (DDoS) capability.

Muslim hackers are using both indigenously developed and borrowed DDoS tools and making them available for download on hacker forums. One tool, named after Mohammed al-Durra, a Palestinian child allegedly shot and killed by Israeli soldiers in 2000, was first developed in 2006. An updated version has been provided by Nimr al-Iraq for use in the current conflict.

With the al-Durra program, a user voluntarily downloads the program and then checks to see which target websites are on Arabic hacker forums. He then plugs in the target and the program will repeatedly send requests to it. When a sufficient number of people utilize the al-Durra program against a site, they can overwhelm it and bring it down. Other DDoS tools developed by hackers outside this community, such as hack tek, are also being used.

Such tools do not require sophisticated technical skills or training. This makes them useful in a political dispute such as the Gaza crisis, when there is a very large global community willing to a.s.sist in cyber attacks against Israel but not necessarily skilled enough for more sophisticated attacks.

Website defacements.

The hackers download vulnerability scanners from hacker forums to find websites with exploitable vulnerabilities. On the Arabic hacker forums, they have discussed using a few different methods, including SQL injection, cross-site scripting (XSS), and other web server software vulnerabilities.

In most cases, they are reusing previously released exploit code to attack known vulnerabilities that the scanners identify. This is somewhat more difficult than the denial of service attacks, but it is still not considered sophisticated within the larger spectrum of hacking activities. The vulnerabilities being exploited by these hackers have already been identified, and patches and updates have been released to fix them. The only websites that are still susceptible are those whose administrators have been lax in updating their software and downloading patches. There is no evidence that this community is locating "zero day" vulnerabilities-that is, those that have not yet been discovered-at this time.

Viruses and Trojans.

Hacker forums reveal a desire to use viruses against Israeli targets, but there is no evidence of success thus far. A couple of hackers have boasted of successfully using Trojans and RATs to gain wide access to individual Israeli computers. This could give them the ability to capture pa.s.swords and other important data, facilitating financial crime and hara.s.sment. However, there is not yet much evidence that they have been successful with these tools.

© 2024 www.topnovel.cc