Experts say Today’s Hacks are Not Iranian Retaliation to Cyber Attack blamed on Israel

Recent hours have seen Israeli media reports on a major cyberattack on Israeli computers. Though it may be an interesting topic due to the allegations of Iranian involvement, it is imprecise to call it a major attack. The current attack is utilizing two well known techniques: distributed denial-of-service (DDOS) and defacement. In both cases we are dealing with very simple attacks that are mostly used by web activists and not even the sophisticated ones.

Israeli media is reporting on thousands of attacks on websites owned by small and medium-sized businesses, several municipalities, a veteran tech news site and a handful of trendy Tel Aviv restaurants that were quick to alert their clients about the breach. Though one cannot discount the economic damage suffered by the businesses, the attack is considered a small one according to cybersecurity company Checkpoint.

Illustrative image of a hacker. Photo: Shutterstock

The attack we are experiencing is part of a series of attacks that began 10 years ago under the hashtag #Opisrael, in which activists associated with the Anonymous network started targeting Israeli websites or sites that are associated with Israel. The attack became an annual tradition and is carried out every April. Several years ago, the hacktivists invented a new day and a new hashtag #OpJerusalem, commemorating Quds Day, Arabic for Jerusalem, an annual pro-Palestinian event initiated by Iran.

In both cases, we are dealing with attacks that are not directly organized by states, but rather by independent activists inspired by Anonymous members, many of whom are no longer active after being arrested years ago. The ones carrying out today’s attacks are for the most part amateur hackers indicated by their relatively primitive and easy to thwart methods.

“Defacement attacks are considered the lowliest type of hacks and there exists a range of automated tools to deflect them. There is little technical knowledge needed to conduct them and often they are carried out by teenagers,” cybersecurity expert Noam Rotem told Calcalist. “Such attacks have little value beyond propaganda and should be taken in proportion. There is very little likelihood that this rudimentary attack is part of a significant, state-backed effort.”

Noam Rotem. Photo: Ohad Zweigenberg

Rotem is not alone in his assessment. Experts from ESET Cyber Security said the attack “is an extension of the trend of anti-Israel hackers trying to show off by hacking Israeli websites and institutions. Website defacement is the simplest of attacks and can be easily overcome and the website restored. That said, the attacks impact public awareness, especially if the websites are accessed by millions of people around the world,” they said.

“Today we are witnessing a coordinated effort by hackers in the Muslim world (most likely Turkey, North Africa and the Gaza Strip) to attack Israeli websites and substitute their content with threatening anti-Israeli messages. All the sites seem to be hosted on the same cloud server, which was apparently the breach point,” said Lotem Finklestein, Checkpoint’s threat intelligence group manager.

The only risk to innocent users is that on the hacked sites there is a pop-up asking them to open their cameras. It is important not to press the link, which can allow hackers to infiltrate the device. Beyond that, users should make sure their computer or smartphone’s operating system and antivirus programs are up to date.

It’s important to note that we are not dealing with an Iranian response to the military cyberattack attributed to Israel in recent weeks. This is the action of individual actors who organized via social networks and do not constitute the vanguard in a major attack