Thursday, May 9, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Who attacked the Israeli government sites?

2 years ago babelfish

Who attacked the Israeli government sites?

On Monday evening, Israel suffered one of the largest cyber attacks on government websites. It did not cause serious damage, but someone very organized wanted to send a precise signal to Jerusalem. Iran and Russia are the number one suspects. Reasons? The clash in Ukraine and the agreements – disagreements – on nuclear power.

Israel is always under pressure. Tension has increased with the Russian invasion of Ukraine, as the reaction to a vast cyber attack on government sites on Monday evening inevitably documents. Since the start of the raid, a message had spread on social media and major newspapers in the country that it was alleged that the largest cyber attack on infrastructure in Israel was underway and that the national computer system had declared a state of emergency. But while taking what was happening very seriously, in the late evening the country's authorities denied that a state of emergency had been declared.

However, the cyber assault blocked several websites, in particular the ministries of the interior, health, justice and welfare, as well as that of the prime minister's office. They are all pages of the gov.il domain of Israel.

The crash lasted just over an hour, from 6.15pm to 7.30pm (Jerusalem time). The National Cyber ​​Authority and the National Cyber ​​System have declared that from 20.30 all the sites are back in profit within the country. The government network was found to be unreachable internationally for longer.

At first it wasn't clear if it was an ISP malfunction or if it was a DDoS attack – a denial of service attack – which involves sending many commands to servers which ultimately leads to the collapse of the sites.

According to information security experts, data traffic from sites on Tehila – the government's information system and navigation safety – was exceptional during those hours, which could indicate a DDoS attack.

DDoS attacks are attacks that many information security experts consider annoying, sure, but all in all simple attacks on the server load, from which it is relatively easy to recover. In attacks of this type, the hacker does not violate sensitive and potentially harmful information in case of dissemination. It "just" blacks out the sites.

Certainly a warning has been sent.

Gil Messing , a spokesperson for Israel-based Check Point Software Technologies Ltd, confirmed to Bloomberg that significant damage is unlikely to have been done: “This attack is usually done to send a message and create a lot of buzz. It is not necessarily an infiltration or an acquisition of information ”.

But then who attacked?

Israeli Communications Minister Yoaz Hendel declined to comment on the possible source with Israeli reporters. It is still early. And the hypotheses are different – even if they can be intertwined – in very delicate games.

Mike Sexton , an IT and Middle Eastern policy expert – speaking to The National – remembers that this type of denial-of-service attack is unsophisticated , but requires a significant amount of resources.

Israel and Iran were recently involved in a cyber-tit-for-tat, a low-level skirmish, so Iran is an obvious source to attribute. "But we shouldn't jump to conclusions," Sexton warns: "Iran has much more sophisticated capabilities, so I think it would be unusual for them to use this kind of primitive attack."

There is a second lead. Which could end up intersecting with the former.

Israel has offered itself as a mediator between Ukraine and Russia. While condemning the attack, he did not embrace the policy of sanctions. Prime Minister Naftali Bennet flew to Moscow in recent days to speak with Russian President Vladimir Putin , then to Berlin, by Chancellor Olaf Scholz on the same day. Even by violating Shabbat. He has repeatedly spoken on the phone with Ukrainian President Volodymyr Zelensky. Phone calls followed in the following days as well.

Another round of calls yesterday, just before the cyber attack. First an hour and a half with Putin , then with Zelensky.

And speaking of the cyber attack last night, Sexton reminds The National that “this type of attack is very characteristic of Russian patriotic hackers. We saw them use the same type of aggression against the Estonian government in 2006 ”.

Earlier in the day, Israel had publicly announced for the first time that it will respect international sanctions against Russia. In fact, Foreign Minister Yair Lapid only said the country would not give shelter to Russian oligarchs who seek to evade Western sanctions in response to the invasion of Ukraine. The ministry is coordinating the matter together with the Bank of Israel, the Ministry of Finance, the Ministry of Economy, the Airport Authority, the Ministry of Energy and others. After speaking, the Russian oligarch Abramovich , an Israeli passport targeted by sanctions, left Israel, where he had arrived less than a day earlier.

The Iranian trail appears to the Jerusalem media as the most credible. According to the Jerusalem Post, the cyberattacks are likely retaliation for an alleged failed Mossad operation against Iran. "There is no way to independently confirm the report – admits the liberal daily – Tehran often claims to have arrested the Mossad cells when in reality it is simply arresting elements of the local opposition". According to Iranian media, a statement from the Islamic Revolutionary Guard Corps intelligence unit claims that a Mossad team that was trying to carry out an act of sabotage in Fordow was arrested.

Fordow is the second most important site in terms of the volume of uranium enrichment centrifuges, after the Natanz plant. It is also important because Israeli intelligence and nuclear experts believe that it was previously intended to be the place where Iran would carry out the final stages of uranium enrichment to the 90% armed level.

A very topical issue, given that in these hours we are returning to discuss times and terms for restoring the agreement on Iran's nuclear program. Moscow continues to lead the talks. Today the Iranian foreign minister, Hossein Amir-Abdollahian, will be in Moscow. Jerusalem is very much opposed to an agreement with Iran. He does not trust. He considers it dangerous. Probably Bennet repeated it yesterday afternoon in Putin, not too far on the sidelines of the negotiations for Ukraine. Coincidentally a few hours before the cyber attack on Israeli government sites.

Moscow, on the other hand, has every interest in maintaining good relations with its Iranian partner. Especially now that the West has imposed economic sanctions on him. In fact, in recent days she has asked for written guarantees to be exempt from any sanctions linked to the war in Ukraine that could affect her future commercial relations with Iran.

Never before has the Kremlin been interested in maintaining and growing an effective Russia-Iran-China triangulation. Just to clarify, the Russian chief negotiator, Mikhail Ulyanov, praised his Iranian “colleagues”: “I am absolutely sincere about it when I say that Iran has achieved much more than one could expect. Our Chinese friends have also been very efficient and helpful as co-negotiators ”.

In this family framework, Moscow directs nuclear negotiations, and it does so – the New York Post considers astounded – "with the approval of America, while its army simultaneously transforms Ukrainian cities to rubble". For Rupert Murdoch's newspaper columnist Michael Goodwin , “ since we don't trust Putin in Ukraine and want to isolate him, why should we trust him if Iran has nuclear weapons? ".

Yet the US is longing for a deal, for the supply of oil it would put on the market. And the only identified negotiator seems to be the friend of Tehran and Beijing. Despite warnings of a third world war and nuclear Armageddon, "Joe Biden continues to let Putin negotiate terms with Iran."

Three days ago twelve ballistic missiles rained down on Erbil , injuring two civilians and causing property damage. The attack was claimed by Iran. The missiles hit the US consulate area in Iraqi Kurdistan. For the Pasdaran the stricken building was an Israeli Mossad base.

Israel and Iran have for years been embroiled in a largely silent cyber war that occasionally resurfaces to the surface. Israeli officials have also accused Iran of attempting to hack Israel's water system in 2020.

Former senior cyber authority official Rafael Franko , founder of Code Blue, said Black Shadow was behind other cyber attacks over the past weekend . He warned the country to increase cyber preparedness during this difficult time leading up to the Easter holidays, when adversaries often stage cyber attacks.

Black Shadow is an Iranian-related hacker group known in Israel. Between October and November, the collective downloaded the medical records of some 290,000 patients from an Israeli hospital. He also hacked and downloaded what he claimed was the complete database of personal information about users of the Atraf website, a gay dating service. The group uploaded the file to a Telegram channel after a ransom demand of $ 1 million in digital currency to prevent leaks went unanswered.

Much more insidious attacks, these Iranians, than the blackout of government sites, immediately restored. But yesterday's raid is no less insidious for Israel, even if only as a warning.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/mondo/chi-ha-aggredito-i-siti-del-governo-di-israele/ on Tue, 15 Mar 2022 04:35:30 +0000.