ANT KATZ

With AFP, JTA, NITSAN SADDAN, & RE-CODE

Agence France Press reported that the country is on high alert in anticipation of attacks by the international hacker group Anonymous, which targets Israel each year on April 7 as a demonstration of solidarity with the Palestinians.

Since 2013, the group has targeted Israel each year, managing in some years to block government websites, including the ministries of defence and foreign affairs, along with sites of numerous Israeli companies, according to AFP.

“We are prepared for all forms of aggression,” an official from the Shin Bet domestic security agency told AFP. “Israel is well-protected.” In addition to shutting down websites, Anonymous has stolen data from some and hijacked others to show its own photos and videos.

Dozens of experts from government and private businesses will gather Thursday in Tel Aviv to watch for potential hacking attacks.

RIGHT: A member of the group Anonymous taking part in a National March on Washington to support Palestinians in Washington DC on 20 March 2016. (Molly Riley/Getty Images)

There are reported to be 430 Israeli companies in the cybersecurity sector, who, between them, have eight percent of the global market.

According to most Israeli researchers, the attack will fail. It won’t cause any major damage to state infrastructure or scare the Israeli public, and it definitely won’t “erase the Zionist devil from the Internet” (OPIsrael’s declared objective).

The annual operation has made Israeli users more aware of cyber risks, and acts as a sort of training day for local security companies – a somewhat positive (albeit unwanted) spinoff effect. It has made Israeli users more aware of cyber risks, and acts as a sort of training day for local security companies.

But the annual attack has another, much darker side which might have a worldwide impact in the future.

---

Launch vast attacks against Israeli websites

“The operation is organized by threat actors from mostly Muslim countries, and relies on quantity rather than quality,” writes pundit Nitsan Saddan. “Highly skilled attackers who have access to advanced tools won’t waste their time on such a fruitless attack, as the only possible gain is helping spread political propaganda. Hacking is a business, and if there’s no money to be made, most cyber mercenaries aren’t interested.

“OPIsrael’s organizers know this, so they try to enlist as many low-level operatives as they can,” he says, to launch vast attacks against Israeli websites. But even this vector requires some technical skill, he points out, “and many OPIsrael enthusiasts simply don’t have the know-how.”

Individuals who want to engage in cybercrime can get tools and training online.

“It is true that crimeware prices are plummeting, and malware costs as little as a few dozen dollars, but this is not small change for everybody,” says Saddan.

Many hacktivists come from countries with weak economies such as Indonesia, Malaysia, Syria, Egypt, etc. This places hacking beyond their financial reach. And even if they had the money, they might be refused by crimeware sellers.

New buyers might raise a shopkeeper’s suspicions, and be blocked or marked as possible moles. This, says Saddan, is where OPIsrael 2016’s organizers step in.

---

Teach a man to fish

“Unlike in previous years, #OPIsrael 2016 has a well-organized training program. It contains hacker-groups dedicated to showing newcomers the ropes. Their keyword is accessibility: If a hacktivist wants to jump in, all they need to do is join the relevant Facebook groups, follow the right Twitter accounts (which are being advertised across social media) and declare their undying hatred for Israel,” says Saddan. It is as simple as that.

Sensitive attack details and advanced tools won’t be available to these new hacktivists for reasons of operational security, but they’ll receive training (in various languages) and the other necessary tools gratis. Interactions between newcomer hacktivists and their seasoned guides resemble those found in online support forums.

Only now, instead of making use of webchat channels and other groups to practice on, there are real, Israeli targets for the hacking pupils.

This training program solves OPIsrael’s main problem — mass recruitment. It also lets everybody who wants to get into cybercrime do so, for free.

After today’s OPIsrael’s dust settles, newcomer hacktivists will come away with a new, albeit very basic, skill set that will enable them to engage in cybercrime. They will be the  next cybercriminals

OPIsrael’s unseen effect on the world

They can launch a life of cybercrime by, for example, posing as security researchers claiming to have identified an imminent attack, and request money in return for stopping the threat. Or they can launch a low-level attack as a blackmailer threatening a larger impact strike if they are not paid off.

This, says Nitsan Saddan, is OPIsrael’s unseen effect: Thousands of people receiving professional cybercrime training, which could cause an increase in the volume of worldwide low-level attacks.

Security-focused organisations will know how to treat threats such as these, but most small businesses won’t. Many small businesses fear any disruption to their business process, especially at sensitive or seasonal times. Therefore, such businesses tend to give in to a criminal’s demands, since criminals usually won’t ask for more than a few hundred or perhaps a thousand dollars in bitcoin.

And, he says, these cybercriminals probably won’t settle for hacktivism for too long, or hold their breath until 2017’s OPIsrael. Basic attack tools can easily work like gateway drugs on OPIsrael’s new graduates, who might turn to better tools and tactics and use them to threaten companies all over the world — not just in security-aware Israel.

Anonymous’ training operations could cause an increase in the volume of worldwide low-level attacks. And while these may not be considered as overly dangerous, they currently comprise the lion’s share of cyberattacks and could inflict major damage on multiple industries.

Tomorrow will tell how well Israel withstood the attacks…

• Nitsan Saddan leads Cymmetria’s threat intelligence research and manages the company’s content. He is responsible for discovering new connections between threat actors, new attacker abilities and possible risk factors, in order to help produce better enterprise-grade cyber-deception methodologies. Prior to joining Cymmetria, Saddan worked for more than a decade as a journalist and editor at Israel’s largest news publications, covering the fields of cybersecurity, IT, VC and high-tech. Reach him @NITSAN_saddan.