11.21.12 9:45 AM ET
15-Year-Old Egyptian Cyber Activist Takes on Israel
Last week, when the Israel Defense Forces threatened to pull the switch on the Internet in Gaza, Nour Haridy wanted a backup plan. So the 15-year-old high-school student from Cairo went on Twitter and asked in Arabic and English for help on how Gazans could get back online in the event of a shutoff.
What happened next shows the fine line between so-called cyberactivism—or using social media and the Internet to fight an information war—and hacking, the often illegal art of breaking into websites, email accounts, and other online domains for profit, fun, or a political cause.
Haridy says he got many responses on Twitter, but the most promising were from people who said they were affiliated with Anonymous, a group of activist hackers that famously attacked the websites of the U.S. Department of Justice and companies it deemed enemies of WikiLeaks such as MasterCard and Amazon.
Haridy soon found himself talking to the Anonymous hackers through a Gaza-specific Internet Relay Chat, a secure mode of communications favored by hackers, activists, and gamers. In those first conversations, Haridy says the hackers from Anonymous agreed to create a step-by-step plan for getting online through either dial-up connection or other means if the Internet were to go down. These instructions were incorporated onto a website Haridy and other cyberactivists created for Vox Palestine to disseminate information to Gazans during the war. “They helped us a lot,” Haridy said in an interview. “Without Anonymous we would not have reached the surface.” Efforts to reach Anonymous were unsuccessful.
But while Haridy was putting the finishing touches on the Vox Palestine website, Anonymous was planning its own counter-offensive it had dubbed #OpIsrael. In a Nov. 17 YouTube message, a man in the group’s tell tale disguise of a Guy Fawkes mask read a message warning, “Israel, the angel of death has been called to your cyberspace.” The message claimed that the group had already defaced 10,000 Israeli websites, though Israeli officials dispute this number.
Haridy says he thinks what Anonymous is doing “is necessary,” but says he and his group had nothing to do with the Anonymous attacks. Indeed, the Gaza IRC has a rule urging participants not to discuss “DDOS attacks,” or hacks that disable a website by overwhelming it with requests for information.
A spokesman for the IDF declined to discuss cyberattacks against Israeli websites or Israel’s own cyber-operations in the war. On Monday, at a briefing for journalists, Israel’s ambassador to Washington, Michael Oren, said Israel used computers to text and call cellphones of Palestinians in Gaza to give warnings before airstrikes. Israel’s electronic-warfare capability includes the ability to shut down cell networks and hack into sensitive computers controlling infrastructure like power grids. So far, though, there have only been intermittent outages in Gaza, not a widespread Internet shutdown.
In recent days, Israel came under attack by a kind of malware known as “Xtreme RAT.” The RAT stands for Remote Access Trojan. If opened, the RAT will burrow into the host computer and give control of the machine to the hacker.
Aviv Raff, the chief technology officer for the Israeli cyber-security company Seculert, discovered Xtreme RAT when it infected the personal email of a soldier in the IDF’s spokesman unit and then sent the attack to other emails in that account’s personal-address folder.
One IDF official who asked not to be named because of the sensitivity of the issue said the IDF was aware of the attack, but had taken steps to make sure it did not spread to other email users.
Raff says the IP address of the server initially connected to the RAT was in Gaza, but it has since changed. He also said other targets of the RAT attack were Palestinians affiliated with the political rivals of Hamas, the party that controls Gaza and has waged the rocket war into Israel.
The latest RAT surfaced right before the Gaza conflict began, according to Raff and other Israeli officials. It was serious enough that it prompted Israel’s national police to disconnect its computer network from the Internet after only a few of its computers were infected.
The RAT in recent days has appeared in emails claiming to have urgent information about the Gaza war. “The latest element of this campaign is about the recent conflict,” Raff said. “We got an email from an Israeli politician, who sent me a sample of his email that was infected. The attack came from an IDF officer who got his Gmail account hacked,” he said. The emails urge the recipient to open an attachment related to the latest Israeli operation known as Pillar of Defense. When that attachment is opened, the trojan is unleashed, giving the adversary control of the unlucky computer, Raff said.
One of the frustrating elements for those playing defense in a cyberwar is that it’s difficult to ever know for sure who is launching the attacks. Bob Gourley, a former chief technology officer for the Defense Intelligence Agency, said, “The latest attacks could be from folks who sympathize with the Palestinians. This could be folks from Peru, Turkey, Greece, or people from the University of Southern California.”
The Xtreme RAT, Gourley said, “was fairly sophisticated,” adding that it would be “hard for your average person to do it.” But he also said the Xtreme RAT was not as sophisticated as the cyberweapons developed by advanced governments.
In the meantime, Haridy is trying to get Vox Palestine to become a hub for protests and online petitions against Israel. He says he came of age as a mass movement was forcing Egypt’s long time president, Hosni Mubarak, to step down from power: “That’s what happens when you grow up during a revolution.”