Multiple Israeli website were the target of a cyberattack on Thursday, their homepages replaced with an anti-Israel video and message in Hebrew and broken English: "The countdown of Israel destruction has begun since a long time ago.
"The bottom of the page credited a group called "Hackers_Of_Savior" for the attack. The page title was changed to "Be Ready for a Big Surprise" in Hebrew. The video placed on the hacked sites was uploaded to YouTube as well with the description "An universal mission completed. It is done in order to support resistance and freedom of palestine."
Visitors to the sites were asked to allow access to their cameras. The Israel National Cyber Directorate recommended that users not click any links on the damaged sites.
"This is a combined attack that tries not just to harm Israeli sites and to disturb the economy from operating, but also tries to gain personal information from users that enter these sites through control of the users' cameras, which would allow the recording of personal information and pictures of thousands of Israelis," said PR agency Zeliger Shomron's Digital Systems Operator Avitar Gat.
Lotem Finkelstein, the head of the Cyber Intelligence Department at Checkpoint Software Technologies explained that as Al-Quds Day began on Thursday, hackers from the Muslim world, including Turkey, North Africa and the Gaza Strip, began organizing to attack Israeli sites and replace them with the anti-Israel video and text. The sites were all stored on the same server in the cloud and seemingly this formed a weak point that allowed the harm to some sites on the server.
The attack occurred as Israel celebrated Jerusalem Day on the 53rd anniversary of the reuniting of Israel's capital, and as anti-Israel activists prepared for Al-Quds day which is marked with anti-Israel events around the world.
"Even though there are a large number of sites on this server, in general this is a small range," explained Finkelstein, recommending that sites use active and updated security products and recommended that users not allow the affected sites access to their cameras.
The attack was conducted by nine attackers who have been operating since April, according to Checkpoint. Their profiles seem to connect them to Turkey, North Africa and the Gaza Strip. "This doesn't mean there isn't more, but we don't know to confirm an Iranian operation at this stage," said Finkelstein.
The Israel National Cyber Directorate warned on May 13 that anti-Israel groups were expected to try and carry out coordinated cyberattacks against Israel between May 14-22 as part of the #OPJerusalem movement to mark al-Quds Day and the end of Ramadan, as well as the Israeli Jerusalem Day.
The warning by the cyber directorate added that the hackers were expected to focus on trying to vandalize Israeli websites, disseminating propaganda, ransom attacks, overloading telephone centers and disrupting online service.
uPress, a Wordpress website hosting service, was the service targeted by the attack. The affected sites were all hosted on uPress including: Bang and Olufsen Israel, a clothing brand; Bet Gabriel, a cultural center; Yad L'Ahim, an Orthodox Jewish religious organization; Hashavshevet, a company that provides accounting and inventory software; several religious Jewish high schools and post-high school programs, a sub-page of United Hatzalah's Hebrew website and Israeli photographer Israel Bardugo.
Bardugo tweeted a screenshot of the site, writing "The Iranians did something significant last night and broke into my website. It is under control - don't stress if you bought something from us recently."
A statement on the group's only Youtube video stated, "We gather here to take revenge of Zionists crimes against Palestinians who have dead or have lost their lifes, families and grounds" (spelling errors in original post).
The attack comes after Iran reportedly targeted Israeli water systems with a cyberattack in April, with Israel allegedly responding by launching a cyberattack on Iran's Shahid Rajaei Port, located near the Strait of Hormuz.
On May 11, Mohammad Rastad, managing director of the Ports and Maritime Organization (PMO), announced that a cyberattack managed to damage a number of private systems at the Shahid Rajaei Port, confirming that the attack was carried out by a foreign entity, according to Fars.
According to The New York Times, the attack on the Iranian port was a direct response to a cyberattack on Israeli water infrastructure and was meant to send a message to Iran that they shouldn’t try targeting Israel infrastructure.
The alleged Iranian cyberattack on Israeli water and sewage facilities that took place on April 24. The attack caused a pump at a municipal water system in the Sharon region of central Israel to stop working. Operation resumed shortly after, but it was recorded as an exceptional event, according to the Times.
A security company that investigated the incident found that malware caused the shutdown and the incident was reported to the Israel National Cyber Directorate and other Israeli intelligence agencies. Israeli officials found that the malware had come from one of the offensive cyberunits in the Iranian Revolutionary Guards Corps (IRGC). The attack and the quality of the attack were described as “miserable” by intelligence officials, the Times reported.
All rights reserved © The Jerusalem Post 1995 - 2020