Mideast hackers may strike U.S. sites, FBI warns 

By Erich Luening, CNET News.com

Middle East violence is fueling an online cyberwar as hackers from both sides
of the conflict threaten government and business Web sites in the United
States, according to the FBI and industry experts.

The FBI has warned that the recent email
flooding and so-called denial-of-service attacks
that shuttered and defaced both Israeli and
Palestinian Web sites in the last month could
"spill over" to the United States.

"Due to the credible threat of terrorist acts in the
Middle East region, and the conduct of these Web attacks, (Internet users)
should exercise increased vigilance to the possibility that U.S. government
and private sector Web sites may become potential targets," said a recent
advisory from the FBI's cybercrime unit, the National Infrastructure
Protection Center.

Fairfax, Va.-based iDefense, which has been monitoring the cyberattacks by
pro-Palestinian and pro-Israeli groups, said the activity has paralleled the
increase in tensions and violence on the ground.

At least 24 sites have been hit by pro-Palestinian attackers, and at least 15
sites have been hit by pro-Israeli attackers, according to iDefense.

"This is the first instance we have seen the traditional terrorist organizations,
like Hezbollah and those with ties to (suspected terrorist Osama) bin Laden,
have actually taken part in this type of activities," said Ben Venzke, director
of intelligence production at iDefense. "These same organizations are
disseminating messages to get funds for both terrorism and hacker
campaigns.

"It is important to understand that any company that is perceived with having
any ties or connections to Israel are going to be attacked," Venzke added.

Among those hit were the sites of the Bank of Israel, the Israeli Prime
Minister, the Tel Aviv Exchange Market and the Israeli Foreign Ministry,
Venzke said. Palestinian sites have included those of the Palestinian National
Authority--the official Palestinian government body--and the Palestinian
organization Hamas.

The cyberwar, dubbed "E-jihad" by pro-Palestinians, was sparked last month
by the violence in Israel. More than 150 people, most of them Palestinian,
have died in clashes over the past five weeks.

The FBI said the method of attacks against Israeli Web sites included
automated email floods and high volumes of coordinated requests for Web
services by pro-Palestinians. Some of the documented email attacks are
believed to have involved customers of free Web-based email providers
Yahoo and Hotmail.

Venzke could not give an exact profile of the typical hacker taking part in the
current attacks, but he did say his company is aware of both sides having
extensive recruitment campaigns at hacker conventions and on university
campuses.

"In the near future, there will be a great number of people within these
organizations with just technical training, separate from those with military
training," he said.

There has been at least one threat by a pro-Palestinian hacker to carry out
distributed denial-of-service attacks, iDefense said. Current actions by both
sides run the full spectrum from system penetrations to more sophisticated
tactics.

While the FBI said there have been no indications that any specific U.S. Web
sites have been or will be targeted, iDefense warned that prime targets may
include U.S. government agencies and private companies.

"In the event that either side more actively utilizes viruses or Trojan horses, it
is unlikely that infections will remain confined to their intended targets and are
likely to pose problems for users around the world," iDefense said.
"Sympathetic hackers and others around the world are likely to begin offering
their services and jumping into the fray as the high-profile nature of the
conflict continues to grow."

The FBI has recommended certain security steps for government agencies
and private businesses. Security officials should be prepared to take
appropriate steps to prevent email flood attacks, block source email
addresses in the event of a flooding, and ensure that appropriate patches are
installed to operating systems to limit vulnerability to other denial-of-service
attack methods.