All Out Cyber War: Analysis of the Middle-Eastern Conflict

Sunday, January 29, 2012

Rafal Los

0a8cae998f9c51e3b3c0ccbaddf521aa

You just can't avoid it, so I had to write it.  The escalation of rhetoric has gone past media hype and has spilled over into mainstream politics, and now onto the lips of people who should really know better than to perpetuate some of this madness.

It appears, at least on the surface of things, that the well-documented kinetic struggle between Israel and the Arab world has gone digital. 

Recently there was the typical flood of media hype like this drivel from MSNBC with the sensationalist headline "Hackers disrupt Israel's stock exchange, airline, banks"... a clear example of why the media has lost credibility because when you take a sane look at the situation the stock exchange had zero disruption: El Al had zero disruption, and the banks mentioned had zero operational disruption. 

What did happen was a DDoS (Distributed Denial of Service) attack against the stock exchange and airline websites and a hacking of banks' "marketing sites".  Really, does the truth match the headline?  I don't think so... shame on MSNBC for that.

This whole "cyber war" (and I'll get back to this naming in a minute) was started by a hacker calling himself oxOmar (making a leet-style reference to a hexadecimal representation?...

I guess that's cool now) when he hacked and exposed some 20,000 Israeli credit card numbers under the "Saudi" flag.

Of course, Israeli hackers had to retaliate, and from there the verbal escalation continued.  There was even a threat of a kinetic response by an Israeli defense minister.  This is all very, very dangerous, for a number of reasons... and the media and everyone involved should just know better.

While the hackers carrying the various nation-state flags DDoS each other, and hack each other's credit cards and e-Commerce websites to pieces, let's take a look at the real stakes here, and what's at risk:

  • Anyone with even a cursory history lesson knows this is a volatile part of the world, and that these nation-states already do not get along well.  There is a tentative tension between them, a detente if you will, in which each side knows not to provoke the other and follows the military protocols set up by the world courts and various diplomatic venues... the hackers involved in this "cyber war" aren't following any of these rules - likely because they either aren't aware of them, or simply don't care.
  • Retaliation leads to escalation, as the history books read.  Now with Hamas chiming in from the sidelines and other various groups cheering on and picking sides - this becomes a very dangerous powder-keg situation where everyone is carrying flint and can drop a spark at any time - which leads me to my next point on kinetic response...
  • Kinetic response - otherwise known as the "hit 'em with the military" response - is a dangerous bit of rhetoric to go into.  It's like carrying a gun, and knowing that once you pull it out in a situation you have 2 options - either use it, or have your bluff called and the situation ends badly for you.  This logic extends to the kinetic response we're hearing about... "If they keep hacking us, we will have no choice but to respond because this is war"... and this situation does not end well, do we really need to pull out the pistols at 10 paces to prove it?
  • Cyber War - really?  Is a DDoS, or a hacking of credit cards from a (likely) poorly-written e-commerce site, or a banking site, or somewhere else that they shouldn't have been accessible really an act of war?  If so, we have a big problem on our hands, because that would mean that virtually everyone is at war with everyone... this can't possibly be a well thought-out response, or an intellectual end.
  • Attribution is extremely critical, yet very difficult - but is the lynch-pin of sanity.  Since hackers can carry out false-flag operations with relative ease through the use of hacked systems, VPNs, and zombie machines - what guarantee does anyone have that some attacker somewhere with a grudge against both peoples isn't setting this all up from the comfort of their remote Pacific island?  Hacking a site and posting the "I am a hacker from NeverLandia" is easy, but proving that this is really the case is not only the job of the media by the people who are serving up the extremely dangerous quotes to the press and their respective governments.
  • HYPE!... this brings me back to the hype the media is generating... essentially bringing gasoline tins to the bonfire.  If something escalates to the point of a conflict where loss of life is the end-result, the media will be to blame.  The only side I'm really opposing here, is the mindless media personalities who continue to use headlines like the above mentioned title to get mouse clicks.

So please, I urge you - check your facts, tone down the rhetoric, and use sanity when reading some of this hype.  A DDoS against a website of the stock exchange (unless it's really, really, really badly architected) will likely have zero effect on its ability to execute trades and operate... and is a the same ploy used many times over to scare targets into complying with someone else's policy or thinking.

If you're a security professional you should be taking these issues to heart.  Think about your architecture, and even the cloud you're likely migrating or utilizing... what would happen in the event of such an attack against your organization? 

When the media hyped the attack against your website would you be able to look your customers in the eye and tell them that your operations weren't disrupted and it was business as usual aside from the annoyance of your site being inaccessible (assuming it's non-critical to the operation of your business)? 

Good architecture stands up to attacks that are unpredictable, and often unstoppable... and can help you trap and trace the sources of these attacks to help you get proper attribution of the attacker.

Don't lose your heads out there...

Cross-posted from Following the White Rabbit

Possibly Related Articles:
13555
Network->General
Information Security
Denial of Service Cyberwar Attacks DDoS Credit Cards hackers breach Cyber Warfare Israel FUD Rafal Los Media Saudi Arabia Middle East
Post Rating I Like this!
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia This all sounds so familiar...
1327932750
0a8cae998f9c51e3b3c0ccbaddf521aa
Rafal Los @Krypt3ia: That's probably because it echoes much of the same sentiment that you have, and have been writing about! ...or maybe it's because you read it on my main blog a while ago before it was re-printed here? :)
1327936380
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia The former, not the latter.
1327936900
0a8cae998f9c51e3b3c0ccbaddf521aa
Rafal Los @Krypt3ia: I don't think I have the ability to edit posts here ...but we should do an article that spans both blogs - would be fun :)
1327937215
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.