The Palestinian-Israeli Cyberwar

IN SEPTEMBER 2000, Israeli teenage hackers created a website to jam Hezbollah and Hamas websites in Lebanon. The teenagers launched a sustained denial of service attack that effectively jammed six websites of the Hezbollah and Hamas organizations in Lebanon and of the Palestinian National Authority. This seemingly minor website attack sparked a cyberwar that quickly escalated into an international incident. Palestinian and other supporting Islamic organizations called for a cyber Holy War, also called a cyber-Jihad or e-Jihad.3 Soon after, hackers struck three high-profile Israeli sites belonging to the Israeli Parliament (the Knesset), the Ministry of Foreign Affairs, and an Israeli Defense Force information site.4 Later, hackers also hit the Israeli Prime Minster's Office, the Bank of Israel, and the Tel Aviv Stock Exchange.5 Although the long-term effects of the Palestinian-Israeli cyberwar are relatively minor and never presented a serious physical threat to any of the nations involved, the elements of the conflict are significant because they serve as a model for future cyber conflicts. The U.S.-China cyber skirmish of May 2001 shared similar features to the Palestinian-Israeli incident. Today it is largely forgotten that during the attack hackers came close to disrupting electricity transmissions in California.6 Had they succeeded, the cost to Californians and to the United States in national prestige and security is difficult to estimate. Chinese hackers successfully penetrated a test network of a California electric power transmission company.7 The lessons from these early cyber conflicts need to be learned to properly understand and prepare for the inevitable cyber component of future conflicts. The Cycle of Cyber Conflict The Palestinian-Israeli Hacker Conflict began in 1999, but dramatically increased following the unrest of 28 September 2000. By the end of January 2001, the conflict had struck more than 160 Israeli and 35 Palestinian sites, including at least one U.S. site. From July 1999 to mid-April 2002, 548 Israeli domain (.il) websites were defaced out of 1,295 defacements in the Middle East, and additional sites were subjected to severe denial of service attacks.8 The two main types of attacks were website defacement and distributed denial of service (DDoS). Website defacements tend to focus on high-profile political sites, such as government websites. In some cases, commercial transactions were curtailed for days because of repeated website defacements.9 Broadcast servers that hackers used to launch attacks from one side were frequently used by the opposing side to launch a similar type of attack.10 Code used to attack sites on one side was rewritten by the opposing side, which then launched a counterattack.11 The DDoS attacks shut down opposing sites for days and added to the strain on the Internet infrastructure in the region.12 Attacks were also made against companies providing telecommunications infrastructure such as AT&T, which was reportedly hired to help increase the bandwidth of targeted Israeli sites.13 One pro-Palestinian hacker by the name of Dodi defaced an Internet service provider (ISP) for Israeli senior citizens and left a message claiming that he could shut down the Israeli ISP NetVision, which hosts almost 70 percent of all the country's Internet traffic.14 On about 8 November 2001, Unity, a Muslim extremist group with ties to Hezbollah, announced that it had begun phase three of a four-phase strategy. Phase one focused on crashing official Israeli government sites. Phase two included attacks on the Bank of Israel and the Tel Aviv Stock Exchange. Phase three included targets such as the Israeli ISP infrastructure and the site for Lucent and Golden Lines, an Israeli telecommunications provider. Unity stated that it would hold off on the fourth and final phase, namely the destruction of Israeli e-commerce sites, threatening millions of dollars of losses in transactions. …