Cancel
Advanced Search
KEYWORDS
CATEGORY
AUTHOR
MONTH

Please click here to take a brief survey

Install a Trojan for Israel? Uh, no Thanks.
Ethan Zuckerman, 9 Jan 09

During the conflict between Russia and Georgia this past summer, my friend Evgeny Morozov decided to study the dynamics of “cyberwar” by becoming a partisan. He lurked on Russian-language bulletin boards and followed instructions to download software that would allow him to participate in distributed denial of service attacks against Georgian websites. Some were simple webpages with a few lines of javascript designed, essentially, to press the reload button over and over. Others were slightly more sophisticated, written as .BAT files, but essentially using the same methodology. (Morozov, to be clear, isn’t especially sympathetic to the Russian cause, and it’s unlikely that his brief stint as cyberpartisan did any significant damage.)

It’s becoming increasingly common for realworld conflict to include a digital dimension, typically attacks designed to disable websites that promote the other side’s cause. In an article last summer, I questioned whether this form of activity really deserved to be called “cyberwar” as it’s not an attack on their forces or infrastructures, more analogous to graffiti than grenades. I got a lot of feedback on that story, including observations from some in the security community that there appeared to be two levels of hacking going on: the “kid’s stuff” that Morozov documented and larger attacks that some felt bore the fingerprints of commercial hacking groups like the Russian Business Network.

Against this backdrop, it’s not surprising to see hackers working in support of Israel and Palestine during the current Gaza conflict. Zone-H.org, a site that tracks website defacement and other forms of hacking, offers some interesting screenshots of US military sites defaced by Turkish hackers in support of Gazans. But what’s got cyberwar geeks buzzing is the “help-israel-win” project put together by a group of Israeli students and hackers.

help-Israel-win.jpg

The group’s website - which is moving around as pro-Palestinian hackers flood it with DDOS attacks - invites partisans to download an .exe file, install it on their computers and start it from a link on their desktop. The website - with instructions available in Hebrew, English, French, Spanish, Portuguese and Russian - doesn’t make it very clear what the tool does: “We created a project that unites the computer capabilities of many people around the world. Our goal is to use this power in order to disrupt our enemy’s efforts to destroy the state of Israel. The more support we get, the efficient we are!” In response to apparent user concerns, it includes the reassurances, “The file is harmless to your computer and could be immediately removed. There is no need for identification of any kind - anonymity guaranteed!”

Bojan Zdrnja of the Internet Storm Center has been analyzing the program and offers some good technical reasons (aside from whatever political reasons you might or might not have) to install the software. The code is obfuscated to make it harder to analyze, but he was able to determine that the program connects to one of thirteen IRC servers, where it waits for instructions for a target to attack. This is the working method used by botnets, collections of computers compromised by trojan horse software so that the botnet controller can unleash massive denial of service attacks. These attacks are usually a form of extortion - this excellent piece by Evan Ratliffe helps explain some of the economics behind the attacks and the measures some are taking to fend them off.

It appears that the “help-israel-win” folks are asking partisans to voluntarily join a botnet, which could be pointed at pro-Palestinian websites. In his analysis of the software, Zdrnja saw no evidence that the botnet was actually attacking anything - his client connected to an IRC room and waited for instructions, indefinitely. He worries, though, that the client has the ability to update itself and might currently be in a dormant state. If that’s the case, it’s easy to imagine an update that makes the software uninstallable, allowing the machine to be used as part of a botnet aimed at an arbitrary target.

In the grand scheme of things, this isn’t a huge technical development. By some estimates 1/4 of all Windows PCs are part of one or more botnets, and this new botnet would be quite modest in comparison to the commercial botnets discovered by police and system administrators. What’s interesting is the way in which citizen propaganda and hacking are coming together.

Pro-Israel netizens already have robust tools to allow them to support Israel’s political communication strategy. Give Israel Your United Support offers a downloadable tool that identifies online stories, surveys and other places where pro-Israel comments and votes can be left online. The tool urges partisans to respond to each of these stories - as anyone who’s run a media organization that reports on Israel and Palestine, stories on the conflict routinely generate 5-50x the traffic of other stories, in part due to efforts like GIYUS.

I suspect it’s a small step, conceptually, from downloading a tool that prompts you to post comments to one that controls your computer as part of a DDOS attack. There are, of course, a couple of critical differences. Join “help-israel-win” and you’re breaking the law in most jurisdictions. And you’re giving a group of Israeli hackers unprecedented access to your computer, including the ability to install software which would let them index your hard drive or attack random targets across the web. (Wouldn’t it be ironic if RBN or others had started a project based on nationalist sentiment designed to open back doors in computers to compromise them for commercial purposes?)

I’ll be very interested to see whether this idea takes off, either growing a robust botnet around this project or being adopted by other “cyberwarriors.” Whoever’s using these tools, this looks a lot like the dark side of Clay Shirky’s “ridiculously easy group forming.” It’s one thing to form groups to debate and counter opinion online - forming groups to shut down websites looks a lot like gang thuggery to me.

Thanks to Ron Deibert for pointing me to the Wired article on the “help-israel-win” project.

This piece originally appeared on Ethan Zuckerman's blog, My Heart's In Accra

Bookmark and Share


Comments

Nothing new here, standard disruptive techniques.

However, does't surprise me either than Israel are using "gang thuggery" techniques..


Posted by: Israel Must Stop on 10 Jan 09

Post A Comment

Please note that comments will remain open for only 14 days after the article is posted. While previous comments will remain visible, attempts to post new comments after this period will fail. This helps stop comment spam, so your forebearance is appreciated.

The Worldchanging comments are meant to be used for further exploration and evaluation of the ideas covered in our posts. Please note that, while constructive disagreement is fine, insults and abuse are not, and will result in the comment being deleted and a likely ban from commenting. We will also delete at will and without warning comments we believe are designed to disrupt a conversation rather than contribute to it. In short, we'll kill troll posts.

Finally, please note that comments which simply repost copyrighted works or commercial messages will be summarily deleted.

REMEMBER PERSONAL INFO?
Yes No

NAME


EMAIL ADDRESS


URL


COMMENTS



EMAIL THIS ENTRY TO:

YOUR EMAIL ADDRESS:


MESSAGE (optional):


Search Worldchanging

Worldchanging Newsletter Get good news for a change —
Click here to sign up!


Worldchanging2.0


Website Design by Eben Design | Logo Design by Egg Hosting | Hosted by Amazon AWS | Problems with the site? Send email to tech /at/ worldchanging.com
©2012
Architecture for Humanity - all rights reserved except where otherwise indicated.

Find_us_on_facebook_badge.gif twitter-logo.jpg