An online battle is raging between Israelis and Arabs, with each side unveiling credit card and other personal information of thousands of private citizens, as well as temporarily disabling high-profile websites, like the Tel Aviv and Saudi Arabian stock exchanges.
So far, the recent Web assaults seem to be the work of bored young people venting frustration. But others worry that these actions could easily escalate into a much larger online fight.
The hacking attacks against Israel have had a variety of targets, including the Israeli airline company El Al. But even as the airline’s website was down, El Al said its flights and schedules were not affected.
Turning online hacking into real-life turmoil is rare, says Gabriel Weimann, a professor at Israel’s Haifa University and author of Terror on the Internet. He says the recent attacks are relatively simple and commonplace in the world of hacking.
“I would argue this is a very low-level type of attack,” he says. “In terms of the potential for cyberterrorism, this is a very low-key type of attack done by individuals.”
The first attack came earlier this month from a Saudi hacker called OxOmar. By breaking into an Israeli sports website, OxOmar managed to release the credit card and personal information of thousands of Israeli nationals.
Israeli Hackers Respond
The response from a group of Israeli hackers calling themselves Israel Defenders, was swift. They released the personal information of more than 50,000 Arabs, mostly from Saudi Arabia and other parts of the Gulf.
An Israeli hacker who goes by the moniker of Ex-Omer — a Hebrew version of OxOmar — says he is part of the group that stole the Saudi credit card details.
He agreed to speak to NPR recently in a series of online chats. He says he decided to launch Israel Defenders with six friends because he wanted to take revenge.
“I saw no one was doing anything, and I knew I had to get them back,” he wrote.
But taking credit card details and crashing websites is just the beginning, says Ex-Omer. He claims he found a bug in a Saudi government website, and he hopes to tamper with government services.
That kind of hacking, says Weimann, is more complex and more dangerous.
“The recent attacks on Israel were hacking, not cyberterrorism at least so far,” he says. “They involved an individual. I guess he’s not a Saudi, and I guess his name is not Omar, and I guess he’s not alone.”
Cyberattack On Iran
Perhaps the most serious cyberattack to date was the Stuxnet virus. It was discovered in June 2010, and experts estimate the virus infected hundreds of thousands of computers worldwide.
But the apparent target was Iran — where it caused the centrifuges in the Natanz nuclear facility to spin wildly out of control and destroy themselves.
No country or individual has claimed responsibility, though speculation has focused on Israel, the United States, or a possible collaboration between the two countries.
Stuxnet, says Weimann, is an example of targeted cyberattacks carried out in a highly sophisticated manner.
For individuals or small groups, cyberattacks are attractive because they are cheap and require little equipment, Weimann says.
“If someone will not hijack planes, but sabotages the control system of airports like JFK [in New York], imagine what would happen. This is a case of cyberterrorism,” says Yaakov Lappin, a national security reporter for the Jerusalem Post and author of Virtual Caliphate, Exposing the Islamist State on the Internet. He says that Israeli officials are concerned about exactly those types of attacks.
He points to the recent targets of the hackers — the El Al airline website, the Tel Aviv Stock Exchange and credit cards — and asks what would happen if they took down the websites of emergency services or health care.
“If you look at the fact that [the radical Islamic group] Hamas issued a statement this week saying that this is a new form of resistance, and they’ve jumped on the bandwagon that in itself is going to act as a recruiting call for hackers across the Arab world to join in these constant attacks on Israeli websites,” says Lappin.
For now, he adds, the attacks are limited to a small group of hackers. But he says the jump from cybercrime to cyberterrorism is short.