[Infowarrior] - Wage Cyberwar Against Hamas, Surrender Your PC

[Richard Forno]

Wage Cyberwar Against Hamas, Surrender Your PC
By Noah Shachtman EmailJanuary 08, 2009 | 1:10:27 PMCategories: Info  
War, Sabras

http://blog.wired.com/defense/2009/01/israel-dns-hack.html

A group of Israeli students and would-be cyberwarriors have developed  
a program that makes it easy for just about anyone to start pounding  
on pro-Hamas websites. But using this "Patriot" software, to join in  
the online fight, means handing over control of your computer to the  
Israeli hacker group.

"While you're running their program, they can do whatever they want  
with your computer," Mike La Pilla, manager of malicious code  
operations at Verisign iDefense, the electronic security firm.

The online collective "Help Israel Win" formed in late December, as  
the current conflict in Gaza erupted. "We couldn't join the real  
combat, so we decided to fight Hamas in the cyber arena," "Liri," one  
the group's organizers, told Danger Room.

So they created a simple program, supposedly designed to overload  
Hamas-friendly sites like qudsnews.net and palestine-info.info. In  
recent years, such online struggles have become key components in the  
information warfare that accompanies traditional bomb-and-bullets  
conflicts. Each side tries to recruit more and more people -- and more  
and more computers -- to help in the network assaults. Help Israel Win  
says that more than 8,000 people have already downloaded and installed  
its Patriot software. It's a small part of a larger, increasingly  
sophisticated propaganda fight between supporters of Israel and Hamas  
that's being waged over the airwaves and online.

Help Israel Win, which has websites in Hebrew, English, Spanish,  
French, Russian and Portugese, doesn't say much about how the program  
functions -- only that it "unites the computer capabilities of many  
people around the world. Our goal is to use this power in order to  
disrupt our enemy's efforts to destroy the state of Israel. The more  
support we get, the more efficient we are."

Analysis from iDefense and the SANS Institute, however, reveals that  
computer users put their PCs at risk when they run the Patriot  
software. The program connects a computer to one of a number of  
Internet Relay Chat (IRC) servers. Once the machine is linked up, Help  
Israel Win can order it to do just about anything.

The Patriot program does something "fishy," SANS Institute security  
specialist Bojan Zdrnja said, by retrieving "a remote file and  
sav[ing] it on the local machine as TmpUpdateFile.exe." That could  
easily be a "trojan," Zdrnja said, referring to a program that sneaks  
malicious code onto a computer.

"While at the moment it does not appear to do anything bad (it just  
connects to the IRC server and sites there -- there also appeared to  
be around 1,000 machines running this when I tested this) the owner  
can probably do whatever he wants with machines running this," Zdrnja  
wrote.

Liri, with Help Israel Win, conceded that "the Patriot code could be  
used as a trojan. However, "practically it is not used as such, and  
will never be."

"The update option is used to fix bugs in the client, and not to  
upload any malicious code... never have and never will," Liri said.  
"The project will close right after the war is over, and we have given  
a fully functional uninstaller to [remove] the application."

It's also unclear how much the Patriot program is really helping the  
Israeli side in the online information war.

La Pilla has been monitoring Help Israel Win's IRC servers for days.  
"They didn't make us download and install anything. Didn't make us  
[attack] anybody. I was basically just sitting idle on their network."  
The group claims to have shut down sarayaalquds.org and qudsvoice.net.  
But, as of now, the rest of the group's pro-Hamas targets remain  
online. Meanwhile, Help Israel Win has had to shift from website to  
website, as they come under attack from unknown assailants.