Conflicts in the Gulf and Arabian Peninsula Heat Up The Web

Doug Bernard | Washington DC

UPDATE Jan. 13, 2012: While 0xOmar seems to have submerged, at least for the moment, he’s inspired a little like-minded payback from Israel. Tel Aviv’s Ma’Ariv newspaper is reporting that an hacker named “0xOmer“, believed to be Israeli citizen Omer Cohen, has hacked the personal credit card data of at least hundreds of Saudi citizens, perhaps more, and published them online as retribution of 0xOmar’s attack of a week ago.

The first Saudi hack that compromised at the accounts of at least 14,000 Israelis, was one of the largest ever for the region. Officials now worry about a growing tit-for-tat escalation that could move beyond just credit cards.  Writes Ma’Ariv: “Digital terror” attacks, between Israelis and Arabs and others, are not a new phenomenon, although until today the man battlefield pertained to defacing Israeli web sites. Credit card theft is also a fairly routine occurrence, but until today this was done for profit. The latest hackings have turned the theft of personal information into a media war in which the hackers try to draw attention to themselves.”

There’s nothing new about a hacker who steals credit card data and publishes it online. There’s also little new about a hack attack being launched from one nation against another.

What’s new is when one of those targeted nations labels the attack “terrorism,” or when one belligerent swipes a secret military asset of the other – all through hacking.

There are two stories here, and they may or may not be connected. But they both point to a larger fact: as tensions increase in the Middle East, the Internet is increasingly being drawn into the battles.

“A Terrorist Operation”

The first story involves continuing fallout and finger-pointing following last week’s hack of thousands of Israeli credit card holders. At least 14,000 card numbers and associated data were published Thursday and Friday on a variety of hacker-friendly sites like Pastebin. In one posting, someone called “0xOmar” took credit: “It’s 0xOmar from group-xp, greatest Saudi Arabian hacker team,” read the note, going on to boast of more than 400,000 personal accounts it had stolen from 80 Israeli websites. The credit card firm Isracard says only 25,000 accounts have been compromised, while the Israeli newspaper Haaretz reports that much of the data was outdated or redundant, leaving only around 14,000 Israelis at risk.

Screen-grab from 0xOmar's online claim of an Israeli hack attack

Even still, that’s a significant hack for a nation as security focused as Israel, and officials are taking it, and 0xOmar, very seriously. Israeli Deputy Foreign Minister Danny Ayalon Saturday described the attack as a “…breach of sovereignty comparable to a terrorist operation, and must be treated as such.” Of course, first they have to find the hacker.

While there are clearly hacker groups and radical organizations operating within the Saudi kingdom, it’s highly unusual for such groups to launch large scale attacks on foreign entities. Some analysts suggest this may have been an Iranian operation, others say Russian and North Korean elements participated, while an Israeli teenager says he’s found the real 0xOmar – a UAE citizen named Omar Habib living in Mexico (0xOmar rejects this, dismissing the teenager as “a stupid student”).

It’s also very unusual for a state to compare such an attack to terrorism. While clearly malicious, it’s not at all clear how a hack of citizen’s credit cards threatens national sovereignty or security. The United States, among other nations, is working on policies on valid responses to hack attacks, but as yet there’s no clear international standard. “The U.S. has announced that any attack on its cybernetic space would be considered a declaration of war and that it would go as far as firing missiles to respond to such an attack,” said Ayalon. “This is a good criterion for us all.”

Did Iran Just Hack the CIA?

The second story has been around for nearly a month, but has only grown less clear with time. In December, Iranian authorities announced they had captured a U.S. military drone in perfect working condition. While the U.S. was silent, Iran’s Revolutionary Guards released photos of gloating Iranians next to the RQ-170 drone (curiously with its underside and landing gear hidden.)

Soon the Christian Science Monitor had an exclusive interview with an Iranian engineer who claims he and his colleagues hacked into the drone’s navigation system and tricked it into landing in Iran without the CIA’s knowledge. (Both the CIA and the Department of Defense operate a variety of drones, depending on the mission and the plane’s capabilities).  “The GPS navigation is the weakest point,” the Monitor quotes the engineer as saying. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”

“I think it’s ridiculous,” says Fredrick Fleitz. “I think it’s in keeping with the Iranian authorities to tell tall tales about their technological know how.”

Photo released by Iran's Revolutionary Guards showing the captured U.S. drone (AP via Sepahnews)

Fleitz has worked in the intelligence field for 25 years, with tours at the CIA, State Department and House Intelligence Committee. He’s currently managing editor at Lignet.com, a private global intelligence service. Before the U.S. even admitted that the drone was real, Fleitz and others were already casting doubt on the Iranian hacking claim:

“We’ve seen this repeatedly with their nuclear program. It’s almost silly to think that the Iranians could, almost as if they’re piloting a toy plane, bring down one of our UAVs (Unmanned Aerial Vehicles). I think what happened is the vehicle had mechanical problems; but from what I know about these things, the sophistication of the electronics and the encryption on it is far beyond Iran’s capability, or that of many other nations. I just think this is something that couldn’t happen.”

At a December 12 press conference, President Barack Obama put questions over the drone’s authenticity to rest when he admitted that it was, in fact, U.S. property. “We’ve asked for it back. We’ll see how the Iranians respond,” he told reporters.

“That was what was most absurd about this,” says Fredrick Fleitz. “First of all, we shouldn’t have acknowledged that the Iranians had it because it was an intelligence asset.  But to ask them to return it; that just made our country look so foolish.”

Iran is no stranger to employing hyperbole, or outright lies, in its military claims. For example, when the U.S.S. John Stennis aircraft carrier group steamed out of the Persian Gulf recently, Tehran said it was being “chased by Iranian warships” and was fleeing to the safety of open water – an unlikely claim to say the least. For Fleitz, the engineers’ claim of hacking the drone’s GPS navigation system, or the even less likely Russia Today report that the Revolutionary Guards had actually hacked the CIA’s drone command centers in Langley, Virginia, are all part of an awkward propaganda campaign aimed mostly at the Iranian public.

That, however, doesn’t mean that Iran isn’t capable of large scale cyber attacks, or that the U.S. isn’t vulnerable. Fredrick Fleitz:

“This is basically the poor man’s method of wreaking havoc against the developed world. It doesn’t take a great investment, and this is something I fully expect the Iranians will invest in. The U.S. government has to increase its defenses…but U.S. defense contractors are taking very few steps to protect themselves. This is a weak link where our enemies can obtain information – classified or close to being classified – from companies that do business with the government. They really do not understand how sophisticated and aggressive the foreign cyber threat is. The U.S. government has a lot of vulnerabilities, and it’s vulnerable too, but I think private enterprise has really underestimated this threat.”

It will take time before we will know with any certainty whether ‘0xOmar’ actually breached online security at Israeli credit firms, or if Iranian engineers were able to commandeer the drone by hacking. But for Fleitz and many others in the Internet security field, these stories demonstrate what they’ve feared for a long time: that as the geopolitics of any particular region become increasingly tense, the Internet will reflect and perhaps even amplify those stresses.