March 24, 2009

Virtual War on Hizballah

The most significant thing about this story -- and this technology -- is the way in which ordinary Israelis can now carry out DOS attacks on a declared enemy of the state. If cyber-warfare is really warfare and one of the requirements of statehood is a monopoly on "violence", what are the implications of this? The idea that the government of Israel would take action against an Israeli attacking a site maintained by Hizballah is laughable, but in general, should a state be allowing its citizens to do such things?

Last week, while trying out breaking-in tools developed by Chinese hackers, an Israeli Network security company, Applicure, brought down the Hezbollah Web site (, using no more than 10 bots, which are computers controlled by hackers.

Reports of hackers taking out Web sites by bombarding them with massive amounts of information commonly appear in the news media. But often it's hard to estimate both the magnitude of the phenomenon and the ease with which even laymen can use existing web tools.

Those attacks geared at bringing down Web sites are know as either denial of service attacks (DOS) or distributed denial of service attacks (DDOS), and make use of Botnet networks - large networks of unsuspecting computer users hijacked by hackers with viruses and Trojan horses. According to Chinese CERT (Computer Emergency Response Team), the threat on China's internal network has multiplied by 20 in 2007.

One of the most surprising things about the software used in order to take down the Lebanese militant organization's site is its interface, which is light years away from the common image of hackers dealing with complex code. The interface is very accessible and is clearly meant for everyday users, as opposed to veteran programmers.

The software enables a choice of attack possibilities, attack speed, and the number of computers the attackers wish to use in order to bring down the Web site's servers.

Applicure's South Korean partners say the price of using the software of the kind that brought down the Hezbollah site starts at about $260 a year, when using a small number of bots. Having 1,000 bots at your disposal can bring the price up to $100 a month.