The following private industry notification was sent out to InfraGard members on March 30, 2015. The notification was mentioned in a post by Brian Krebs but was not published.
FBI Cyber Division Private Industry Notification
- PIN 150330-001
- 3 pages
- TLP: GREEN
- March 30, 2015
As of early March 2015, several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites. The FBI assesses members of at least two extremist hacking groups are currently recruiting participants for the second anniversary of the operation, which started on 7 April 2013, and coincides with Holocaust Remembrance Day. These groups, typically located in the Middle East and North Africa, routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations.
While the threat to US-based infrastructure is assessed as low for well-maintained and updated systems, the FBI is using the Private Industry Notification (PIN) as a method of notifying possible targeted entities.
FBI and private cybersecurity industry analysis of previous extremist hacker campaigns and operations indicate these groups are capable of low-level Distributed Denial of Service (DDoS)1 attacks and Web site defacements. The most likely targets for the campaign are Israel-based systems or the systems of worldwide Jewish-oriented organizations like synagogues or cultural centers. Based on historical targeting preferences, the attackers will likely focus primarily on Israeli financial institutions, but may also target Israeli media outlets.
Given the perceived connections between the Government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable US-based financial targets or Jewish-oriented organizations within the United States. Based on historical attacks, the FBI assesses that attacks which may spawn from #OpIsrael to target US-based systems will likely constitute only a small percentage of overall activity.
The FBI assesses Web site defacements are the most likely method by which #OpIsrael participants will be successful against their targets. While most Web sites maintain up-to-date content management software, the ease with which attackers can exploit known or un-patched vulnerabilities makes this the more likely vector. Sites which maintain updated systems will not likely be impacted by defacement operations.
The FBI assesses most DDoS attempts made by #OpIsrael actors will have little to no effect on targeted Web sites, due to traditionally disorganized attacks, and existing DDoS mitigation measures in-place by potential victims. Historically, anti-Israel DDoS operations have failed to gain significant traction given competing priorities for the groups and individuals involved, and the limited number of participants who could organize to conduct successful DDoS campaigns.
In general, extremist hacktivism cyber attacks may result in denial of service, defacement of a Web site, and compromise of sensitive information, which may lead to harassment and identity theft. Precautionary measures to mitigate a range of potential extremist hacktivism cyber threats include:
– Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
– Scrutinize links contained in email attachments.
– Regularly mirror and maintain an image of critical system files.
– Encrypt and secure sensitive information.
– Use strong passwords, implement a schedule for changing passwords frequently, and avoid reusing passwords for multiple accounts.
– Enable network monitoring and logging where feasible.
– Be aware of social engineering tactics aimed at obtaining sensitive information.
– Securely eliminate sensitive files and data from hard drives when no longer needed or required.
– Establish a relationship with local law enforcement and participate in IT security information sharing groups for early warning of threats.