The world has been watching as a cyberwar between Israeli and Saudi Arabian hackers has been escalating, with one blow dealt after the other. With more hacking groups and individuals entering the fray, and countless attacks going back and forth in the past 3 weeks, it’s becoming hard to keep track of who said what, when, where and how.
We’ve put together a timeline of the most significant attacks, responses and more, including the most recent attack that occurred today, in which the personal information of 4,800 Saudi Arabian credit card holders was revealed.
Saudi hacker goes after Israeli credit card holders
“This event was off the charts”
Gary Vaynerchuk was so impressed with TNW Conference 2016 he paused mid-talk to applaud us.
January 3: It all started with an attack on January 3rd. A hacker name 0xOmar, who identified himself as a member of Group XP, a team of Saudi Arabian hackers, announced that he had revealed the credit card information of over 400,000 Israeli credit card holders.
Three Israeli banks, Isracard, Leumi Card and Visa CAL, acknowledged that they had been affected by the attack and blocked the compromised cards. They were, however, also quick to refute 0xOmar’s figure of 400,000 compromised cards, stating that the figure was far closer to 15,000.
A press release from the Bank of Israel read:
Based on an initial report submitted by credit card companies to the Banking Supervision Department, the information was on a total of about 15,000 active cards, at the three credit card companies—Cal (Cartisey Ashrai Le’Israel)—Israel Credit Cards; Isracard, and Leumi Card. The Banking Supervision Department is in continuous contact with the companies in order to investigate the event, the circumstances of its occurrence, and actions being taken to deal with the occurrence.
January 5: 0xOmar shared another post on Pastebin in which he shared the information of another 11,000 credit card holders, with 60,000 more at his disposal. He also added that he had far more information available to him than had first been believed:
I’ve hacked much more than you can imagine, but I hate fake media and Zionist lobby in media and internet. If needed maybe in next time I start sharing all data I have downloaded from Israeli military contractor companies and let the world have their all documents.
Israeli hackers try to uncover 0xOmar’s identity
January 6: As would be expected, an attempt to uncover 0xOmar’s identity followed. According to the daily Ynet, an Israeli student, Amr Phadida, traced 0xOmar’s identity back to 19-year-old UAE born Omar Habib, who currently lives in Mexico, where he works in a cafe. Ynet quoted Phadida’s blog saying:
“The not-so-smart hacker made many mistakes. His biggest mistake was communicating with Israeli media outlets through a particular email address. Using this email address and some spare time, I embarked on an eight-hour journey and at the end I managed to reveal the identity of the hacker by collecting information that was scattered all over the internet, piece by piece – like a puzzle. I hope the investigation bears fruit and maybe even lead to his extradition to Israel and a trial”
On the same day, 0xOmar shared a post on Pastebin, brushing off Ynet’s claims, and even went so far as to challenge them to uncover his real identity:
From here, I challenge the world to find me, let’s the game begin. You have 2 weeks. If I come back and post another message after 2 weeks, simply you failed and I won the game.
Official statements from Israel and Hamas
January 8: Foreign Minister, Danny Ayalon spoke out against the cyber attacks on Israel. In his statement, published by Reuters, Ayalon said:
“We call on Israeli citizens to abide by (the law). Just as the Israeli government has found answers for terrorism, we will find answers to this challenge … we call on Israeli citizens not to … act as vigilantes.”
Calling the attack “a breach of sovereignty comparable to a terrorist operation,” Ayalon added:
“We will take firm action against those who compromise our security including through cyber-terrorism, and if necessary we will use international law enforcement. Cyber-terrorism is the new battleground and just as we defeated our opponents on every other field … we will defeat this as well.”
On the other hand, Hamas spokesman Sami Abu Zuhri encouraged the Saudi Arabian hackers saying:
“We, in Hamas, bless this effort and urge the Arab youth to activate and develop it; we consider that this effort has the same value as any kind of resistance means used by the Palestinian young men in the land of Palestine.
We stress our solidarity with the Arab hackers in the face of the Zionist threats and call upon the Arab youth not to pay any attention to these cowardly threats and to use all possible means through the virtual space to confront the Zionist crimes.”
According to Haaretz, an 18-year-old Israeli was arrested for using the compromised credit cards. Using several different cards, he made a few hefty online purchases, including a home cinema system, a tablet computer and a Samsung Galaxy 2 smartphone, before he was apprehended by the police.
January 9: In response to his statements, a hacker temporarily took down Ayalon’s site, with an attack that lasted about half an hour.
Israeli hacker retaliates
January 11: In retaliation for the attacks, an Israeli hacker going by the confusingly similar name, 0xOmer, revealed personal information belonging to hundreds of credit card holders from the Gulf and Iran, stating that he had information belonging to 50,000 more cards in his possession.
The information included names, phone numbers, credit card numbers and expiration dates of hundreds of cards, but OxOmer stated that he chose not to release the credit cards’ CCV number.
The Jerusalem Post added that 0xOmer’s attacks were a warning against any further attacks by Saudi hackers.
January 12: The warning did nothing but bring on the next attack by 0xOmar, in what has become a constant struggle to have the last word. Another 200 credit cards were released, with 0xOmar stating that he would continue to do so on a daily basis:
From now, I shout to all Israeli people, daily I’ll publish 200 credit cards of Israeli people. All people who’s interested in fresh working credit cards, join our movement, subscribe to our page to receive daily 200 credit cards.
True to his word, 0xOmer, along with another hacker going by the name Pr0T3cT10n, immediately revealed more information belonging to Saudi credit card holders. In the post he stated:
It’s hard to find Saudi’s Credit Cards because you have only 10 websites in your country, and 2 Online Shopping websites!
We have more than 5 million websites.
We found more than 1,000,000+ ARABIC Credit Cards, But we want to fight only in Suadi [sic],
So we need more time to sort the credit cards…
Hannibal enters the picture
January 13: As if the tennis match hacking wasn’t confusing enough, another hacker entered the mix, taking a different approach. Hannibal, describing himself as a Jew who doesn’t live in Israel, made a grandiose statement on Pastebin promising to reveal the emails and passwords of Arab users on a daily basis:
I have about 30 million e-mails of Arabs.
I intend to publish it every day for 55 years until they’re available all the platform.
( 1500 EMAILS+PASSWORDS EVERYDAY )
I do not publish credit cards, bank information and the like. Innocent civilians. Why hurt them financially?
I will destroy them with the online experience.
In a post on Pastebay 0xOmar attacked Ayalon for asking Israeli hackers not to take things into their own hands, claiming that their attacks had been unsuccessful, and called on Turkish and Arab hackers to join his cause.
January 14: The next day, Hannibal shared what he said were 2,000 more log-in details for both email and Facebook accounts, promising more to come.
January 15: Like clockwork, Hannibal shared three separate posts on Pastebin. In the first, he criticized Israeli media for downplaying his role in the attacks.
What the hell is this shit, I publish emails tens of thousands of Arabs and Muslims around the world, this is the thanks I get? I ask you, spread this link address to a forum site, some media outlets.
More knowledge annoyed me is that media in the country of Israel as YNET, MAKO, etc write i hacked about 30,000 instead of 30 million emails. This is their huge mistake
(Maybe the fail of 2012 ).
I’ve got 30 million Emails ! 30 million e-mails! 30,000,000 emails !
You Jews, Israelis, are requested to publish the list of hacked emails at any hole on the Internet to spread awareness.
He also stated that the message contained 2,000 more email and Facebook accounts.
The second post contained what Hannibal stated was the log-in information for 20,000 Facebook accounts. He also added another grandiose statement, saying:
In addition, I have 10 million bank accounts of the countries of Iran and Saudi Arab[sic]. If Iran continues to threaten Israel and already this week I will publish the private bank accounts and thus make them billions of dollars in damages estimated
Saudi hackers take down the El Al and Tel Aviv Stock Exchange sites
January 16: Almost two weeks after the first attack occurred, Saudi hackers targeted official Israeli websites, taking down the websites of both the Israeli airline El Al and the Tel Aviv Stock Exchange. The attack was carried out by 0xOmar, joined by a team identified as Nightmare.
In the meantime, Hannibal posted what he said was the log-in information for 30,000 Facebook and email accounts, while 0xOmar stated that if Ayalon apologises for his statements, attacks on Israeli sites would lessen.
Israeli hackers take down Saudi and UAE stock exchange
January 17: In retaliation for 0xOmar and Nightmare’s attack, Israeli hackers, identifying themselves as the IDF-Team, in a possible reference to the Israeli Defense Force, proceeded to take down the official stock exchange sites in Saudi Arabia and the United Arab Emirates.
Their statement on Pastebin read:
Because lame hackers from Saudi Arabia decided to launch an attack against Israeli sites such as the airport site “EL-AL” [sic] and sites of Israeli banks, today, 01/17/12
Official stock exchange site of Saudi Arabia at the following address http://www.adx.ae not be available online and is only the beginning, in addition there may be disruption to the government’s stock exchange site at the following:
If the lame attacks from Saudi Arabia will continue, we will move to the next level which will disable these sites longer term may come to weeks or even months.
You have been warned.
Speaking about the attack that took down the El Al and Tel Aviv Stock Exchange websites, an Israeli security expert told Haaretz that the attack used computers based in Israel, saying:
“A considerable part of the computers that attacked us originated in Israel. That’s precisely what a bot is. Unlike traditional viruses, these bots do a good job of hiding themselves, which is why we developed the anti-bot.”
In the meantime, Hannibal posted what he stated was the log-in information of over 10,000 email and Facebook accounts.
Israeli hackers reveal personal information of 4,800 Saudi credit card holders
January 18: In the most recent attack, yet another group of Israeli hackers has emerged, called Nuclear. According to Haaretz, Nuclear revealed information pertaining to 4,800 credit cards belong to Saudi Arabians. Nuclear stated that they were able to access the database of one of Saudi Arabia’s largest banks.
Speaking to the Jerusalem Post, the IDF Team also warned that they would retaliate in the event of another attack. A member of the team told them:
“We won’t attack for no reason. We are waiting to see if there are more attacks on Israel. Our next steps will be taken slowly… the message we wish to pass is that we are not frightened to retaliate and we won’t be frightened of continuing with the attacks.”
According to the ADX, they were experiencing technical difficulties. Abdullah Salem Al Naimi, the head of market surveillance at ADX said:
“We were doing maintenance on our website. Everything is OK and under control. We are continuously monitoring the website and following up with Etisalat.”
Israeli hacker Hannibal made two posts, the first sharing what he said was 25,000 email and Facebook account details, the second stating that he had uncovered the identity of 0xomar, stating that he is in fact a hacker from Iran who goes by the name, alm3refh.
What comes next?
With either side vowing retaliation if the other doesn’t stop first, it seems that the hackers will be caught in a never-ending, childish cycle of “You stop and I’ll stop.”
While up until now there has not been any serious repercussions as a result of the attacks, we could very well be headed in that direction as more hackers become involved in the ongoing sparring match.
It’s certainly not the first example of cyber warfare we’ve seen, but it’s more often on the official and military level. As it stands now, there’s no telling how it may escalate when the attacks are coming from independent hackers who are hell bent on having the last word.