Pro-Palestinian and pro-Israeli hackers are waging a cyber street-fight in a tit-for-tat exchange of posturing, threats of mass credit card exposures, and denial-of-service attacks. As Hamas has egged on hackers in recent weeks, promoting more "hacktivist" attacks against Israeli targets, pro-Israel hackers have responded in kind, today taking down the websites of stock exchanges in Saudi Arabia and the United Arab Emirates. Both sites appear to be back online.

Those site takedowns are in response to denial of service attacks yesterday (January 16) and today against the websites of the Tel Aviv Stock Exchange, First International Bank of Israel, the Israeli national airline El Al, and at least two other Israeli businesses. While El Al's and FIBI's sites have been restored, the TASE site remains unavailable. The attacks are allegedly the work of pro-Palestinian hackers, including one hacker going by the name of OxOmar claiming to be from Saudi Arabia assisted by a team calling itself "Nightmare."

"From what we've seen in the attacks we're monitoring, it seems that this was a very standard distributed denial of service (DDoS) attack," said Amichai Shulman, the chief technology officer of Imperva, a Redwood Shores, CA based security firm with offices in Tel Aviv. Some of Imperva's customers have been targeted by the attack. Shulman said the attack was most likely from an "off-the-shelf" botnet, and used a flood of HTTP requests to choke specific Web applications' ability to respond. The attack used some basic techniques to circumvent standard DDoS countermeasures—including a random number added to the HTTP resource requests to bypass caching on services such as Akamai, and get straight through to the target servers.

The attack, Shulman said, was "nothing too exotic," and similar to the many other DDoS attacks carried out daily in Israel and elsewhere. The main difference, he said, was that these were "focused and loud"—they went after several sites simultaneously, and the attackers were very public about their intentions. "Usually the people behind DDoS attacks are behind it for the money, and everyone is trying to keep it quiet—both the attackers and the people who pay them," he told Ars.

OxOmar, the alleged hacker at the center of the attacks, conducted a public recruiting effort for his "cyber war on Israel," gathering supporters from the Arab hacking community to undertake the attacks. Still, Shulman said, the attacks generated relatively little network traffic—while specific applications on Web servers were affected, the DDoS caused little disruption for the Internet service providers hosting the network connections for the servers. "At least with one of the target applications, we know that it didn't have a high incoming bandwidth to begin with, so it didn't take too much HTTP flooding before the server's pipe was jammed," he said.

Hamas, for its part, is urging others to join the attacks on Israel. In an official statement, Hamas proclaimed that "penetrating Israeli websites means opening a new field of resistance and the beginning of an electronic war against Israeli occupation."

The DDoS was apparently a follow-up to OxOmar's previous bid for fame, when he released thousands of Israeli credit card numbers gathered from a number of sources earlier this month, one of which he claimed was the Israeli news site One.co.il. While some reports estimated the number of cards exposed at about 20,000, someone claiming to be OxOmar, "from group-xp, greatest Saudi Arabian hacker team," claimed in a PasteBin post to have exposed the personal data, including credit cards, of over 400,000 Israelis, and to have 1 million credit card numbers in total. And in another breach last week, passwords and access information to industrial control (SCADA) systems were posted by a hacker claiming to be associated with Anonymous going by the handle "FuryOfAnon."

The attacks are part of a boomlet in hacktivist activity in the Middle East, according to David Marcus, the director of security research at McAfee Labs. In an interview with Ars, he said that while activity "appears to be ramping up a bit," the activity over the past few weeks is part of a long-running trend of pro- and anti-Israeli hactivisim. Hacktivist activity on both sides has been ongoing for the last few years, Marcus said, and both sides now have well-developed offensive and defensive skills.

However, the actual damage done by the attacks and breaches themselves may be relatively small. Marcus said that the stolen data posted about the Israeli SCADA systems appeared to be "not for highly critical systems" and that the threat posed was relatively low. And Shulman said that the file of credit card numbers leaked included many that had been exposed and abused months ago. He theorized that OxOmar had gathered the card numbers secondhand from forums and other sources—or perhaps even just searched for them with Google. "Some of the numbers were quite old," he said. "I don't think he was the one to break into all those apps and get those credit card numbers." There's potentially greater harm to come to card holders from the scams that follow in OxOmar's wake, using phising attacks posing as warnings from credit card companies.

The Pastebin posturing of OxOmar, however, has inspired pro-Israel hactivists to return in kind; in response to the disclosure of Israeli credit cards, a hacker going by OxOmer (a play on the alleged Saudi hacker's name) posted 200 credit card numbers from a Saudi bank, and claimed to have 300,000 more "working Saudi credit card numbers." Some reports alleged OxOmer, also referred to as "Omer Cohen," was an Israeli soldier, but in an interview with the Jerusalem Post he claimed to be a 17-year old.

Another pro-Israeli hacker, using the handle "Hannibal," posted the Facebook credentials and e-mail addresses of 30,000 "helpless Arabs" and claimed to have the email addresses of 30 million more.

Aside from rallying cyber-nationalism, the attacks are generating a great deal of publicity for the hackers who have taken a prominent role. It's also generating publicity, Shulman said, that will benefit others—especially people connected to Israel's new Cyber Command, set up last August.