Qumsiyeh: A Human Rights Web

ISRAELI COMPUTER HACKERS FOILED, EXPOSED
By Michael Gillespie
For Washington Report on Middle East Affairs - Sept. 3, 2002

Israeli cyber warfare professionals targeted human rights and anti-war activists across the USA in late July and August temporarily disrupting communications, harassing hundreds of computer users, and annoying thousands more.

The Israeli hackers targeted Stephen "Sami" Mashney, an Anaheim, California, attorney active in the effort to raise awareness of the plight of Palestinians.

"People have found an alternate way to communicate through the Internet," Mashney, a Palestinian-American, told the Washington Report on Middle East Affairs, "and this attack is backfiring on the hackers. Many people are being educated."

Mashney, who co-manages a popular pro-Palestinian e-mail list hosted by Yahoo! logged onto his Internet accounts on July 31 to find hundreds of e-mail messages from angry Americans. He quickly realized that hackers had appropriated or "spoofed" his e-mail addresses and identity and sent out a message titled "Down With America" in his name. The message named and included contact  information for 16 well- known human rights activists and falsely claimed the activists wished to be  contacted by anyone desiring advice or assistance in fomenting and carrying out anti-American, anti-Christian, or anti-Jewish activities. In an obvious attempt to damage Mashney's reputation, the hackers appended his name, law office telephone number, and website address to the spurious e-mail.

As Mashney was looking up the telephone number of the local FBI office to report the hackers' crime, his phone rang. It was the FBI calling, from Washington, with questions about the forged e-mail message. Mashney later met with FBI agents in California.

"I answered all their relevant questions," said Mashney, who notes that the hackers' attacks  continued unabated for weeks and expanded to include other new and innovative methods of  harassment that were used against many other activists associated with Free Palestine and
other public and private e-mail lists.

Dr. Francis A. Boyle, professor of International Law at the University of Illinois College of Law, is a human rights activist who served on the board of Amnesty International USA. A member of Free Palestine and other activist lists, Dr. Boyle was also targeted by Israeli hackers who sent counterfeit  e-mails in his name.  Again, the hackers' intention was to sow confusion, provoke animosity, damage a reputation, and restrict ability to communicate.  When Boyle returned from a vacation in mid August, he found 55,000 e-mails waiting for him. Like Mashney, Boyle spent days sorting through the  messages, writing personal apologies to those offended by the bogus e-mails, and deleting thousands of bounced messages. Unflappable, Boyle takes it all in stride.

"You can't keep the Irish down," wrote Boyle in an e-mail message to this reporter.

Israeli hackers also targeted Dr. Mazin Qumsiyeh, associate professor at the Yale University  School of Medicine. The hackers forwarded to some 1,500 members of the Yale community e-mails  that Qumsiyeh had sent to a private list of activists. Many of his university colleagues were annoyed, but Qumsiyeh, too, feels that the hackers are doing the Zionist cause more harm than good.  Qumsiyeh said the hackers' efforts have generated new networking opportunities among activists  and groups who did not know of each other's existence before the hackers targeted them.

Monica Terazi is director of the New York office of the American Arab Anti-Discrimination  Committee (ADC). Terazi's e-mail privileges were yanked by Yahoo! for a time after hackers "spoofed" her e-mail address and identity to send a message to some 80 Yahoo! groups. Terazi, like Mashney, spoke with the FBI about the new Israeli cyber warfare tactics, which have piqued the interest of Internet communications professionals.

For a story published August 23, Terazi wrote to Wired News reporter Noah Shachtman, "While these e-mails are a nuisance, offensive and intimidating, the FBI didn't find anything illegal: There haven't been threats that rise to the level of a hate crime, no money has been stolen, public safety has not been endangered and, as far as we can tell, our computers have not been hacked or 'technically intruded into' as one agent put it."  The offensive messages are all protected by the First Amendment, said Terazi.

By mid August, the Israeli hackers had begun to target activists in Iowa, where it seems the Israeli  hackers have "technically intruded" into computers. It is also likely their helpers here have forwarded addresses from private lists to Israel. Iowa activists report that people and organizations on their private e-mail lists: family members, friends, acquaintances, media contacts, government officials, interfaith relations organizations, activists, and activist organizations suddenly found themselves receiving tens, hundreds, or thousands of anti-Arab, anti-Muslim and anti-Palestinian "spam" e-mails  per day. Many on private e-mail lists reported receiving anti-Arafat cartoons and racist diatribes,  along with e-mail that aggressively connected to a web site that took control of their computers,  turned the screen white, and made it necessary to shut down and re-start the computer.  Some also reported that their e-mail addresses had been "spoofed" and their on-line identities appropriated for the distribution of racist messages.

Darrell Yeaney, a Presbyterian campus minister who retired after serving at the University of Iowa,  is active in Friends of Sabeel, an ecumenical Christian organization that supports the ministry of  Sabeel, the center for Palestinian Ecumenical Liberation Theology.  He and his wife, Sue, now serve as co-moderators for the Middle East Peacemaking Group in Iowa. The Yeaneys report that the hackers appropriated their address and sent out spurious e-mail in their names.

Ames-based activist, author, and editor Betsy Mayfield, whose work has appeared in the  Washington Report on Middle East Affairs, was busy with plans for a mid-September Des Moines film festival, "Boundaries: The Holy Land," when the hackers turned their attentions to her computer.

Several Ames women whose only association with the crisis in the Holy Land is their commitment  to the Ames Interfaith Council (AIC) reported being shocked by the sudden appearance of  pornographic e-mail and racist diatribes on their computer screens.

Many Iowans were targeted for harassment by the hackers, and hundreds of others suffered varying degrees of inconvenience because they were somehow connected to the cause of peace and justice in the Middle  East.  Similar scenarios played out in other states across the USA.

The scale of the Israeli cyber warfare campaign, the number of targets, and the variety of techniques used, coupled with specifically targeted intrusions calculated to provide additional target addresses for the application of the hackers' various forms of harassment, suggest a sophisticated, coordinated, government- sponsored program designed to impact directly upon the communications  abilities of the human rights and pro-Palestinian anti-war activism communities in the USA.

When the Israeli hackers "spoofed" the AIC's e-mail address, they invited a response they did not  expect.  Because the AIC list was hosted by Iowa State University (ISU), because the world's first electronic digital computer was invented at ISU in a Physics Department laboratory in the early  1940s, and because he has represented the ISU Muslim Student's Association on the AIC cabinet,  ISU Physics Department computer administrator Dr. Bassam Shehadeh decided to track the hackers down.

"The hackers access the internet via an ISP called Palnet.com on the West Bank," said Shehadeh.

When Palnet.com did not respond to his repeated e-mail enquiries, Shehadeh called the company, informed their representative that Palnet facilities were being used to interfere with communications at a state institution in the USA, and demanded an explanation.  He provided information that enabled Palnet technicians to identify the phone number of the customer harassing Iowans.

"Everyone here is a victim but the hackers," said Shehadeh. "The hackers use stolen  identification to get access to Palnet."

Shehadeh said the contact line the hackers used for at least one message to the AIC list address  was an Israeli number in West Jerusalem or one of the surrounding settlements. A Palnet representative also told Shehadeh the hackers have used several lines and methods to access Palnet's facilities.

"Afterwards, the hackers compromise another service system here in the USA by passing the e-mail message with Simple Mail Transfer Protocol
(SMTP), using HELO verb.  The hackers don't  have a valid principal host but overcome that by using a bracketed Internet Protocol number
(IP address) at a location anywhere on the web. Web hosting servers tricked into transferring these e-mails include Digital Cube, Inc.,
Verizon DSL Network, and Iowa Online Web Access located in  Washington, Iowa," said Shehadeh.

Shehadeh and other computer professionals working in the USA report that ISPs and companies with IP addresses are typically very cooperative when notified that their equipment is being misused. Most act promptly to end the hackers' access.

Given widespread and systematic destruction of electronic communications facilities by the Israeli Defense Force (IDF) in the West Bank in recent months, the continued existence of Palnet facilities suggests that the Israeli government had reason to permit Palnet's continued operation and raises questions about the ability of Palnet's owners to refuse service to Israeli hackers or otherwise interfere with their activities.

This particular campaign in Israel's cyber war seemed to have been curtailed, at least temporarily,  on August 29, soon after Shehadeh tracked the hackers to the West Bank ISP and, finally, to an  Israeli phone number, while other computer professionals in the USA, along with some of the  targeted activists themselves, quietly contacted management representatives at various IP addresses  around the globe and notified them that their facilities were being abused.

"There is an organized attack underway.  Many websites hosting views critical of the US Government and the policies of Israel have been subject to various forms of harassment.  Some harassment has come in the form of forged spamming.  Other harassment has come through electronic mail and posts on Internet forums.  Many have suggested that these attacks are the work of lone individuals or pernicious non-governmental organizations.  These suggestions may be true.  However, I am aware of some information that may point the finger directly at the US Government.  I am remaining anonymous for my protection.  I have received death threats in response to my political writings.  Other sanctions have been imposed upon me as well, but I leave the details out in order to make more difficult my identification.  I am supplying you with inside information. Immediately following the 9/11 attacks, various agencies of the US Government reached out to corporate America for "help."  Various defense contractors were asked to make suggestions about what they could do to help in the "war on terror."  However, in addition to the suggestions, various intelligence and defense organizations within the US Government approached specific corporations in possession of tools that could assist a black operation that had in mind.  I do not know all of the details of this request.  However, I will share what I do know. Intelligence agencies and DISA (The Defense Information Services Agency) were interested in recruiting private corporations in an illegal effort to wage electronic warfare against US enemies.  What was meant my "US enemies" was left unclear, at least at my level of awareness, but the corporation for which I worked turned down the request out of fear of future embarrassment should the operation be revealed. I have been monitoring harassment on various Internet forums.  One individual engaged in harassment had the following IP address: 216.177.41.70.  A reverse lookup of this address at that time revealed that the IP address is owned by The Technology Advancement Group (TAG).  Visiting TAG's site, you will see that TAG is an asset of the NSA.  I speculate that TAG is one entity involved in online harassment against dissent.  This individual had access to much private information that is not publicly available, dogged forum dissidents, and in time the harassment was followed by death threats, at least in one case.  Much of the harassment had a pro-Israel tone. There is a corporation in Austin, Texas called Cycorp.  Cycorp is almost wholly dependent upon grants and contracts from the Department of Defense.  Cycorp has a product called CycSecure.  CycSecure, ostensibly, exists to provide network security.  It employs a knowledge base of rules for detecting network vulnerabilities.  Cycorp is a corporation specializing in Artificial Intelligence.  CycSecure relies upon its product, Cyc, as a knowledge base and inference engine.  The Department of Defense, DISA, and various intelligence agencies have approached Cycorp about using this tool in reverse.  Specifically, using it to attack networks.  Cycorp recently won a contract with DISA.  TAG has a DISA contract as well.  DISA wishes to use CycSecure.  I suspect that this indicates that DISA is engaged in electronic warfare against the US Government's enemies. I suspect that one source of these attacks is TAG and another source is DISA.  However, this may not be the comprehensive set of Governmental entities attacking dissent.  Several articles have come out that claim that Freedom Corps is training individuals and retirees in cyber warfare through Cyber Corp as part of its volunteer program. One other interesting note about Cycorp.  Cycorp has been proposing, to DISA, the creation of a computer center where hundreds of computers will run copies of Cyc.  Each copy of Cyc specializes in modeling a specific "terrorist."  Given the wide definition in current use for the concept "terrorist," will it be long before individual dissidents and dissident organizations have their an artificial intelligence working 24/7 on collecting information about them and predicting their actions?