Israel is once again under a hack attack as Anonymous hackers hacked into government’s Supervisory, Control and Data Acquisition system website exposing employee logins to several government websites.
Hackers have uploaded working logins and password of SCADA’s employee on different social media websites, possibly the most troubling thing for the Israeli government is to take this list down.
Last week million Israeli credit cards details were leaked online by a Saudi hacker, which was described as a terrorist attack by the Israeli government and warned to hit back hackers like terrorists.
According to TheInquirer Israel’s deputy foreign minister, Danny Ayalon says that “a breach of sovereignty comparable to a terrorist operation, and must be treated as such”, adding, “Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action.”
Yesterday a Twitter account Furyofanon associated with Anonymous, posted his reaction in retaliation to those threats.
“Who wanna have some fun with israeli scada systems… #Anonymous #Antisec #OWS,” said the message that linked to a document containing the information. Similar messages were posted on twitter after credit cards hack last week.
This hack is not limited to SCADA’s website only, logins and password in the leaked file included the following domains: idf.gov.il (Israeli Defense Force) mod.gov.il (Israel’s Ministry of Defense), hy.health.gov.il (Israel’s Ministry of Health) and beijing.mfa.gov.il (Israeli Chinese Embassy).
Dramatically, there was an article at PCmag on a speech covering the third annual International Conference on Cyber Security in New York City, discussing vulnerability issues with SCADA systems. A security specialist Mr Cornell, during the speech said “It would take us 5 years and $25 million to change an SCADA system,” He also said that:
According to Cornell, in 2011 three researchers found 147 0-day SCADA vulnerabilities between them. One of the most astonishing vulnerabilities, reported by security researcher Billy Rios, was that the default administrative password of several Siemens systems was “100.” If a user tried changing this password to include a special character, it would automatically revert back to “100” because Siemens’s platform did not accept special characters. Changing this default password sounded like a no-brainer until I heard the SCADA engineer’s comment.
It is not certain if OxOmar, the hacker who hacked Israeli credit card is behind this hack, however, the SCADA hacker belongs to the same Anonymous group as the credit card hacker.