Cyber Incident Victim: Israel Missile Defense Association

On the 2nd of November 2015, the Israel Missile Defense Association (IMDA) fell victim to a cyber incident that was attributed to a group calling themselves "Anonsec." This incident involved the use of an exfiltration technique from the application server of the organization's website. The attacker claimed responsibility for the breach and posted details of the attack online. This report provides an overview of the incident based on the available information.

The attacker, identified as "Anonsec," was responsible for this cyber incident. Anonsec is a hacker group known for its involvement in various cyberattacks and its affiliation with hacktivist causes. They had previously targeted entities for political and ideological reasons, as evidenced by their hashtags and statements posted in their online article.

The attack on the Israel Missile Defense Association involved an exfiltration technique from the application server. This technique is a method used by cybercriminals to steal data from a server without detection. In this case, the attacker managed to access and extract data from the IMDA's application server, potentially gaining unauthorized access to sensitive information.

An online article posted by the attacker provided further details about the incident. The article contained a Pastebin link (http://pastebin.com/qaqADFTH), which likely contained additional information regarding the attack. However, due to the specified limitations, the content of this Pastebin link cannot be included in this report.

The article posted by Anonsec included a list of individuals claiming to be the group's official members, indicating the collective nature of their activities. They had been active since at least 2012 and were responsible for several cyber incidents.

The article also contained hashtags and statements reflecting the hacktivist motivations of the group. They expressed support for Palestine and a strong anti-Israel stance. This suggests that the attack on the Israel Missile Defense Association may have been politically motivated, aligning with the group's stated objectives.

The article included a link to a full dump of data (https://mega.nz/#!WFRR2TiQ!NYPTpWV-JU5I7wGnakBvOjEjNw50AomE8WOeOWRqEBU). This link presumably led to a repository or archive of the data that was exfiltrated from the IMDA's application server. The contents of this dump likely contained sensitive information, but without access to the linked data, specific details cannot be provided in this report.

In addition to the information posted in the online article, the attacker disclosed technical details related to the IMDA's server and database. The server was identified as running Windows 2003 or Windows XP, with the web application framework being ASP.NET and the web server being Microsoft IIS 6.0. The back-end database management system was Microsoft SQL Server 2005. These technical details provide insight into the organization's technology stack, which may have been vulnerable to the attack.

Furthermore, the attacker revealed the current user as 'ax_User' and listed a total of 80 available databases on the server. Some of the notable databases mentioned include 'ami-ami,' 'ami-directorsUnion,' 'AmiWebSearch,' and 'ariel.' It is apparent that the attacker had a deep level of access to the server, as they were able to list the available databases and potentially access their contents.

The article also contained details about the tables within some of the databases. For example, the 'ami' database included 28 tables, and specific columns and data were provided for the 'T_AdminUsers' table. The 'ami' database appeared to contain administrative user information, including usernames, passwords, and access levels. The attacker had likely accessed and retrieved this sensitive information.

Other databases mentioned in the article included 'eilamTemp,' 'electeds,' 'Eli,' 'Emails,' 'EprItems,' 'ezer,' 'galgalim,' 'gmt,' 'gmtonline,' 'guard,' and others. While specific details about the content of these databases were not disclosed, it is clear that the attacker had access to a wide range of information.

The cyber incident on the Israel Missile Defense Association on November 2, 2015, was attributed to the hacker group Anonsec. The attacker employed an exfiltration technique from the application server to compromise the organization's security. Their motivations appeared to be politically driven, as they expressed support for Palestine and exhibited an anti-Israel sentiment. The attacker disclosed technical details about the organization's server and database systems and listed available databases and tables, suggesting a deep level of access. The specific data exfiltrated from the organization's servers and the full extent of the damage caused by the breach remain undisclosed in the provided information.