Cyber Incident Victim: Anonymous
Date:
Apr 2014
Location:
Israel
Summary
During the OpIsrael cyber campaign targeting Israeli websites, attackers affiliated with Anonymous and allied groups executed distributed denial-of-service (DDoS) attacks that temporarily disrupted government and private sites, including those of the Postal Company and Education Ministry, while also leaking purportedly outdated contact details and passwords of officials. In a counter-operation, an Israeli hacker associated with the Elite Force group infiltrated at least 16 attackers' devices, compromising credentials, capturing screenshots and webcam images of the individuals, and exfiltrating personal data—later publishing this information alongside taunting messages to undermine Anonymous's technical credibility and deter future participation in such campaigns. The incident highlighted mutual accusations of low sophistication, with the Israeli group dismissing DDoS and website defacements as inadequate hacking achievements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On April 7, 2014, the hacktivist group Anonymous launched Operation Israel (OpIsrael), a coordinated cyberattack targeting Israeli websites to mark the anniversary of a similar 2013 campaign. The loosely organized international collective announced intentions to replace website content with anti-Israel messages or disable sites through distributed denial-of-service (DDoS) attacks, threatening to "erase Israel from the Internet." During the attack, Anonymous hackers successfully disrupted several Israeli websites, including those of the Israel Postal Company and the Education Ministry, causing temporary outages. Attackers also published an online list containing phone numbers, email addresses, and passwords purportedly belonging to senior Israeli officials, though government representatives dismissed the data as outdated. Most disruptions resulted from DDoS attacks that overwhelmed sites with excessive traffic, though some private Israeli websites were also compromised through unspecified means. The attacks mirrored the 2013 OpIsrael campaign in timing and methodology, focusing on symbolic disruption rather than persistent infrastructure damage.
In response, members of the Israeli Elite Force (IEF) hacking group conducted counter-operations against Anonymous participants during the attack. A hacker using the alias Buddhax, operating under IEF, traced the IP addresses of attackers and compromised at least 16 computers used by Anonymous and allied hackers. Buddhax infiltrated these systems to capture screenshots, extract login credentials and passwords from online accounts, and activate webcams to photograph the individuals. The compromised data included Facebook profiles and other personal information, which Buddhax published on IEF's Facebook page on April 9, 2014—two days after the initial attacks. Each targeted hacker received a message stating: "Next time don’t take part in OpIsrael. We know who you are. We know where you are. Long live Israel!" Buddhax publicly framed OpIsrael as "a big failure" for Anonymous, criticizing their technical capabilities by noting their inability to prevent his counter-intrusions. He dismissed DDoS attacks and minor website defacements as unserious hacking, asserting his actions exposed Anonymous members' vulnerabilities despite his self-described moderate skill level. Many of the exposed social media accounts and personal profiles were subsequently deactivated or removed following the data leak.