Palestine Media Watch -- PMWATCH-NCACT

Palestine Media Watch

Victims of Cyber Terrorism Form A National Coalition

PMWATCH -- October 10, 2002 -- The cyber-terror attacks that have been taking place against pro-Palestinian individuals and organizations reached a new height of viciousness yesterday, with thousands of emails sent to dozens of mailing listst, including pmwatch, in the span of hours last night. People are waking up this morning to jammed mail boxes and are unable to do their work.

PMWatch has again contacted the FBI, the FCC, and is working with the Secret Service office in Philadelphia to identify the perpetrators and file criminal and civil charges against them. At this point, our aim is not only to bring a stop to this, but to make sure that the perpetrators are identified and legally punished.

We have also filed an FTC report, which will be shared with law-enforcement authorities.

Meanwhile, here are things you can do directly:

First, got to: http://spamcop.net/anonsignup.shtml and register by entering your email address to the right of the button that says, " "verify email address". This is what this does according to SpamCop: "SpamCop helps you punish spammers for sending you their junk mail. This service is free. Often, spammers lose their accounts and even get charged "cleanup fees" by their internet providers. In addition, reporting spam to SpamCop results in blacklisting the sites responsible for allowing it to be sent. Unfortunately, life is still too easy for the spammer. They sign up with new accounts as fast as we shut them down. By reporting spam, you can help to turn the tide. SpamCop makes this otherwise slow and technical task quick and easy." After you enter your email address, you will receive in your mail box an email that will show you where to forward any spam mail. The service is smart enough to examine headers and then take it from there.

In addition, you can tap into your local law enforcement.

Contact you local office of the United States Secret Service -- contact information is at: http://www.secretservice.gov/field_offices.shtml

Contact your local office of the FBI -- contact information is at: http://www.fbi.gov/contact/fo/info.htm

File a complaint with the FBI's Internet Fraud COmplaint Office: https://www.ifccfbi.gov/cf1.asp

Here are some useful articles for getting more informed:

Also, if you have been a victim of cyberattacks, please fill the form below and join the National Coalition Against Cyber Terrorism (NCACT).

Please act now. We have only ourselves to blame from now on if we sit on our hands and just let these terrorists shoot at us like turkeys in an open field.

Yours,

Ahmed Bouzid
Palestine Media Watch
http://www.pmwatch.org
(610) 993 - 0608

(MIAMI, FL - PHILADELPHIA, PA - 9/24/2002) The March For Justice, a Miami based human rights organization, in alliance with Palestine Media Watch, a Philadelphia based media watch group, along with a number of parties that are frequently targeted by cyber-terrorist attacks, announce the formation of an action coalition, The National Coalition Against Cyber Terrorism (NCACT). The new coalition is formed in response to the government's selective war on terror, with standards and enforcement based on ethnicity, race, and country. In a statement released by NCACT, Spokesperson Nidal Sakr of the March for Justice, said:

"Since our government declared its war on terrorism, terrorism by parties which the government is not targeting continues unchecked and, if caught, mildly punished. Included among the forms of terrorism is cyber terrorism. Of the many terrorist cells and plots which have been discovered by the authorities, only those in which Arabs or Muslims were suspects have been prosecuted.

Networks of Zionists and pro-Israeli terrorists have been making the bulk of the terrorist plots, which appears to provide an explanation for the government's selective prosecution. For months, supporters of Palestinians, including prominent Jewish, Muslim and Arab leaders and activists have been primary targets for pro-Israeli cyber terror.

As part of our ongoing initiatives to help law enforcement and government agencies better conduct its war on terror and serve the public, The March provided the FBI and Florida law enforcement agents with very specific data on sources and identity of the cyber terrorists. The March repeatedly demanded full investigation and prosecution of all those who are involved in the uncovered terrorist plots, but government responses so far indicate that authorities have no interest in enforcing the law or protecting the public.

As government authorities seem not to be interested in acting to protect the public, The March calls on all interested parties to join in the newly-formed National Coalition Against Cyber Terrorism, NCACT. The objective of NCACT is to advocate the public interest, safety, and security. As our government is preoccupied with inflecting more death and destruction upon much of the world, NCACT will be striving to serve the very function which the government continues to ignore of protecting the public and public interest.

To join NCACT, please fill the information below and click send. You can also contact the founders via email of by calling.

An official list of the coalition partners will be issued with a nationally coordinated agenda and will be announced directly through NCACT partners."

CONTACT:
Nidal Sakr
The March For Justice
PO. Box 249163
Coral Gables, FL 33124
Phone 305-673-4645
Fax.305-673-1452
NCACT@marchforjustice.com
http://www.marchforjustice.com

Ahmed Bouzid
Palestine Media Watch
PO. Box 628

Southeastern, PA 19399
Phone 610-993-0608
pmwatch@zworg.com
http://www.pmwatch.org

Email address
First Name
Last Name/Organization name
City
State
Country
Description of attacks

On the edge of virtual e-nsanity
By Molouk Y. Ba-Isa, Arab News Staff
http://www.arabnews.com/Article.asp?ID=18666

ALKHOBAR, 17 September — All things, good, bad and horrible, generally make it to the Kingdom. First we had the Internet, then we got spam and now we have e-mail spoofing. What is e-mail spoofing? The most basic description is that it is an appropriation of your e-mail address. Let me explain how it works.

Let’s say that you are a company — Microsoft for instance, and that you have an e-mail address, info@microsoft.com. Some nefarious person takes your e-mail address and uses it to send out false, malicious e-mail loaded with a very ugly virus as a payload. The person sends the e-mail in Microsoft’s name to journalists throughout the Middle East. Microsoft would of course be completely unaware that anything of the nasty sort was going down until their representatives started receiving unhappy telephone calls from people who insanely opened the e-mail attachment without scanning it first. They had naively considered Microsoft to be a "trusted source."

Think this is the stuff of fiction? Time for a reality check, folks. This is a true incident, which happened on Sept. 1. The e-mail had the header "salam" and was purportedly from Microsoft Inc. More than half the addresses on the recipients’ list belonged to journalists at Arab News. Initial investigations have shown that the individual who sent the mail had some professional training. The person attached a variant of a known virus hours before the fix was available. Although the criminal was creative, unfortunately the virus chosen came with a .exe extension. Frankly, I wouldn’t open a .exe attachment even if it came from my mother. Many networks won’t allow the opening of such attachments, either stripping them from the e-mail or rejecting the mail completely, so lots of people never received the virus at all. Microsoft was not too happy about the abuse of their e-mail address. I was informed that they have launched an investigation. Maktoob.com, which handles my public e-m! ail, told me that the spoofed mail came from an IP address in Azerbaijan, but this really means nothing.

E-mail spoofing is the forgery of an e-mail header or "From" section on an e-mail so the message seems to have come from someone or somewhere other than the actual source. E-mail spoofing works because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication methodology. Although an SMTP service extension allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the right knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn’t write.

There is nothing that a personal user can do at this time to prevent e-mail spoofing. Internet service providers (ISPs) and network managers can help control this problem, but in the Kingdom few have the correct security measures in place. With this bleak assessment what can individuals do? First, contact your ISP and express your concerns about Internet spoofing. Next, always remember that e-mail has the potential to be fraudulent and use a back-up for very important correspondence. I personally make sure, that every important e-mail I receive is backed up by a signed fax. For example, if a company wants me to publish their quarterly results, I must receive the information by both fax and e-mail. Some people believe this system is neurotic but until electronic signatures become common, I can’t think of a safer method.

If you do receive an e-mail that you believe is fraudulent, do not hesitate to pick up the telephone and contact the individual involved. The Washington Report on Middle East Affairs, ran an article on Sept. 3, by Michael Gillespie, titled, "Israeli computer hackers foiled, exposed."

The Washington Report story told how the e-mail addresses of dozens of human rights and anti-war activists had been abused by Israeli hackers during the months of July and August. For example, Israeli hackers targeted Stephen "Sami" Mashney, an Anaheim, California, attorney who has publicized the plight of Palestinians. According to Gillespie: "Mashney, who co-manages a popular pro-Palestinian e-mail list hosted by Yahoo! logged onto his Internet accounts on July 31 to find hundreds of e-mail messages from angry Americans. He quickly realized that hackers had appropriated or "spoofed" his e-mail addresses and identity and sent out a message titled "Down With America" in his name. The message named and included contact information for 16 well-known human rights activists and falsely claimed the activists wished to be contacted by anyone desiring advice or assistance in fomenting and carrying out anti-American, anti-Christian, or anti-Jewish activities. In an obvious attempt to ! damage Mashney’s reputation, the hackers appended his name, law office telephone number, and website address to the spurious e-mail."

Investigations into the attacks were launched. Management representatives at various ISPs around the world were contacted and they were informed that their equipment was being abused. Some of the attacks originated from a West Bank ISP reached on dial-up from an Israeli telephone number.

Interestingly, while Internet spoofing is immoral, it’s not illegal in the Kingdom. Just as there are no local laws to prosecute those who might spam you, there is little you or the authorities could do to someone who stole your e-mail address. Where is that legislation we’ve all been waiting for? If it isn’t approved soon we’ll be pushed right over into virtual e-nsanity.

(Comments to baisa@maktoob.com)

Israeli Computer Hackers Foiled, Exposed

By Michael Gillespie

For Washington Report on Middle East Affairs

9/03/02 - 1,542 words

Israeli cyber warfare professionals targeted human rights and anti-war activists across the USA in late July and August temporarily disrupting communications, harassing hundreds of computer users, and annoying thousands more.

The Israeli hackers targeted Stephen "Sami" Mashney, an Anaheim, California, attorney active in the effort to raise awareness of the plight of Palestinians.

"People have found an alternate way to communicate through the Internet," Mashney, a Palestinian-American, told the Washington Report on Middle East Affairs, "and this attack is backfiring on the hackers. Many people are being educated."

Mashney, who co-manages a popular pro-Palestinian e-mail list hosted by Yahoo! logged onto his Internet accounts on July 31 to find hundreds of e-mail messages from angry Americans. He quickly realized that hackers had appropriated or "spoofed" his e-mail addresses and identity and sent out a message titled "Down With America" in his name. The message named and included contact information for 16 well-known human rights activists and falsely claimed the activists wished to be contacted by anyone desiring advice or assistance in fomenting and carrying out anti-American, anti-Christian, or anti-Jewish activities. In an obvious attempt to damage Mashney's reputation, the hackers appended his name, law office telephone number, and website address to the spurious e-mail.

As Mashney was looking up the telephone number of the local FBI office to report the hackers' crime, his phone rang. It was the FBI calling, from Washington, with questions about the forged e- mail message. Mashney later met with FBI agents in California.

"I answered all their relevant questions," said Mashney, who notes that the hackers' attacks continued unabated for weeks and expanded to include other new and innovative methods of harassment that were used against many other activists associated with Free Palestine and other public and private e- mail lists.

Dr. Francis A. Boyle, professor of International Law at the University of Illinois College of Law, is a human rights activist who served on the board of Amnesty International USA. A member of Free Palestine and other activist lists, Dr. Boyle was also targeted by Israeli hackers who sent counterfeit e-mails in his name. Again, the hackers' intention was to sow confusion, provoke animosity, damage a reputation, and restrict ability to communicate. When Boyle returned from a vacation in mid August, he found 55,000 e-mails waiting for him. Like Mashney, Boyle spent days sorting through the messages, writing personal apologies to those offended by the bogus e-mails, and deleting thousands of bounced messages. Unflappable,

Boyle takes it all in stride.

"You can't keep the Irish down," wrote Boyle in an e-mail message to this reporter.

Israeli hackers also targeted Dr. Mazin Qumsiyeh, associate professor at the Yale University School of Medicine. The hackers forwarded to some 1,500 members of the Yale community e- mails that Qumsiyeh had sent to a private list of activists. Many of his university colleagues were annoyed, but Qumsiyeh, too, feels that the hackers are doing the Zionist cause more harm than good. Qumsiyeh said the hackers' efforts have generated new networking opportunities among activists and groups who did not know of each other's existence before the hackers targeted them.

Monica Terazi is director of the New York office of the American Arab Anti-Discrimination Committee (ADC). Terazi's e-mail privileges were yanked by Yahoo! for a time after hackers "spoofed" her e-mail address and identity to send a message to some 80 Yahoo! groups. Terazi, like Mashney, spoke with the FBI about the new Israeli cyber warfare tactics, which have piqued the interest of Internet communications professionals. For a story published August 23, Terazi wrote to Wired News reporter Noah Shachtman, "While these e-mails are a nuisance, offensive and intimidating, the FBI didn't find anything illegal: There haven't been threats that rise to the level of a hate crime, no money has been stolen, public safety has not been endangered and, as far as we can tell, our computers have not been hacked or 'technically intruded into' as one agent put it." The offensive messages are all protected b! y the First Amendment, said Terazi.

By mid August, the Israeli hackers had begun to target activists in Iowa, where it seems the Israeli hackers have "technically intruded" into computers. It is also likely their helpers here have forwarded addresses from private lists to Israel. Iowa activists report that people and organizations on their private e-mail lists: family members, friends, acquaintances, media contacts, government officials, interfaith relations organizations, activists, and activist organizations suddenly found themselves receiving tens, hundreds, or thousands of anti-Arab, anti-Muslim and anti-Palestinian "spam" e-mails per day. Many on private e- mail lists reported receiving anti-Arafat cartoons and racist diatribes, along with e-mail that aggressively connected to a web site that took control of their computers, turned the screen white, and made it necessary to shut down and re-start the computer. Some also r!eported that their e-mail addresses had been "spoofed" and their on-line identities appropriated for the distribution of racist messages.

Darrell Yeaney, a Presbyterian campus minister who retired after serving at the University of Iowa, is active in Friends of Sabeel, an ecumenical Christian organization that supports the ministry of Sabeel, the center for Palestinian Ecumenical Liberation Theology. He and his wife, Sue, now serve as co-moderators for the Middle East Peacemaking Group in Iowa. The Yeaneys report that the hackers appropriated their address and sent out spurious e-mail in their names.

Ames-based activist, author, and editor Betsy Mayfield, whose work has appeared in the Washington Report on Middle East Affairs, was busy with plans for a mid-September Des Moines film festival, "Boundaries: The Holy Land," when the hackers turned their attentions to her computer.

Several Ames women whose only association with the crisis in the Holy Land is their commitment to the Ames Interfaith Council (AIC) reported being shocked by the sudden appearance of pornographic e-mail and racist diatribes on their computer screens.

Many Iowans were targeted for harassment by the hackers, and hundreds of others suffered varying degrees of inconvenience because they were somehow connected to the cause of peace and justice in the Middle East. Similar scenarios played out in other states across the USA.

The scale of the Israeli cyber warfare campaign, the number of targets, and the variety of techniques used, coupled with specifically targeted intrusions calculated to provide additional target addresses for the application of the hackers' various forms of harassment, suggest a sophisticated, coordinated, government-sponsored program designed to impact directly upon the communications abilities of the human rights and pro- Palestinian anti-war activism communities in the USA.

When the Israeli hackers "spoofed" the AIC's e-mail address, they invited a response they did not expect. Because the AIC list was hosted by Iowa State University (ISU), because the world's first electronic digital computer was invented at ISU in a Physics Department laboratory in the early 1940s, and because he has represented the ISU Muslim Student's Association on the AIC cabinet, ISU Physics Department computer administrator Dr. Bassam Shehadeh decided to track the hackers down.

"The hackers access the internet via an ISP called Palnet.com on the West Bank," said Shehadeh.

When Palnet.com did not respond to his repeated e-mail enquiries, Shehadeh called the company, informed their representative that Palnet facilities were being used to interfere with communications at a state institution in the USA, and demanded an explanation. He provided information that enabled Palnet technicians to identify the phone number of the customer harassing Iowans.

"Everyone here is a victim but the hackers," said Shehadeh. "The hackers use stolen identification to get access to Palnet."

Shehadeh said the contact line the hackers used for at least one message to the AIC list address was an Israeli number in West Jerusalem or one of the surrounding settlements. A Palnet representative also told Shehadeh the hackers have used several lines and methods to access Palnet's facilities.

"Afterwards, the hackers compromise another service system here in the USA by passing the e-mail message with Simple Mail Transfer Protocol (SMTP), using HELO verb. The hackers don't have a valid principal host but overcome that by using a bracketed Internet Protocol number (IP address) at a location anywhere on the web. Web hosting servers tricked into transferring these e-mails include Digital Cube, Inc., Verizon DSL Network, and Iowa Online Web Access located in Washington, Iowa," said Shehadeh

Shehadeh and other computer professionals working in the USA report that ISPs and companies with IP addresses are typically very cooperative when notified that their equipment is being misused. Most act promptly to end the hackers' access.

Given widespread and systematic destruction of electronic communications facilities by the Israeli Defense Force (IDF) in the West Bank in recent months, the continued existence of Palnet facilities suggests that the Israeli government had reason to permit Palnet's continued operation and raises questions about the ability of Palnet's owners to refuse service to Israeli hackers or otherwise interfere with their activities.

This particular campaign in Israel's cyber war seemed to have been curtailed, at least temporarily, on August 29, soon after Shehadeh tracked the hackers to the West Bank ISP and, finally, to an Israeli phone number, while other computer professionals in the USA, along with some of the targeted activists themselves, quietly contacted management representatives at various IP addresses around the globe and notified them that their facilities were being abused.