This post is also available in: heעברית (Hebrew)


Written by Joey Peleg, CEO of ICDI and Andrey Komarov, CERT-GIB Chief Technical Officer

Several pilots were started in Israel using the new BOT_TREK – real-time botnet and cyber intelligence worldwide service.

Several groups of hackers are planning a massive cyber-attack against Israel on the 7th of April and threatening to “Erase Israel from the Internet”. It seems that aggressive hacker teams will try to make this a reality by uniting under the name #oplsreal.

Cyber-attacks against Israel are nothing new as Israel has weathered millions of these attacks be it DDOS, Bots and so forth.

A spokesperson from Accessible Government online Systems, was quoted in a leading Israeli newspaper “It’s something being organized online over the past few days. What distinguishes this plan when compared to previous attacks is that it really seems to be organized by Anonymous-affiliated groups from around the world in what looks like a joining of forces. We are definitely following this and are preparing for April 7th.”

 “We are Anonymous. We are legion. We will not forgive. We will not forget. Israel, it is too late to expect us,”

This is another chapter in what is being called #opisrael, an operation that was launched during Operation Pillar of Defense and has continued since. It was reported that as part of this “operation,” details of some 600,000 users of Walla’s email were exposed in addition according to the then finance Minister Yuval Steinitz “Israel deflected 44 million cyber-attacks on government websites.

Many of the groups planning the attack are affiliated with the hacking collective known as Anonymous.

Unlike most countries, Israel is not only targeted for financial gains, it is also a target of cyber-sabotage.

On Wednesday 20 March 2013, cyber-attack crippled TV stations and banks in South Korea, some for a few hours and some are still trying to come back from this attack.

As many as 30,000 PCs in Shinhan Bank, Jeju Bank, Nonghyup Bank, the Munhwa Broadcasting Corporation, YTN and the Korea Broadcasting System (KBS) had their hard drives wiped when a virus was activated at 14.00 local time on Wednesday 20 March.

It will probably take months to investigate these breached and sanitize infected networks and machines; to this day the source of the attack is still not known.

A cyber-attack on this scale on Israel would have serious consequences; therefore major companies are already preparing themselves for these cyber-attacks by using Bot-Trek™, initially as a test pilot.

Such a cyber-attack on Israel could impact the daily activities of companies that we all depend on. On a strategic level, this could weaken our national security.

Group-IB Bot-Trek™ is a real-time botnet and cyber intelligence service that provides a direct access to compromised data and helps to prevent fraud. On the example of the ISPs, it will provide tons of cyber intelligence information on infected machines within IP ranges including public and private sector, including Socks-, spam- and DDoS-bots IP-addresses and Data leaked from corporate domains or IP-ranges (e.g. corporate e-mail accounts, intranets, etc.).

Bot-Trek™ has access to diverse intelligence sources and ultimate technologies. Bot-Trek™ uses the following data sources for compromised information gathering: Distributed network of HoneyNet traps, Sinkholed botnets, detected C&C (Command-and-Control) centers, which the hackers use for targeted attacks. This helps to extract and intercept the data and to react on the related cyber threat immediately.

Group-IB, one of the leading computer security companies, specializing in the investigation of computer crime, information security breaches, and computer forensics organized several pilot projects on Bot-Trek which will help to reduce the level of harmful and malware activities by proactive monitoring of ASN/BGP and 24/7/365 cyber intelligence.

Group-IB CERT-GIB operates as the first private computer emergency response team in Russia and is internationally known for bringing down several of the biggest Botnet masters around the globe.

Previously, several largest botnets were found and blocked by Group-IB Bot-Trek system, such as Origami (4 000 000 infected PCs) in joint operation with Ministry of Interior of Russian Federation, Dragon, Grum, Virut together with SPAMHAUS, Australian CERT and , and many others.

Last year Group-IB prevented theft from over 30,000 customers of various banks, and the number of identified and analyzed information is constantly growing.”, and more than “1.2 million infected PCs were found within the leading ISPs of different countries, which helped to stop malware, SPAM and DDOS activities”.

Bot-Trek™ will soon be followed by Cybercop; , a global counter-cybercrime system. The system is an tool which will allow the law enforcement agencies around the world to combat cybercrime during the most difficult stages of the investigative process: evidence gathering, information analysis, and perpetrator finding”.


To download the article (PDF format), click the following link:

ICDI_Group_IB_Bot trek press release i-HLS


Written and submitted by:

Joey Peleg, CEO of ICDI

Andrey Komarov, CERT-GIB Chief Technical Officer