Part 3 (1/2)

Team Evil.

Team Evil gained widespread notoriety for defacing thousands of websites in 2006 in protest of Israel's military activities in the Gaza Strip and Lebanon. The group defaced more than 8,000 websites between June and November 2006. In addition to Israeli and Western sites, this tally also included websites a.s.sociated with the governments of China, Saudi Arabia, and Indonesia. In all, Team Evil defaced 171 significant websites, according to records on zone-h (panies, NGOs, and political parties. When Ynetnews contacted the group, its members told the paper that they were Moroccan hackers who ”hack into sites as part of the resistance in the war with Israel.”

The group has resurfaced to take part in the current campaign against Israeli websites, but it is not as active as it was in 2006. Its greatest recent accomplishment was to reroute traffic from Ynetnews, Discount Bank, and other Israeli websites to a page with an anti-Israel message.

The Israeli IT security company Beyond Security released an extensive case study of Team Evil's 2006 attacks. Its report concluded that Team Evil demonstrated a higher degree of technical skill than typically seen in similar groups. Given the skill and commitment it has previously demonstrated, it is unclear why Team Evil has not partic.i.p.ated in the current campaign to a greater extent. It is possible the group is planning something for the future.

Cold Zero (aka Cold Z3ro or Roma Burner).

Cold Zero first gained notoriety for an attack on the Likud Party website in August 2008. He has since claimed responsibility for 5,000 website defacements, according to Gary Warner, an expert in computer forensics. He has a profile on the Arabic Mirror website, which lists 2,485 of these defacements. According to the Arabic Mirror site, 779 of these are related to the Gaza crisis.

Cold Zero is a member of Team h.e.l.l (discussed in the next section). Whereas most members of Team h.e.l.l are Saudi, Cold Zero is a Palestinian and is proficient in Hebrew. He runs a website atand soqor.net, leaving messages criticizing their administrators. His own website was also attacked by DNS Team, which we'll discuss later.

According to a French-language news source published on January 9, 2009, Cold Zero was arrested by Israeli authorities. The news source identified him as a 17-year-old Israeli Arab and reported that he appeared on January 6 before the Federal Court of Haifa, where the Israeli Justice Department alleged that he attacked commercial and political sites, mentioning the Likud Party website hack, as well as an attack on the website of the Tel Aviv Maccabis basketball team. According to the same source, he worked with accomplices in Turkey, Lebanon, Saudi Arabia, and elsewhere. He was caught in a ”honey pot” set up by authorities. Authorities also uncovered his ident.i.ty from a database stolen from Turkish hackers.

The information from this news report has not yet been corroborated by other sources. The last hack for Cold Zero listed on the Arabic Mirror website was recorded on January 2, 2009, after a period of high activity, suggesting an abrupt interruption to his hacking campaign. Zone-h records hundreds of websites hacked by Cold Zero in late December, followed by a lull for one month. On January 29, 2009, Cold Zero returned with a defacement of rival hackers DNS Team's website. Cold Zero has committed no Israeli or other website defacements after late December on zone-h, lending credibility to the report of his arrest.

Team h.e.l.l (aka Team H3ll or Team Heil).

The graffiti from many websites hacked by Cold Zero name him as a member of Team h.e.l.l. Team h.e.l.l self-identifies as a Saudi-based hackers group, usually consisting of Kaspersky, Jeddawi, Dr. Killer, BlackSh.e.l.l, RedHat, Ambt, and Cold Zero.

Team h.e.l.l's politically oriented hacks include more than just Israeli sites. In April 2007, Team h.e.l.l hacked Al-Nusra, a Palestinian-focused Jihadist website. They left a message indicating they a.s.sociated al-Nusra with religious deviancy. On websites they have defaced, Cold Zero and Team h.e.l.l have expressed support for the secular, nationalist Fatah party. This would explain why Team h.e.l.l would hack Al-Nusra, a Salafist-Jihadist website, even though it is also anti-Israel. The group has also defaced the website of the Syrian parliament.

Agd_Scorp/Peace Crew (aka Agd_Scorp/Terrorist Crew).

Agd Scorp/Peace Crew are Turkish hackers who defaced NATO and US military websites in response to Operation Cast Lead. On three subdomains of the US Army Military District of Was.h.i.+ngton website and on the NATO parliament site (panies and products, including Kia, Sprite, Fanta, and Daihatsu. Their members call themselves Jurm, Sql_Master, CyberTerrorist, Dr. Noursoft, Dr. Win, J3ibi9a, Scriptpx //Fatna, and Bant Hmida.

C-H Team (aka H-C Team).

C-H Team consists of two hackers or hacker teams: Cmos_Clr and hard_hackerz. C-H Team targets Dutch and Israeli websites, leaving threatening messages in Hebrew on the latter. Both team members are Algerian. Besides defacing sites, Cmos_Clr claims to have used a variant of the Bifrost Trojan horse to break into Israeli computers, infiltrating 18 individual machines.

Hackers Pal.

Hackers Pal is the administrator of the Hackers Hawks website and has claimed 285 defacements of Israeli websites. He is a supporter of the secular Fatah party.

Gaza Hacker Team.

Gaza Hacker Team runs the website of the same name. It is responsible for defacing the Kadima party website on February 13, 2009. The team consists of six members: Lito, Le0n, Claw, Virus, Zero code, and Zero Killer.

DNS Team.

DNS Team is an active Arab hackers team focused primarily on apolitical hacking. However, it occasionally exhibits politically motivated attacks-targeting websites in Denmark and the Netherlands during the fall of 2008 in retaliation for the cartoon controversy, and it partic.i.p.ated in recent anti-Israeli hacks. DNS Team maintains a hacking and security forum at /cc/.

!TeAm RaBaT-SaLe! (aka Team Rabat-Sale or Team Rabat-Sala).