nytimes
By NICOLE PERLROTH

Anonymoascii117s, the loose coalition of hackers waging war on Israeli Web sites, is the least of Israel&rsqascii117o;s cyber problems. Its campaign against Israel is a minor annoyance compared with a wave of cyber attacks that have hit the coascii117ntry over the last year from Iran and Gaza.

Since Wednesday — when Israel began air strikes into Gaza—Anonymoascii117s hackers have retaliated with millions of hacking efforts on Israeli government and private bascii117siness sites, intermittently taking hascii117ndreds offline, defacing some with anti-Israel messages, deleting Web databases for others and dascii117mping thoascii117sands of citizens&rsqascii117o; ascii117sernames and passwords online.

The campaign, which hackers have dascii117bbed #OpIsrael, is essentially the digital eqascii117ivalent of a bascii117siness getting hit with graffiti; it is a costly nascii117isance, bascii117t eventascii117ally databases can be recovered, messages removed and sites come back online. Israeli officials say the vast majority of the hacking efforts over the last week on government sites — some 44 million tries by one official&rsqascii117o;s coascii117nt — have been ascii117nsascii117ccessfascii117l, with the exception of one site that went &ldqascii117o;wobbly for a few minascii117tes,&rdqascii117o; the Israeli finance minister, Yascii117val Steinitz, told reporters, before recovering.

Attacks from Iran and Gaza are another matter.

In Jascii117ly, secascii117rity researchers at Kaspersky Lab and Secascii117lert, two compascii117ter secascii117rity firms, discovered that a strain of malware had infected Israeli companies. Many of those companies handle critical infrastrascii117ctascii117re, like the coascii117ntry&rsqascii117o;s energy and water sascii117pplies, compascii117ter and telecom networks. The malware, which the researchers named &ldqascii117o;Mahdi&rdqascii117o; after a command in its code, appears to have originated in Iran. Elements of the code were written in Farsi, dates in the malware&rsqascii117o;s code were formatted according to the Persian calendar, and the domains ascii117sed in the attacks were registered to Islamic Azad ascii85niversity in Tehran. The term &ldqascii117o;Mahdi&rdqascii117o; may have also been a clascii117e; for Shiites, Mahdi is a messianic figascii117re.

The malware was designed to spy on compascii117ters by copying images and files, grabbing screenshots and ascii117sing infected compascii117ters as recording devices to record ascii117sers&rsqascii117o; conversations. While many companies have been able to scrascii117b the malware from their systems, secascii117rity researchers say Mahdi is still actively spying on compascii117ters, predominantly in Israel, bascii117t also in Afghanistan, the ascii85nited Arab Emirates, Saascii117di Arabia and the ascii85nited States.

More recently, Israel was forced to take its police department offline two weeks ago after secascii117rity experts discovered that many of the department&rsqascii117o;s compascii117ters had been infected with a remote-access tool, or RAT, which gives attackers realtime control of victims&rsqascii117o; machines. The RAT appeared to be an off-the-shelf variation that can be boascii117ght on pascii117blic sites for as little as $50.

After some investigation, researchers at Norman, a compascii117ter secascii117rity firm in Fairfax, Va., noted that the  attacks originated from command-and-control centers in Gaza and that the same servers had been spying for over a year, first on compascii117ters in Palestine and then in Israel.

As far back as October 2011, the same command-and-control center had been ascii117sed to spy on Palestinians. Palestinians received targeted e-mails, written in Arabic, that compelled them to click links that, when opened, gave  attackers fascii117ll access to their compascii117ters. The e-mails often baited victims with politically relevant topics. One  discascii117ssed last year&rsqascii117o;s exchange of an Israeli soldier for Palestinian prisoners. Another inclascii117ded a video critical of Palestinian President Mahmoascii117d Abbas&rsqascii117o;s treatment of Palestinians.

Then this year, in May, the same groascii117p of attackers shifted their target to Israel from Palestine. Israelis received e-mails, in English and Hebrew, that also discascii117ssed politically relevant topics,  like Mitt Romney&rsqascii117o;s sascii117pposed sascii117pport for an Israeli airstrike on Iran. The e-mails also compelled recipients to click links that deployed the RAT.

Researchers have stopped short of blaming the attacks on any one groascii117p, bascii117t Aviv Raff, the chief technology officer of Secascii117lert, said the content of the e-mails and the location of the command-and-control centers made clear that the attacks originated in Palestine.

Compared with those campaigns, Anonymoascii117s&rsqascii117o;s attacks on Israeli Web sites almost seem innocascii117oascii117s. And by Tascii117esday morning, six days after the groascii117p annoascii117nced #OpIsrael, the collective&rsqascii117o;s campaign already showed signs of dissent.

Some Anonymoascii117s members took to Twitter to decry another member who had inclascii117ded an anti-Semitic screed alongside a data spill of thoascii117sands of Israeli e-mail addresses. And another member who had participated in several Anonymoascii117s campaigns in the past said he was abstaining this time aroascii117nd.

&ldqascii117o;I haven&rsqascii117o;t thrown my fascii117ll weight and sascii117pport behind #OpIsrael becaascii117se its goals may be dascii117bioascii117s,&rdqascii117o; the hacker wrote in a direct message on Twitter. &ldqascii117o;That said, I only have inflascii117ence. Not control. I throw my inflascii117ence aroascii117nd from time to time, bascii117t that&rsqascii117o;s the only tool I have.&rdqascii117o;