Subscribe to receive notifications of new posts:

Ceasefires Don't End Cyberwars

2012-11-27

2 min read

There is a significant conflict in the Middle East. As has been widely reported, along with the physical confrontation between the Israelis and Palestinians, there have been widespread cyber attacks. These cyber attacks have been launched against both sides in this conflict. At CloudFlare we have found ourselves in the unusual position of protecting websites of both Israeli and Palestinian organizations on the front lines. Among others, our customers include Israeli government sites as well as numerous Palestinian organizations.

The conflict that is going on right now may be the first true cyberwar. While previous conflicts have included the use of cyber attacks by one side or the other, in this case supporters of both sides appear to be launching cyber offensives. At CloudFlare, we've been caught in the cross fire. That's allowed us a unique vantage point to report on what we're seeing.

We've been following news about the conflict and monitoring the attacks against sites on both sides for the last week. On November 21, 2012 at 19:00 (GMT) a ceasefire was announced. The large scale physical attacks appear to have largely stopped along with the ceasefire. We wanted to see what happened to cyber attacks.

When Physical Attacks Stop, Cyber Attacks Start

Quite the opposite of stopping, there was a significant increase in cyber attacks against both sides websites that coincided with the ceasefire. The following chart aggregates data from a number of sites on both sides of the conflict. The dotted line about 3/4 of the way along the timeline indicates the point of time the ceasefire was declared. We have intentionally obscured whether the attacks were targeting sites supporting Israel or Palestine, but I can say that we saw significant upticks in attacks targeting both sides in the conflict.

Ceasefires Don't End Cyberwars

This graph focuses specifically on what are known as Layer 7 attacks. These are application-layer attacks, and different than some of the Layer 3/4 attacks we have discussed before. Layer 7 attacks tend to be smaller in volume but often harder to defend against using traditional DDoS scrubbing services. CloudFlare's service is able to absorb these attacks and ensure that only legitimate requests are sent to a web server.

It is important to be clear. Nothing we've seen allows us to make a claim toward the attribution of the source of these attacks. CloudFlare's network is like a flack jacket, not like a machine gun. We shield sites from the attacks we see, but we don't spend a lot of time trying to determine the motives of the attackers. It is not correct to say that this data proves one side is attacking the other. In fact, third party organizations like Anonymous, which are not directly affiliated with Palestinians, have claimed responsibility for many of the attacks targeting Israeli sites, and several "vigilante hackers," who are not directly affiliated with Israel, have claimed responsibilityfor attacks against some Palestinian sites.

The Politics of Being a Proxy

We've received criticism from supporters on both sides asking how we can be supporting the other. To be clear, we are not supporting either side. Resolving the difficult political questions of a conflict like this is way above our pay grade. We are proud, however, that in spite of withering cyber attacks CloudFlare has kept both sides' websites online.

The Internet is one of the greatest inventions in human history because it allows anyone to reach a global audience. CloudFlare's goal is to power a better Internet. While that will inherently mean we will increasingly find ourselves in difficult situations like this one, we will continue to be guided by the principle that it is not our role to decide whether one idea or another is correct, but instead to ensure that all ideas can find equal footing online.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
AttacksPoliticsMiddle EastReliability

Follow on X

Matthew Prince|@eastdakota
Cloudflare|@cloudflare

Related posts

November 20, 2024 10:00 PM

Bigger and badder: how DDoS attack sizes have evolved over the last decade

If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps). ...

October 09, 2024 1:00 PM

Improving platform resilience at Cloudflare through automation

We realized that we need a way to automatically heal our platform from an operations perspective, and designed and built a workflow orchestration platform to provide these self-healing capabilities across our global network. We explore how this has helped us to reduce the impact on our customers due to operational issues, and the rich variety of similar problems it has empowered us to solve....

October 02, 2024 1:00 PM

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack

Over the past couple of weeks, Cloudflare's DDoS protection systems have automatically and successfully mitigated multiple hyper-volumetric L3/4 DDoS attacks exceeding 3 billion packets per second (Bpps). Our systems also automatically mitigated multiple attacks exceeding 3 terabits per second (Tbps), with the largest ones exceeding 3.65 Tbps. The scale of these attacks is unprecedented....