UPDATED! See post bottom…
Coming home on Friday after my Shabbat shopping at Machaneh Yehudah, I got on the computer for a minute to check on stuff before beginning my crazy cooking marathon. I almost immediately noticed some chatter about our dear friend Richard Silverstein’s anti-Israel Web site being “hacked.” I took a screen cap for the sake of posterity, tweeted it and added in that I don’t approve of these shenanigans. Then I got to cooking. I wasn’t about to gloat. Just as Richard Silverstein does not possess the knowledge, training and experience to be a credible Middle East analyst, let alone the objectivity and integrity to be a journalist, so too does he woefully lack the technical skills to run a Web site. We’ve punked him easily in the past and employed no great technical skills to do so. We just took advantage of Silverstein’s stupidity and hypocrisy.
It seems the site was down all of Shabbat and whatever DNS change he has made, has not yet fully propagated to Israel. While the original “hoax” site is now down, I am still getting a “We are sorry, the website is temporarily unavailable. Please check again later!” error. In order to see the reconstituted site, I have to use a US proxy, which allows me to access the site as if I was in the US, where, presumably, DNS propagation is faster.
So what happened? According to the title of Silverstein’s blog post on the matter, he was the victim of an “Israeli Cyberwarfare Campaign.” He claims his site was attacked by an Israeli “hacker.” This was confirmed in a 9-page report prepared by someone at Kaspersky labs apparently, but no one I tried to contact at Kaspersky got back to me so we’ll wait on that. In the meantime, we let the boys at Jewlicious Labs analyze what had happened, and needless to say, their assessment is far less dramatic than that hinted at by Silverstein.
I know. Shocker.
First, this has less than nothing to do with the Cyberwarfare campaign waged by the US, Israel and others against Iran’s nuclear facilities. While those efforts involved teams of engineers, and reams of complex code, what likely caused Richard Silverstein to lose control of his site was so simple that even calling it a hack would make any real hacker laugh at you. Hard. Secondly, this wasn’t any kind of campaign. It was an act of a single, probably not very technically sophisticated person. The fact that Silverstein and Kaspersky were able to easily identify him and his employer and his child means that our “hacker” did very little to hide his identity.
Just as an aside, Silverstein plans on releasing the identity of this person at some point soon. Someone ought to remind Mr. Stupid about Judaism’s strictures about visiting the sins of the Fathers upon their children. Just mentioning the child’s existence is creepy, and hypocritical coming from a guy who is SO protective of his own family’s privacy. But that’s par for the course from one of the Internet’s leading bullies and hypocrites.
Now I am not going to get into long drawn out technicalities, but Jewlicious Labs has determined that this hack took place as a result of an otherwise innocent twitter conversation and blog post by Silverstein. Apparently, he was unhappy with the level of service he was getting from his current host, HostGator. It seems that $3.96 a month is not enough to handle a Web site that gets 2000 visitors a day (which is a very modest amount of visitors by the way). Consequently, he decided to ramp up and get a VPS account with DreamHost. VPS stands for Virtual Private Server – it’s not an actual private server but it is a notch above the baby hosting Silverstein was using before. Such hosting gives you a fixed amount of space, RAM and bandwidth in a shared hosting environment, but each server has far less clients on it than on the baby server Silverstein was on before. Another feature of this kind of hosting is that you have a Control Panel that allows you to host more than one domain on your account. All you have to do is type in the domain name and a new directory is set up for your hosting. Concurrently, you need to let the Internet know that yournewsite.com now resides on your server – that’s what DNS does – thus you change the DNS settings associated with your domain name so that they point to your hosting company.
The thing is that anyone can go to such a control panel right now, and type in any domain name, regardless of whether or not they actually own it. A directory will be created and you can put stuff in it, but no one will be able to access it. So for instance, if someone using Dreamhost were to create a new account and call it richardsilverstein.com – one could install blogging software and fill it with content, but of course this would not affect the actual richardsilverstein.com. Unless that is, the owner of richardsilverstein.com changed his DNS to point to Dreamhost without taking adequate precautions. Then the site could point to an unintended account.
We are guessing that that’s what happened here. Is it a hack? Gosh no. Is it even illegal? No. It’s a server glitch which Silverstein repaired by simply repointing his DNS back to his previous Hostgator hosting company. What this is, is instructive. And what have we learned? Well, if you are planning on moving your Web site to another host, simply ask your hosting company, before you transfer your DNS, to check and see if your domain is currently attributed to another account on their servers.
We’ve also learned that Richard Silverstein will use any opportunity to spew self aggrandizing bullshit, and to attribute evil intent to the State of Israel. This “hack” was not part of any Israeli campaign to silence Richard Silverstein. With 2000 visitors a day, many of whom are bots and people that vehemently disagree with Silverstein, it is clear that he is a blip, a virtual non-entity who is not, as he claims, representative of anyone but a tiny disenfranchised speck of the Jewish world, as well as the much larger community of those non-Jews who hate Israel – and even then, very few of them visit his site. Silverstein was not hacked. Someone simply took advantage of a glitch and Silverstein’s ignorance. Even if we are not totally correct about the nature of this exploit, the fact remains that whoever did this used a method that was not very sophisticated and they did little, if anything, to hide their identities. Even the Turkish kids that hacked one of our sites had the minimum skills to hide their IP addresses – as if I was going to call the cops in Ankara and ask them to issue an arrest warrant!
So now we have to wait and see what tomorrow will bring. Silverstein promises mainstream media exposure as well as all manner of brimstone and treacle. Check out his lugubrious prose:
While I usually find it difficult to interest the MSM in the stories I originate [because you are a confirmed idiot], this will be different. The media will be all over this one. So to my hacker, while youâ€™ve caused me a dayâ€™s worth of aggravation, Iâ€™m going to take advantage of your little charade to tell the world everything there is about you, your hack, and the nasty pro-Israel ideology you represent. We may be the still small voice. But how we can roar when given half a chance. And my hacker has given me a great opportunity.
On the other hand, Brian of London, a writer for Israellycool, went on to twitter and assured everyone that despite the shared enmity, they had nothing to do with the supposed hack. More interestingly however, Brian announced “Full story tmrw abt @richards1052 website: not a hack though, he’s not important enough for anyone to bother!”
Either way, tomorrow will be fun! Stay tuned!
UPDATE: So it seems I was only a little right. The actual hack was even dumber than I first guessed, if that’s even possible! Thanks to Brian of London at Israellycool we now know that what happened was simply that Silverstein transferred his DNS to DreamHost, began to set up WordPress (the content management system that runs his blog) on his root directory, but then didn’t complete the set up by assigning a master username and password. Anyone going to the site at this point would have been met with a WordPress screen asking, nay demanding, that you enter a username and password. So that’s exactly what our master cyber terrorist did. He even entered his real email address. He didn’t even use a proxy! All of this was of course facilitated by the goofy nature of DNS propagation and Silverstein’s total lack of preparation. Brian of London made the analogy of driving a car to Ramallah, leaving the keys inside the ignition and putting a big sign saying “steal me!” on the Window. No insurance company would pay off your “stolen” car under such circumstances. Any threatened mainstream media coverage of this would have to mention that Silverstein left the store unattended and the doors wide open. Looking forward to Silverstein openly exposing himself to the world, yet again, as a total and complete idiot.
Speaking of which, let it be noted that Silverstein claimed that Jewlicious hosts “drug fueled parties & travel junkets as a bizness sideline” See:
@crypticvalentin He’s insufferable.Jewlicioius hosts drug fueled parties & travel junkets as bizness sideline.That’s their claim 2 fame.
— Tikun Olam (@richards1052) August 29, 2012
I challenged him on twitter to substantiate that nonsense and he has yet to respond. Because it’s a lie of course. Oh well. That having been said, if you want to attend one of our drug fueled parties, we’ll be having one in Jerusalem this Wednesday featuring all kinds of fun stuff. Check out the post and visit the facebook event page!