When Hamas attacked Israeli communities surrounding Gaza on Oct. 7, 2023, it wasn’t just trying to get projectiles past Israel’s Iron Dome, the country’s impressive air defense system. Israel is one of the world’s biggest producers of surveillance technology and spyware, and a country considered to have one of the best cybersecurity systems in the world. Hamas had to scale visible and invisible walls; in person and online.
The conflict shows us the extent of the interweave of physical and cyber combat in contemporary warfare and the blurring of the boundaries of attacks online and attacks on lives. As both sides engage in cyber espionage, disinformation campaigns, and attacks on critical infrastructure, more than ever, we need to consider the geopolitical implications and long-term consequences of cyber conflicts, along with the enduring challenge of attribution, accountability, and the need for international rules of cyber-engagement.
Cyber Walls and Spyware
Gaza and the smart wall surrounding it are subject to heavy camera surveillance and the use of facial recognition technology. Israeli surveillance firms are not only known to test spyware tools on Palestinians, there have also been cases of spyware like Pegasus found specifically on the phones of Palestinian activists. Israel has also put spyware to use tracking and recovering hostages held by Hamas in the Gaza Strip.
As both sides engage in cyber espionage, disinformation campaigns, and attacks on critical infrastructure, the conflict shows us the extent of the interweave of physical and cyber combat in contemporary warfare.
To carry out its attack, analysts suspect Hamas might have resorted to very traditional — read low-tech — means of communication and distraction. Along with traditional information warfare, Hamas is also known to use sophisticated digital tools, such as in 2018 when it used fake Facebook accounts to lure Israeli soldiers into downloading spyware masqueraded as dating and sports apps.
Hacktivists at Arms
Since the attack, hacktivist entities supporting both sides have created an even bigger mess. According to researchers at Website Planet, there are currently 58 hacktivist groups who have claimed to carry out some form of operation concerning the conflict; Cyber Express puts the figure at over a hundred groups. The huge majority have been brute force distributed denial-of-service (DDoS) attacks which cripple communications channels by overwhelming them with requests, followed by cyber espionage attempts to infiltrate networks and gain valuable information.
Cloudflare also recorded a huge spike In DDoS attacks against Palestinian websites and communication infrastructure, even as internet connectivity has reduced to just a fraction of what it was before the conflict began. Unlike the very vocal pro-Palestine hacktivists, it’s harder to pinpoint likely Israeli cyber activities. “Where hacktivists are proud to announce their achievements we may never know the full extent of Israel’s cyber operations or outside actors such as Iran and other regional players,” said Jeremiah Fowler, a security researcher with Website Planet.
Attribution for the flurry of cyberattacks is difficult to nail down. As exemplified by the NotPetya 2017 ransomware attack largely attributed to Russia, there are a lot of intricacies in attributing cyberattacks in an international context. The Israel-Hamas situation follows suit. Hamas, which so far has been the one supported by the most publicized attacks has very limited access to the internet in Gaza. Experts say it’s very likely most attacks are coming from outside the Gaza region. Iran, meanwhile, which has a longstanding relationship with Hamas and has praised the group over the attack, has extensive experience in cyber tactics. US FBI director Christopher Wray has called for a heightened state of alert to prepare for potential Iranian cyber attacks in light of the war. Amid the possibility of regional actors participating in the cyberwar, attribution questions grow ever more complex.
There are currently no clear generally accepted frameworks guiding cyber engagement in international conflict. The challenges of clarifying attribution can lead to lingering issues around accountability that could endure long after the physical war.
Information Wars
The disinformation surrounding the conflict has, further, been all-encompassing. Both sides have tried to push wrong narratives through traditional media, social media campaigns, and even by controlling mainstream media narratives. The result of this is a deep muddling of public and stakeholder perspectives.
Sometimes, this misinformation has veered beyond manipulating public opinion and into the realm of cyber war. For example, AnonGhost, a pro-Palestinian hacktivist group hacked an Israeli rocket warning app Red Alert to spy on users and ultimately sent fake alerts about a nuclear attack to seed panic. Given the trauma of Hamas’ sudden attack on Israel on Oct. 7, misinformation involving early warning systems takes a haunting tint. Another imitation Red Alert app downloaded malware onto users’ phones even while continuing to function correctly as a warning service.
“In any conflict, real-time information is important for the safety and personal security of average people,” said Jeremiah Fowler, a researcher with Website Planet.
Actors have also claimed data breaches and leaks that might or might not be true. Since the conflict began, actors attacked the Jerusalem Post’s website and zoombombed Israel’s Ministry of Education’s live sessions. The pro-Russian group Anonymous Sudan also claims to have brought down the websites of Israel’s mail service and a major bank.
The long-term consequences are numerous. “Hacking is usually not something that you see instant results from, the reason it is such a risk is because you never really know how that information (or access) will be used in the future,” said Fowler. “Malware, bot networks, and malicious code-based attacks can continue to spread and pose security risks long after the initial attack or even when the physical war is over.” For example, wiper malware that Russia debuted during its invasion of Ukraine has now been used in 24 countries beyond Ukraine. Unlike hard combat tools, codes and programs used during cyber conflicts can easily transcend the borders of conflicting entities.
The cyber war may echo long after the bombs fall quiet.
