The recent terrorist attack by Hamas has ignited another round of the Palestinian-Israeli conflict. In addition to ground battles, there are ongoing conflicts in cyberspace, with various well-known and lesser-known hacking groups from around the world rallying to support both sides. In total, over 100 groups are involved in cyber warfare. What does the cyber war in Israel entail, and how might it exert a more substantial influence on the course of the conflict?
Palestinians are primarily supported by pro-Russian groups
From the first hours of fighting, several well-known hackers sided with Hamas. The initial attacks came from Anonymous Sudan almost immediately after the outbreak of the conflict. This group has probable links to Russia. The target was an emergency system designed to alert citizens about incoming threats. The intention was also to disrupt the mobile air defence system, Iron Dome. The group claimed responsibility for taking down the website of the Jerusalem Post. However, the damages were minimal, as the website was relatively quickly restored.
Other cybercriminals who joined Hamas are hackers from the Russian group Killnet. They have conducted several successful operations. A day after the conflict erupted, they managed to take down the Israeli government website gov. il. On the social media, the group accused the Israeli government of bearing the full responsibility for this bloodshed. According to their words, Tel Aviv betrayed Moscow by supporting a “ terrorist regime” in Ukraine. Therefore, the government can now expect extensive attacks from Killnet. However, their targets are not ordinary citizens but a corrupt regime that sold itself to NATO in the name of peace and defence. These claims are particularly interesting in the context of Israel´s actual steps against Russia. Unlike many other governments, Israel did not impose sanctions on the country. Therefore, Some experts have suggested that this might be an attempt to gain visibility during a conflict watched by the whole world instead of a geopolitical stance.
Pro-Palestinian hackers from AnonGhost managed to breach the Israeli Red Alert application, which serves to warn residents about incoming rocket attacks. The group was sending fake messages about rackets and the use of nuclear weapons. About 10-20 thousand people were using the app. Developers subsequently removed it from the Google Play Store. Some experts consider AnonGhost an extended arm of the terrorist organisation Islamic State(ISIS). Another Islamic group, Ghost of Palestine, also supported cyber efforts, targeting the Israeli security agency.
Various efforts were underway several months before Hamas´s invasion. For example, Microsoft managed to identify a hacking group from Gaza – Storm-1133. They targeted critical infrastructure, including the energy and defence sectors and telecommunication companies. Hackers sent malware through fake LinkedIn accounts to employees in these industries, intended to create backdoors for later access to systems. Cybercriminals could then use this access to support ground attacks.
Hackers are also fighting for Israel
During the early hours of the conflict, one group managed to bring down the official Hamas website and the page of the Palestinian National Bank. These attacks were attributed to hackers from the India Cyber Force. Hacktivists from ThreatSec also joined these operations, taking responsibility on social media for attacks on the internet service provider Alfanet in Gaza. The hackers gained access to their systems, disrupting the operation of their television stations for approximately 10 hours. However, the company claims that the internet was unavailable due to the destruction of its headquarters by Israeli missiles. While other groups offered support, their impact was minimal.
Furthermore, this cyber warfare is unfolding within the context of the recent release of rules for so-called civilian hackers by the International Committee of the Red Cross. These rules delineate the permissible scope of actions for hacktivists under international law, particularly the Geneva Conventions. The fundamental principle is to avoid operations against civilian infrastructure, humanitarian and healthcare facilities, or any other violation of international humanitarian law.
In the future, we can expect the intensification of cyber-warfare
To date, no attack has displayed a fundamentally destructive nature. These have primarily constituted DDoS attacks, which entail flooding a server with a massive volume of traffic, causing temporary disruptions in the functionality of systems and websites, albeit for a limited period. However, the shutdown of critical websites can negatively affect the dissemination of information to citizens regarding ongoing threats. Access to information is paramount during crisis situations. While the expectation is for cyber warfare to persist in Israel, accurately predicting the exact course of events remains challenging. Other parties may potentially become embroiled in the conflict, leading to an anticipated increase in destructive attacks and their sophistication. The global community has been taken aback by this conflict, which means that hacking groups also require time to mobilise and prepare a plan for their operations. This process will inevitably take some time.
This brief is supported by
NATO’s Public Diplomacy Division