‘Hacktivists’ join the front lines in Israel-Hamas war

WASHINGTON and JERUSALEM — When Hamas sprung its deadly assault on Israel in early October, its militants came from land, air and sea.

The Palestinian group launched rockets at populous areas, deployed drones to destroy observation posts, used motorized gliders to float fighters over fortified borders and dispatched speedboats into defended waters. The effects were instantly tangible, with many Israelis killed, abducted or displaced. Infrastructure, including hardened military installations, was damaged.

Less apparent were the virtual campaigns waged before, during and after the opening salvos, though not necessarily by Hamas itself. Hackers supporting its cause hijacked billboards and flooded phones with threatening texts. Grisly videos quickly circulated online, and social media platforms such as X, formerly Twitter, were saturated with front-line footage, some of it fake.

The online efforts serve many purposes, experts told C4ISRNET, including influencing public opinion, softening resistance and hampering the emergency response.

Upgrade networks or suffer on the battlefield, generals warn

Cyberattacks “are increasing daily, with hundreds of attacks we’ve monitored so far,” said Gil Messing, the chief of staff at Check Point Software Technologies, a cybersecurity company with roots in Tel Aviv. “Our data shows an 18% increase in attacks on Israeli targets since the beginning of the war, and we expect it to continue.”

Hack-tivity

Outside groups with vested interests in the Israel-Hamas fight are dominating the cyber battlefield.

Operations include defacing popular websites and flooding networks with artificial traffic, rendering them unable to function. This tactic is known as a distributed denial-of-service, or DDoS, attack. Similar moves were seen in the opening days of the Russia-Ukraine war.

“Cyberattacks happened all along, before the [Hamas attack] and after,” said Messing, whose team monitors dozens of third-party groups around the world.

“Hacktivists play a critical role here and actually carry out the vast majority of attacks,” Messing added, using a term for hackers motivated by political or social movements.

Cloudflare, an American company that provides cybersecurity and network services, said media sites were prime targets in the wake of the Oct. 7 Hamas incursion. For example, the Jerusalem Post was knocked out Oct. 9. The outlet boasts millions of monthly visitors and bills itself as the No. 1 English-language website covering Israel.

Other targets included the computer software industry, financial sectors and government services.

The exterior of Israel's cyber training center in Beersheba. (Courtesy of the Israel Defense Forces)

“Before Oct. 7, there were barely any HTTP DDoS attack requests towards Israeli websites using Cloudflare,” the company said in a blog post. “However, on the day of the Hamas attack, the percentage of DDoS attack traffic increased. Nearly 1 out of every 100 requests towards Israeli websites using Cloudflare were part of an HTTP DDoS attack. That figure quadrupled on Oct. 8.”

Such attacks are relatively unsophisticated and have little consequence on national security operations, experts said. While a vandalized website can disconcert the public, it likely does not sidetrack military operations.

As a result, pinning the importance of the cyber domain in the Israel-Hamas fight has thus far proved tricky, according to Annie Fixler, the director of the Center on Cyber and Technology Innovation at the Washington-based Foundation for Defense of Democracies.

“It is a moving target because we’ve seen a lot of activity, we’ve seen ramp-ups of activity. Deciphering the level of significance of that activity, I would say, is an ongoing challenge,” she told C4ISRNET. “There are a lot of hacktivist groups that are going to claim to have had an operational impact, when what they really did was DDoS a website or deface a website.”

Offense and defense

Israel is regarded as well-versed in cyber warfare, wielding capabilities that rival the virtual arsenals of much larger powers. Officials years ago recognized cyber as an emerging field that could lend the country — stuck in a “bad neighborhood,” as Israeli officials and outside analysts describe it — a distinct advantage.

Elite divisions have since cropped up, such as the Israel Defense Forces’ Unit 8200, which specializes in intelligence gathering and cyberspace operations. The unit has been likened to the U.S. National Security Agency or the U.K. Government Communications Headquarters.

No, Rafael’s ‘Iron Beam’ laser didn’t blow up missiles over Israel

“Generally speaking, Israeli offensive cyber capabilities are sort of second to the United States,” Fixler said. “Our general sense is that the Israelis have the capabilities they need. There is not a significant capability that we could provide to them that they do not already have themselves.”

The U.S. in October said it was rushing cyber support to Israel but declined to provide specifics. The U.S. Cybersecurity and Infrastructure Security Agency is coordinating with the Israel National Cyber Directorate, according to Brandon Wales, the executive director at CISA.

Furthermore, U.S. Defense Secretary Lloyd Austin is said to have held daily calls with his Israeli counterpart, Yoav Gallant.

Kate Fazzini, a cybersecurity professor at Georgetown University, described Israel as a leader in the cyber domain, one capable of digitally outgunning Hamas.

“They are far more sophisticated than their population size,” she said. “I would say the sophistication is certainly on par with the United States.”

A report published by the London-based International Institute for Strategic Studies think tank in 2021 and updated this year put the U.S. atop the cyber-power hierarchy. China, Russia and Israel were among those placed one rung below, in a second tier.

A separate report posted by the Washington-based Atlantic Council think tank described Hamas’ cyber capabilities as nascent and “lacking the sophisticated tools of other hacking groups,” but not to be underestimated.

The road ahead

Amid the Israel-Hamas war, officials are watching for signs of regional aggravation or wider escalation. Experts interviewed by C4ISRNET said they have their eyes on Iran, Russia and the Lebanon-based militant group Hezbollah.

Wanton cyber activity could intensify the already bloody battle, with reports of thousands killed.

“The one way that cyber would make a huge difference is if it bleeds into the kinetic landscape — if either side is able to turn off water, able to make any kind of changes to the electric grid,” Fazzini said. “Is a larger power capable, like Iran, of waging a cyberattack in Gaza to make Israel look worse? I think that’s also a possibility.”

Palestinians inspect the rubble around the Ahmed Yassin mosque, which was destroyed by Israeli airstrikes, in Gaza City on Oct. 9, 2023. (Adel Hana/AP)

Iran in 2020 was linked to a cyberattack that aimed to disrupt water supplies in Israel. The attack was detected and defeated, and the water authority later hired a cybersecurity firm to beef up its defenses, the Times of Israel reported.

“If you have that cyber-to-kinetic connection,” Fazzini said, “I think that’s the main issue.”

U.S. cyber specialists spent three months in Albania this year, attempting to expose hacking tools in the wake of Iranian cyberattacks on government systems. The attacks on the smaller NATO ally forced key services offline, including the Total Information Management System, which tracks details of those entering and exiting the country.

Both Messing, of Check Point Software Technologies, and Refael Franco, the former deputy chief of the Israel National Cyber Directorate, said Iranian-aligned cyber groups pose a real threat to Israel. Franco took it a step further, saying the groups “are still working against Israeli critical infrastructure and vital assets.”

Besieging critical infrastructure, such as the communications, energy, health care, and food and agriculture sectors, could inflict widespread damage.

“Israel must be ready to operate ‘Plan B,’ ” Franco said, and execute an “ASAP response if there is a cyberattack.”



from Defense News https://ift.tt/Xf74kdL
via IFTTT

Post a Comment

Previous Post Next Post