The ongoing war between Israel and Palestinian Hamas has unleashed a flood of digital activity, with effects as powerful as the weapons used on the ground.
The ongoing conflict between Israel and Palestinian Hamas has caught the world by surprise and quickly shattered the fragile illusion of security in this volatile part of the world. While combat predominantly takes place in the physical domain, substantial digital activity has been brewing in the background from the very beginning of hostilities.
Sustained Distributed Denial-of-Service Attacks
The first cyber-shot linked to the conflict was fired immediately before the start of Hamas’ Operation Al-Aqsa Flood with the attack on the Noga Independent Systems Operator, responsible for managing the Israeli electricity network. Within hours, both the Palestinian and Israeli governments and media websites and emergency response infrastructure came under sustained distributed denial-of-service (DDOS) attacks. Several cyber groups linked to Russia, including Anonymous Sudan and Killnet openly stated their plans to target Israeli government infrastructure in retaliation for Israel’s support to Ukraine. Other hacktivist groups, such as ThreatSec, claimed to have brought down more than 5,000 servers belonging to the Gazan internet provider AlphaNet, while another group - Indian Cyber Force - reportedly brought down the Palestinian National Bank’s website.
The conflict reveals another interesting trend. While the great majority of attacks appear to be motivated by ideology or geopolitics, some cyber groups use it to monetize their services. The Krypton DDOS-for-hire botnet group, for example, has offered to sell its DDOS capabilities to pro-Palestinian hackers.
At the same time, the Israeli cyber police unit Lahav 433 was busy freezing Hamas’ cryptocurrency channels to cut off the group’s access to donation revenues. It is estimated that Hamas received around USD 21 million in cryptocurrency alone since 2021.
Spread of Misinformation on Social Media
While not exclusively cyber-related, another unfortunate outcome of the omnipresent digitalization and the use of social media is the surge in online misinformation surrounding the conflict. Deception and misinformation are as old as warfare. Yet, it appears that since the start of hostilities between Israel and Hamas the online space is being plagued by fabricated information on an industrial scale. Over the past week, social media and messaging apps have been flooded with false images and footage of alleged military actions, including video game details presented as Israeli airstrikes, as well as repurposed old images.
All social media platforms have been affected, with the EU and British government warning major social media providers that they might be penalized should they fail to rein in the spread of disinformation.
Possible Attack on Industrial Control Systems
Most registered attacks were so far propagandist in nature and caused relatively limited damage. However, more sophisticated, often state-sponsored attacks, might yield real disruption and have considerable operational effects on emergency services, incident response, or even military operations. As experience from other recent conflicts has revealed, the Russian-Ukrainian war in particular, cyber-attacks are not restricted only to most common and prevalent denial of service or web page defacement.
More disruptive is the possibility of attack against industrial control systems, today commonly used to automate and control critical infrastructure. Israel is no stranger to these types of attacks, with infamous deployment of Stuxtnet worm malware against Iran’s nuclear program in 2010. More recent examples involve Russian-developed AcidRain viper malware which disrupted Viasat satellite system at the very beginning of its attack on Ukraine, and temporarily brought down over 30,000 internet connections across Europe, including 5,000 wind turbines in Germany.
Conclusion
The cyber component might become more complex if the currently localized conflict spreads beyond the borders of Israel and Gaza. While it is unlikely that Hamas alone has the capability or expertise to conduct such sophisticated attacks, its direct sponsors, such as Iran, and indirect, such as Russia, or its rival Israel most certainly do. Should they decide to unleash them, this relatively localized conflict could very quickly turn into a global affair.
Author(s)
Ante Batovic
Senior Consultant
Ante is a member of the Cyber Security team and is a certified ISO 27001 Lead Implementer (CIL) with the International Cyber Security Institute (ICSI).
He supports clients on both pre cyber incident...
Learn More