As the Russia-Ukraine war has proven, the battlefield is no longer physical only as both sides use digital technology to disrupt their foes and friends of those foes. The brutal attacks by Hamas on Israel on Saturday and subsequent response from Israel has put this latest war at the forefront of the hybrid battlefield.
The Israel-Hamas war is a complex and long-standing conflict with a wide range of implications, now including the cybersecurity realm. Both sides have been known to use cyberattacks as a weapon of war, and the conflict has led to an increase in cyberattacks against both Israeli and Palestinian targets.
In addition, the conflict has further led to an increase in cyberattacks against third parties, such as news organizations and human rights groups. The conflict has also led to a rise in the spread of misinformation and disinformation online.
The cybersecurity implications of the Israel-Hamas war can be significant. Cyberattacks can cause damage to infrastructure, disrupt business operations, and steal sensitive data. Cyberattacks can also be used to spread misinformation and propaganda.
Here are some additional cybersecurity implications of the Israel-Hamas war:
- Damage to infrastructure: Cyberattacks can cause damage to infrastructure, such as power grids and transportation systems.
- Disruption to business operations: Cyberattacks can disrupt business operations, such as by shutting down computer systems or stealing data.
- Theft of sensitive data: Cyberattacks can be used to steal sensitive data, such as government secrets or personal information.
- Spreading of misinformation and propaganda: Cyberattacks can be used to spread misinformation and propaganda, which can undermine public trust and sow discord.
The Israel-Hamas and Russia-Ukraine wars have elevated hacktivism to a new level—so much so that there are now "rules" for civilian hackers in times of war. According to the co-authors of the International Committee of the Red Cross (ICRC) blog post, the rules are necessary as civilians engaging in cyber warfare is a worrying trend:
"The phenomenon of civilian hackers conducting cyber operations in the context of an armed conflicts is worrying for at least three reasons. One, they cause harm to civilian populations, either by targeting civilian objects directly or damaging them incidentally.... Two, civilian hackers risk exposing themselves, and people close to them, to military operations.... Three, the more civilians take an active part in warfare, the more the line blurs between who is a civilian and who a combatant."
Here are the eight rules outlined by the ICRC as part of international humanitarian law (IHL), providing a "universally agreed set of rules that aim to safeguard civilians, and soldiers who are no longer able to fight, from some of the horrors of war":
1. Do not direct cyber attacks against civilian objects.
2. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately.
3. When planning a cyber attack against a military objective, do everything feasible to avoid or minimize the effects your operation may have on civilians.
4. Do not conduct any cyber operation against medical and humanitarian facilities.
6. Do not make threats of violence to spread terror among the civilian population.
7. Do not incite violations of international humanitarian law.
8. Comply with these rules even if the enemy does not.
WIRED details the digital side of the latest hybrid war in its article, "Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides." From the article:
"In the short period since the conflict escalated, hackers have targeted dozens of government websites and media outlets with defacements and DDoS attacks, attempts to overload targets with junk traffic and bring them down. Some groups claim to have stolen data, attacked internet service providers, and hacked the Israeli missile alert service known as Red Alert.
Internet connectivity in Gaza has also been broadly disrupted by electricity outages as Israel implements what Defense Minister Yoav Gallant called a 'complete siege' on Monday, cutting off the region's electricity and supply lines for water, food, and fuel. Amid the chaos of any erupting kinetic war, hacktivism often fuels disinformation, misinformation, and panic. This can lead to unintended consequences. For some digital actors, unpredictability itself is the goal."
Glenn Kapetansky, Senior Principal and Chief Security Officer at Trexin, offered his first-hand perspective as cybersecurity leader:
"I was in Jerusalem with my family during that fateful Saturday, so my point of view is shaped from my personal, on-the-ground experience and information directly from family and friends connected to the military. What struck me, as a Chief Security Officer, is how our responsibilities blend cyber, IRL, and even corporate responsibilities. The cyber side of this war is less visible but coordinated with and augmenting the conventional efforts on the ground, air, and sea. And a CSO is part of the planning for protecting/extracting any staff working in harm's way.
We are seeing an historic shift, when remote drones can halt tanks, social media is a powerful weapon, and infrastructure can be disrupted more effectively than with bombs."
Kip Boyle, vCISO and instructor for SecureWorld PLUS courses, writes in his "Cyber: Total War" blog post: "Right now, cyber conflict between nations is becoming a total war. That means any and all civilian-associated resources and infrastructure are a legitimate military target."
He continues: "The IT Army of Ukraine has 160,000 members on its Telegram channel. And Killnet, a pro-Russia hacker group, has 90,000 supporters on its Telegram channel. Both groups target public services such as railways and banks."
The Israel-Hamas war has seen a number of hacker groups already involved, both on the Israeli and Palestinian sides. Some of the most notable groups include:
- Black Shadow: A pro-Palestinian hacking group that has claimed responsibility for a number of attacks on Israeli websites and organizations, including the Tel Aviv Stock Exchange and the Israeli Ministry of Defense
- Hamas Cyber Unit: The official cyber arm of Hamas, which has been known to carry out attacks against Israeli targets
- Anonymous: A hacktivist group that has carried out attacks against both Israeli and Palestinian targets in the past
- CyberCaliphate: A pro-ISIS hacking group that has also carried out attacks against both Israeli and Palestinian targets
In addition to these groups, there are a number of other smaller hacking groups that have been involved in the conflict.
"Both the U.S. Department of Defense and the North Atlantic Treaty Organization (NATO) have declared that cyber is a 'domain,' co-equal with air, land, and sea," said Tom Brennan, Executive Director, Americas Region, CREST. "Conflict / war comes with multiple names these days including:
• Civil War
• Drug War
• Terrorist Insurgency
• Political Unrest
• Ethnic Violence
• Russo-Ukrainian War
So, from a cyber security technologist point of view, it comes down to 'Train like you fight... fight like you train'—the only difference is ethics."
- Bitdefender: Hacktivists send fake nuclear attack warning via Israeli Red Alert app"
"The AnonGhost hacktivist group said on its Telegram channel that it had managed to breach the 'Red Alert' app to send a warning that 'The Nuclear Bomb is coming' and distribute notifications saying 'death to Israel.' Some of the fake alerts were accompanied by a swastika."
- Techopedia: Israel-Hamas Cyber War Escalates: What We Know So Far
"...one of the biggest attacks so far has been the sustained DDoS attacks against The Jerusalem Post’s website. Although the publication hasn't confirmed who was behind the attack, Anonymous Sudan has claimed responsibility for the campaign."
- Axios: Hackers make their mark in Israel-Hamas conflict
"CyberKnow, a security research group that tracks cyber warfare activities, estimated that as of Monday, at least 58 groups were actively targeting Israeli and Palestinian organizations with DDoS attacks. The Ghosts of Palestine also issued a call in its Telegram group on Sunday for hackers worldwide to join them in attacking Israeli and U.S. public and private infrastructure."
- SecurityWeek: Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks
"A pro-Hamas group called Cyber Av3ngers targeted the Israel Independent System Operator (Noga), a power grid organization, claiming to have compromised its network and shut down its website. The group also targeted the Israel Electric Corporation, the largest supplier of electrical power in Israel and the Palestinian territories, as well as a power plant. "
- SecureWorld News: Proposed U.S. Cyber Force Would Recognize Cyber as 'Domain of Warfare'