FRESH AIR

When terrorist groups add cyber-capabilities to their bombs and bullets

May 10, 2019 | Oved Lobel

Hamas Cyber HQ after Israel's precision strike on the floors being used (source: ZDnet via IDF)
Hamas Cyber HQ after Israel's precision strike on the floors being used (source: ZDnet via IDF)

In the midst of the most recent hostilities between Israel and the Palestinian terrorist organisations running Gaza, Israel claimed that the IDF had collaborated with Israel’s domestic intelligence agency, Shin Bet, to thwart a Hamas cyber-attack. Israeli forces then subsequently bombed the the headquarters of Hamas’ cyber unit.

Israel hasn’t revealed the nature or target of the attack, claiming that Hamas might be able to gather information on Israel’s cyber capabilities if the information were released, although the chief of the IDF’s Cyber Division noted the attack would have harmed “the quality of life of Israeli citizens,” suggesting the target may have been infrastructure. According to IDF spokesperson Ronen Monelis, “Hamas no longer has cyber capabilities after our strike.”

https://twitter.com/i/status/1125122680267603968

Excitement in some circles over the potential precedent of military force being used to counter cyber attackers is unwarranted, because the Israeli strike took place in the midst of actual military hostilities against a unit that was an organic part of the attacking military force. However, it does raise the interesting issue of the cyberthreat Hamas and Palestinian Islamic Jihad (PIJ) pose to Israel, and the possible advances they’ve made thanks to the capabilities of their sponsor, Iran’s Islamic Revolutionary Guard Corps (IRGC), as well as its Lebanese proxy, Hezbollah.

According to all publicly available information, Hamas’ technical sophistication is not very high, although an IDF major did claim in 2015 that during Operation Protective Edge in 2014, cyber-attacks “were conducted by all the players – Hezbollah, Hamas, Palestinian hacker groups, and Iran, and they displayed strong capabilities that have gotten considerably better over the years.” In 2017, independent analysts said the Hamas-affiliated “Gaza Cybergang Group,” which targeted the Israeli Government through phishing, had advanced skills  “which would not embarrass countries with reasonable cyber capabilities.”  

Yet Israel, among the most advanced countries in the world in this sphere, has apparently more than kept pace with the threat, with a senior Shin Bet official asserting that “attempts by the Hamas terror organization to implement activities in the cyber realm fail time after time.”

Hamas has targeted and defaced private Israeli websites in the past, and even managed to hijack the feed of Israel’s Channel 10 for a few minutes.

In the most recent round of fighting, Hamas was reported to be sending fake Whatsapp messages to Israelis warning them not to answer calls from specific numbers and claiming that doing so would allow Hamas to track them and fire a missile directly at their location. The fake messages were apparently designed to spread panic among Israelis.

But sophistication is not necessarily the most useful means of measuring a threat, and Hamas has been adept at utilising simple methods for substantial espionage and psychological warfare operations. For instance, in 2018 the organisation was able to spread spyware via a fake version of the  “Red Alert” app, which Israelis use to monitor rocket fire in real time, disseminated via fake social media accounts. Hamas could then remotely access all information on the user’s phone and hijack its camera, speaker, and GPS –  useful information during wartime.

More broadly, Hamas was able to hack the phones of hundreds of IDF soldiers via malware implanted in World Cup streaming apps and dating apps, and used fake “honeypot” profiles of attractive members of the opposite sex to lure soldiers into downloading malware. It also infiltrated hundreds of Facebook groups, some closed, relating to IDF activities to monitor members and discussions, and created an online FIFA World Cup group for Israelis which caused those participating to download malware when they clicked links on the page. The wealth of information gleaned from such attacks is not only useful itself in wartime; it can also be passed up to Hamas’ patrons in Iran, which can then more effectively target specific soldiers and officials.

Even more alarming is the case of Majid Oweida, a young computer engineer reportedly recruited by PIJ in 2011, who hacked into real-time IDF drone feeds and wrote a program to allow PIJ to monitor traffic cameras and police data in Israel to plan terrorist attacks.

Hezbollah has occasionally been able to hack into IDF drone feeds since the 1990s, and even allegedly compromised secure military and intelligence communications channels in 2006. The group claimed in 2016 that it had hacked into Israeli security cameras, as well. Hezbollah is involved in cyber-espionage as part of the IRGC on a global level, and as recently as 2018, Czech intelligence announced it had shut down servers associated with a Hezbollah operation ultimately targeting defence agencies.

Like Hamas, Hezbollah has “catfished” individuals with fake profiles of attractive women to get them to install spyware on their phones and computers. In 2012, an expansive campaign dubbed “Volatile Cedar,” attributed to a group in Lebanon – in other words, almost certainly Hezbollah – by the Israeli cybersecurity firm Checkpoint successfully spied on individuals and organisations for years. Once again, the limited technological sophistication of the operation was irrelevant; it successfully fulfilled its purpose and generally evaded detection.

While these abilities are independently worrying, it is the fusion between the cyberespionage of these groups and the advanced offensive cyber-capabilities of Hezbollah and Iran that make them a prospective significant threat to Israel.

AIJAC has previously covered elements of malicious and sophisticated IRGC activities in cyberspace, and if the reports of Hamas targeting vital infrastructure are true, it means Iran has likely sought to pass its formidable knowhow on to the group.

In testimony before the US Senate Judiciary Subcommittee on Crime and Terrorism, Dr. James A. Lewis, senior vice-president at the Washington-based Center for Strategic and International Studies, testified that “Israel is attacked by Iran and Hezbollah every week in efforts to disrupt the critical infrastructure.”

If Hamas is now able to do this alongside Hezbollah, it could considerably raise the stakes.

RELATED ARTICLES

(image: Shutterstock/Svet Foto)

Military strikes alone won’t stop the Houthis without direct pressure on Iran

Mar 20, 2025 | Featured, Fresh AIR
Image: X

Pay-for-Slay is likely still Pay-for-Slay

Mar 7, 2025 | Fresh AIR
Image: X

The missing pieces of the Thai hostages story

Feb 21, 2025 | Fresh AIR
Damaged section of Kamal Adwan Hospital (image: World Health Organisation)

The latest IDF raid on the Kamal Adwan Hospital debunks absurd UN report

Jan 9, 2025 | Featured, Fresh AIR
Iran's Supreme Leader Ali Khamenei (left), the late Hezbollah Secretary-General Hassan Nasrallah and the late commander of the IRGC's Qods Force Qassem Soleimani

The Axis of Resistance is not dead yet

Dec 19, 2024 | Featured, Fresh AIR
Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Dec 18, 2024 | Featured, Fresh AIR
D11a774c 2a47 C987 F4ce 2d642e6d9c8d

Bibi in DC, the Houthi threat and the politicised ICJ opinion

Jul 26, 2024 | Update
Image: Shutterstock

Nine months after Oct. 7: Where Israel stands now

Jul 10, 2024 | Update
Palestinian Red Crescent workers from Al-Najjar Hospital in the city of Rafah, south of the Gaza Strip (Image: Shutterstock)

Hamas’ impossible casualty figures

Mar 28, 2024 | Update
455daec3 C2a8 8752 C215 B7bd062c6bbc

After the Israel-Hamas ceasefire for hostages deal

Nov 29, 2023 | Update
Screenshot of Hamas bodycam footage as terrorists approach an Israeli vehicle during the terror organisation's October 7, 2023 attack in southern Israel, released by the IDF and GPO (Screenshot)

Horror on Video / International Law and the Hamas War

Oct 31, 2023 | Update
Sderot, Israel. 7th Oct, 2023. Bodies of dead Israelis lie on the ground following the attacks of Hamas (Image: Ilia Yefimovich/dpa/Alamy Live News)

Israel’s Sept. 11, only worse

Oct 11, 2023 | Update
Screenshot 2025 03 28 At 11.35.48 AM

The day after the end of the Gaza war – and the new opportunities it presents: Ehud Yaari at the Sydney Institute

Mar 28, 2025 | Featured, Video
Screenshot

Jonathan Conricus in conversation with Joel Burnie

Feb 24, 2025 | Featured, Video
Sydney, January 2025 (Image: X)

Reacting to the latest antisemitic attacks: Colin Rubenstein on SBS Hebrew radio

Feb 3, 2025 | Video
Screenshot

Antisemitic bomb plot “a massive escalation”: Colin Rubenstein on Sky News

Jan 30, 2025 | Featured, Video
(Image: screenshot)

Antisemitism database “first step of many more that need to be taken”: Dr Colin Rubenstein on ABC TV

Jan 22, 2025 | Featured, Video
Screenshot 2024 12 20 At 12.44.43 PM

AIJAC speaks out against hate… Will you join us?

Dec 20, 2024 | Featured, Video

RECENT POSTS

Anti-Hamas protests in Gaza (Image: Reddit)

Gaza protests: A turning point or a moment of desperation?

A “deep well of hatred” in segments of the Muslim community contributed to the recent outburst  of extremism and antisemitism in Australia (Image: Diana Zavaleta/ Shutterstock)

Essay: The Politics of Hatred

Iranian President Masoud Pezeshkian (left) may hint at agreeing to nuclear negotiations, but it is Supreme Leader Ali Khamenei (right) who will ultimately make the decision (Image: Khamenei.ir)

Iran: Moving beyond diplomatic delusions

A statue of Moses holding the Ten Commandments (Image: Shutterstock)

The Last Word: One Story

Israeli PM Netanyahu controversially announces he needs to fire Shit Bet chief Ronen Bar (Screenshot)

Marching toward controversy and division

SORT BY TOPICS