When terrorist groups add cyber-capabilities to their bombs and bullets

Hamas Cyber HQ after Israel's precision strike on the floors being used (source: ZDnet via IDF)

In the midst of the most recent hostilities between Israel and the Palestinian terrorist organisations running Gaza, Israel claimed that the IDF had collaborated with Israel’s domestic intelligence agency, Shin Bet, to thwart a Hamas cyber-attack. Israeli forces then subsequently bombed the the headquarters of Hamas’ cyber unit.

Israel hasn’t revealed the nature or target of the attack, claiming that Hamas might be able to gather information on Israel’s cyber capabilities if the information were released, although the chief of the IDF’s Cyber Division noted the attack would have harmed “the quality of life of Israeli citizens,” suggesting the target may have been infrastructure. According to IDF spokesperson Ronen Monelis, “Hamas no longer has cyber capabilities after our strike.”

Excitement in some circles over the potential precedent of military force being used to counter cyber attackers is unwarranted, because the Israeli strike took place in the midst of actual military hostilities against a unit that was an organic part of the attacking military force. However, it does raise the interesting issue of the cyberthreat Hamas and Palestinian Islamic Jihad (PIJ) pose to Israel, and the possible advances they’ve made thanks to the capabilities of their sponsor, Iran’s Islamic Revolutionary Guard Corps (IRGC), as well as its Lebanese proxy, Hezbollah.

According to all publicly available information, Hamas’ technical sophistication is not very high, although an IDF major did claim in 2015 that during Operation Protective Edge in 2014, cyber-attacks “were conducted by all the players – Hezbollah, Hamas, Palestinian hacker groups, and Iran, and they displayed strong capabilities that have gotten considerably better over the years.” In 2017, independent analysts said the Hamas-affiliated “Gaza Cybergang Group,” which targeted the Israeli Government through phishing, had advanced skills  “which would not embarrass countries with reasonable cyber capabilities.”  

Yet Israel, among the most advanced countries in the world in this sphere, has apparently more than kept pace with the threat, with a senior Shin Bet official asserting that “attempts by the Hamas terror organization to implement activities in the cyber realm fail time after time.”

Hamas has targeted and defaced private Israeli websites in the past, and even managed to hijack the feed of Israel’s Channel 10 for a few minutes.

In the most recent round of fighting, Hamas was reported to be sending fake Whatsapp messages to Israelis warning them not to answer calls from specific numbers and claiming that doing so would allow Hamas to track them and fire a missile directly at their location. The fake messages were apparently designed to spread panic among Israelis.

But sophistication is not necessarily the most useful means of measuring a threat, and Hamas has been adept at utilising simple methods for substantial espionage and psychological warfare operations. For instance, in 2018 the organisation was able to spread spyware via a fake version of the  “Red Alert” app, which Israelis use to monitor rocket fire in real time, disseminated via fake social media accounts. Hamas could then remotely access all information on the user’s phone and hijack its camera, speaker, and GPS –  useful information during wartime.

More broadly, Hamas was able to hack the phones of hundreds of IDF soldiers via malware implanted in World Cup streaming apps and dating apps, and used fake “honeypot” profiles of attractive members of the opposite sex to lure soldiers into downloading malware. It also infiltrated hundreds of Facebook groups, some closed, relating to IDF activities to monitor members and discussions, and created an online FIFA World Cup group for Israelis which caused those participating to download malware when they clicked links on the page. The wealth of information gleaned from such attacks is not only useful itself in wartime; it can also be passed up to Hamas’ patrons in Iran, which can then more effectively target specific soldiers and officials.

Even more alarming is the case of Majid Oweida, a young computer engineer reportedly recruited by PIJ in 2011, who hacked into real-time IDF drone feeds and wrote a program to allow PIJ to monitor traffic cameras and police data in Israel to plan terrorist attacks.

Hezbollah has occasionally been able to hack into IDF drone feeds since the 1990s, and even allegedly compromised secure military and intelligence communications channels in 2006. The group claimed in 2016 that it had hacked into Israeli security cameras, as well. Hezbollah is involved in cyber-espionage as part of the IRGC on a global level, and as recently as 2018, Czech intelligence announced it had shut down servers associated with a Hezbollah operation ultimately targeting defence agencies.

Like Hamas, Hezbollah has “catfished” individuals with fake profiles of attractive women to get them to install spyware on their phones and computers. In 2012, an expansive campaign dubbed “Volatile Cedar,” attributed to a group in Lebanon – in other words, almost certainly Hezbollah – by the Israeli cybersecurity firm Checkpoint successfully spied on individuals and organisations for years. Once again, the limited technological sophistication of the operation was irrelevant; it successfully fulfilled its purpose and generally evaded detection.

While these abilities are independently worrying, it is the fusion between the cyberespionage of these groups and the advanced offensive cyber-capabilities of Hezbollah and Iran that make them a prospective significant threat to Israel.

AIJAC has previously covered elements of malicious and sophisticated IRGC activities in cyberspace, and if the reports of Hamas targeting vital infrastructure are true, it means Iran has likely sought to pass its formidable knowhow on to the group.

In testimony before the US Senate Judiciary Subcommittee on Crime and Terrorism, Dr. James A. Lewis, senior vice-president at the Washington-based Center for Strategic and International Studies, testified that “Israel is attacked by Iran and Hezbollah every week in efforts to disrupt the critical infrastructure.”

If Hamas is now able to do this alongside Hezbollah, it could considerably raise the stakes.