IDSA COMMENT

You are here

Home » Publications » IDSA Comment

Israel–Hamas Conflict and the Cyber Realm

Rohit Kumar Sharma
Mr Rohit Kumar Sharma is Research Analyst at the Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA), New Delhi. Click here for detailed profile.

More from the author

  • Share
  • Tweet
  • Email
  • Whatsapp
  • Linkedin
  • Print

    Rohit Kumar Sharma
    November 17, 2023

    The ongoing Israel–Hamas conflict has spilled over into cyberspace as well. Threat actors, including Hamas and its affiliates, along with other hacktivist groups, have conducted numerous operations against Israel. Despite Israel's strength in cybersecurity and its global reputation, adversaries have succeeded in breaching Israeli systems. Furthermore, threat actors have effectively leveraged social media platforms and other digital spaces to conduct influence operations, aiming to shape global opinions on the ongoing conflict.

    Digital Battleground

    Israel came under an unprecedented, surprise attack from Hamas, a terror group in control of the Gaza Strip, on 7 October 2023. The nature of the attack caught Israeli intelligence off-guard. As per assessments, the Israeli public alarm system, Tzeva Adom, designed to notify citizens of missile attacks, was reportedly disabled within an hour of the terrorist attack.1 The attack was purportedly claimed by Anonymous Sudan, a group known for religiously motivated attacks and believed to be affiliated with Russia. Prominent online news platforms, such as The Jerusalem Post, endured continuous Distributed Denial of Service (DDoS) attacks for two days. In fact, during the initial days of the conflict, newspaper and media websites were the main target of DDoS attacks, accounting for nearly 56 per cent of all intrusions against Israeli websites.

    Government entities, including the Bank of Israel and the Israeli Knesset (parliament), also experienced disruptions in the initial days of the conflict. Billboards in Israel were briefly hacked to display pro-Palestinian messages. Furthermore, hack and leak operations, such as the Ono Academic College breach, resulted in the publication of approximately 2,50,000 records containing information about employees, students, former students, and more on Telegram.2 Reportedly, personally identifiable information (PII) from the Israeli Defence Forces (IDF) and Israeli security agencies was advertised on certain dark web platforms.3 While the source and timing of the breach are not available, advertising these details during the conflict strongly suggests a clear link to the ongoing hostilities. Several aid organisations, pooling resources to assist people in distress, were also targeted by DDoS attacks.4

    The cyber-attacks moved beyond the actors directly involved in the conflict. Countries like the US, France, India and Italy have experienced a significant increase in cyber activities against them.5 Several hacktivist groups were involved in cyber operations against these states due to their open support for Israel. However, it's important to note that these states did not confirm the information related to such operations and was shared on Telegram channels associated with these hacktivist groups. Some Arab and Islamic nations were also subjected to cyber attacks by these groups as a consequence of perceived ambiguous support for Palestine.6

    The nature of cyberspace poses challenges in attributing or linking cyber incidents to a specific actor unless those actors claim responsibility for the attacks. However, reports indicate that numerous Iranian-linked entities have been implicated in orchestrating cyber attacks against Israel.7 Nevertheless, some reports suggest that the operations of Iranian groups have predominantly been opportunistic in nature, with their impact often exaggerated.8 The reports also indicate that Iranian actors initially lacked knowledge about Hamas's coordinated attack on Israel but later pivoted their cyber activities to the Israel–Hamas conflict following the escalation.

    As with the previous Israel–Hamas conflict, the recent escalation is also turning out to be a battle of narratives or, as often the case, a 'fight over the image'. In the asymmetric nature of the Israel–Hamas conflict, where a state is fighting a non-state actor, the weaker side also employ images as a weapon to sway public opinion. This integration of images with warfare is referred to as ‘Imagefare’, where visuals serve as a substitute for traditional military means to achieve political objectives.9

    The use of imagery has been amplified with social media platforms. Hamas has used these platforms to conduct influence operations, aiming to mobilise public support for its actions against a formidable adversary. Simultaneously, it instills fear and uncertainty among Israelis regarding their perceived invincibility. On the day of the attack, Hamas used its Telegram channels and other social media accounts to disseminate information about its attacks on both Israeli military assets and civilians.

    Hamas also employed GoPro First-Person View (FPV) footage to capture unsettling videos of its attacks on civilians, including the act of taking hostages in the Gaza Strip. The Israeli state subsequently used the brutality in the videos to garner international support for its airstrikes and ground operations in the Gaza Strip. The terrorists also hijacked the social media accounts of their victims, livestreaming the harrowing experiences of the captives from these compromised accounts.10

    Due to the widespread reach and accessibility of social media, these platforms also abound with misinformation and disinformation. The wider accessibility of artificial intelligence (AI) tools is being exploited to produce and disseminate fabricated images and videos. Deepfake videos, which gained prominence in the early stages of the Russia–Ukraine war, are also being used to sow confusion and propagate false narratives in the ongoing struggle for public opinion in the Israel–Hamas conflict. These technology-enabled false narratives have posed a significant challenge for fact-checkers and the Israeli public diplomacy front.

    According to observers, the AI tools are already thickening the ‘fog of war’, and the Israel–Hamas war is unprecedented in terms of the dissemination of deep fake content.11 For instance, an image of a baby in the rubble of destroyed buildings in Gaza, which was widely used by anti-Israel protestors across the globe and even figured in a national daily, turned out to be a fake image.12 The massive number of images that can be created by simple commands using AI tools has posed a significant challenge to content moderators and other organisations seeking to deliver breaking news while maintaining credibility.

    Amidst the chaos, the big tech companies have faced mounting scrutiny due to a surge in harmful content and disinformation in the wake of the attack on Israel. The Vice-President of the European Commission, Vera Jourova, has asked the executives from TikTok and social media platform X to step up their efforts to counter illegal hate speech.13 The issue of disinformation was also brought to attention in a strongly worded letter from the European Union (EU) to Elon Musk. The letter warned him about potential actions that could be taken against the platform if it failed to comply with regulatory laws and adequately address the escalating issue of fake news on X.14

    Israeli Response

    Given the hybrid nature of contemporary conflicts, the spillover of the conflict into cyberspace was expected, and it is reasonable to assume that Israel must have anticipated such a scenario. The crucial question to pose is whether Israel was adequately prepared to respond to such threats. The issue of Israeli cybersecurity preparedness was raised in the May 2023 Report of the State Comptroller on Cyber and Information Systems, which highlighted potential vulnerabilities in institutions such as the National Insurance Institute.15 The report also pointed out that “given the complex geopolitical climate from a security perspective, Israel is a significant target for potential cyber-attackers”.16

    Israel has refrained from launching kinetic attacks specifically targeting Hamas cyber operations in the current conflict, in contrast to previous engagements. Nevertheless, Israel has sought to capitalise on its technological prowess through various measures.According to reports, Israel has reportedly sought assistance from spyware companies in tracking hostages in Gaza.17

    In response to growing cyber threats, emergency regulations were introduced to provide flexibility to IDF and Shin Bet, enabling them to operationalise counter-offensive measures in the cyber realm. For instance, emergency regulations were approved authorising the IDF and the Shin Bet to penetrate the computers used to operate stationary cameras. The INCD issued a warning to owners of home cameras about the potential threat of hacking by terrorists.18 Measures like GPS jamming were also employed by INCD, leading to significant disruptions in Israel's location applications. Israel also took action against the cryptocurrency fundraising efforts of Hamas and its supporters by freezing accounts suspected of financing Hamas operations.

    The ongoing conflict clearly reiterates the complexities that mire contemporary battlefields. Israel, which built a global reputation for its counter-terror measures, has failed to deter Hamas from pulling out such large-scale operations. However, it is too early to appraise its cybersecurity posture, given the cyberattacks on Israel have not moved beyond minor disruptions and nuisance. Unlike what the world witnessed on the physical front, Israel has not faced any sophisticated breach in the ongoing conflict. However, this should not mean that Israel underestimates the concerted efforts by various groups in deploying influence operations that have largely been successful. Such operations have been amplified by leveraging widely available generative AI tools.

    Israel must also factor in the emerging realities of  responding to cyber threats while simultaneously undertaking kinetic operations in the physical realm. Such broader response needs better cooperation and synergy between the IDF and other security agencies alongwith the INCD. Policy makers must also prioritise ensuring that the appeal for extensive mobilisation of reservists does not disrupt the functioning of cybersecurity companies. Even though such mobilisation occurs in rare circumstances, the potential for this conflict to rapidly escalate necessitates careful consideration of all possibilities.

    Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrrikar IDSA or of the Government of India.

    Keywords: 
    Israel-Palestine Relations
    Hamas

    Top