During the start of the Russian invasion of Ukraine the hacktivist group Anonymous declared a cyber war against Russia. At the time, I conducted extensive research into the methods, tactics, and results of how a group of semi-unorganized non-governmental hacktivists were able to cause major havoc in Russia. Their strategy included everything from hacking news outlets, home printers, and connected devices, to downloading a mind-boggling amount of Russian data belonging to companies and government agencies and then publicly releasing that data online. It was the first time the world saw a successful crowdsourced cyber war that could not be tracked back to any specific country or government.
In the current conflict between Israel and Hamas, I have seen hacktivist groups attempt many of the same techniques that were successfully used against Russia. However, they seem to be less effective now. The one major factor that makes these cyber war tactics different is the time between conflicts. In the 19 months since hacktivists declared cyber war against Russia, cyber security experts and intelligence services around the world have had time to analyze, prepare, and try to insulate themselves by learning from the failures of Russia’s cyber defenses. After all, it is a fact that cyber warfare will play a significant role in any current and future conflicts. Cyberspace acts now as a second front with no defined rules of engagement. Hacktivists and government-affiliated groups can choose a side and launch numerous attacks based on their specific skill sets, tipping the scales of the conflict with seemingly just a few clicks.
The most common tactic I have seen in the Israel-Palestine online conflict are denial of service (DoS) attacks. In the first days of the most recent confrontation, the attacks seem to have been focused on Israeli government websites, civil services, news sites, financial institutions, and telecommunications and energy companies. By targeting these sites, attackers can manipulate information and limit civilians’ access to real-time news, government instructions, and other important intel.
Who is hacking who?
It is an open secret that many nations and other global actors have spent years testing each other’s cyber defenses and have extensive experience in offensive and defensive security. State-sponsored cyber attacks are a serious threat during both times of war and peace, but it appears to be the new normal that a cyber war accompanies a physical conflict. The cyber war landscape seems to change rapidly, but many well-known groups have already announced their involvement in the Israel-Hamas conflict, including various Anonymous factions, KillNet, AnonGhost, and others.
According to CyberKnow, a cyberwarfare tracker, there were an estimated 58 different groups participating in cyber attacks in the first days of the conflict. The initial report claims there are 10 groups working in support of Israel and roughly 48 in support of the Palestinians. In general, due to the anonymous and covert nature of hacktivism, cybercrime, and espionage groups, it’s difficult to determine what their agenda is and exactly how much impact they have. Being anonymous is a core part of their survival and effectiveness, which they try to ensure by hiding their location, identities, and any state affiliations. It is also possible that some of these groups are actually formed by the same individuals and simply use different operational names to make the attacks seem bigger than they really are. One of the major challenges in cyber warfare is attributing cyberattacks to specific state-sponsored actors or independent hacktivist groups. Not knowing exactly who is targeting what makes it difficult to establish responsibility and accountability.
Nevertheless, various cyber attacks have been publicly linked to one government or another. For instance, multiple Russian-aligned groups, such as KillNet and Anonymous Sudan, have publicly claimed involvement in cyber attacks against Israel. KillNet Group launched a new Telegram channel called KILLNET PALESTINE, where it reaffirmed its affiliation with Anonymous Sudan and announced their intentions to coordinate their targeting of Israeli assets. Furthermore, according to a report published by Microsoft, Iran has targeted Israel’s government and private sector infrastructure more than any other country between July 2022 and June 2023. In turn, Iran has also blamed Israel for numerous cyber attacks going back many years.
Cyber attack methods currently being used
There is no doubt that a cyber war is taking place online in conjunction with the current physical war. As of now, the impact of these cyber attacks appears to be minimal, causing only minor disruptions. As more groups and actors join the fight, the cyber security threats will only increase. We will add updates to this article as major cyber attacks happen.
Hacked data can have significant risks for years to come and can serve as a puzzle piece for gathering intelligence or launching future attacks. There are no rules in cyber warfare, which means all types of data could be considered fair game and valuable targets. Knowing the methods and tactics of cyber warfare can help protect people, businesses, and government entities.
Denial of Service (DoS)
There have been numerous reports of DoS attacks against private businesses and government entities of both Israel and Palestine. These attacks, which come from all over the world, simply flood websites with an overwhelming volume of traffic requests. This “bad traffic” consumes the network’s resources — such as bandwidth, processing power, memory, or network connections — and leaves virtually no capacity for legitimate user requests, hence the term denial of service. In other words, a DoS attack is a relatively low-tech but effective method to launch a malicious disruption of a network, service, or website by overwhelming it with a massive flood of traffic requests. The primary goal of a DoS attack is to make websites or networks unavailable to legitimate users for hours or, in rare cases, days.
Various DoS attacks have been launched since the conflict started. For instance, the official Hamas site was briefly taken down, allegedly by a pro-Israeli hacktivist group called India Cyber Force. The largest English-language news provider The Jerusalem Post was targeted by Anonymous Sudan, a group that, despite what its name suggests, many experts believe operates from Russia. KillNet, another Russian-affiliated group, claimed to have taken down the primary website of the Israeli government. ThreatSec, a pro-Israel group, is suspected to have targeted Gaza’s internet service providers. By disrupting internet access, it hinders both people’s ability to acquire information and the cyber capabilities of those who can’t connect to the network.
Propaganda and Misinformation
This is likely the easiest of all cyber war tactics for the average person because it requires almost no technical knowledge and only an internet connection. However, sophisticated bot networks are more prevalent than ever on social media, making it even easier to use this tactic. Winning the hearts and minds of supporters has always been a primary goal of all global conflicts, and propaganda is an effective tool to sway opinions or gain support for a specific cause or ideology.
Social media outlets are struggling to keep up with the massive amount of misinformation and bot activity. In 2022, there were an estimated 16.5 million bots on X (Twitter) alone. A report on Russian propaganda on X during the 2022 invasion of Ukraine found that bots played a large role in promoting pro-Russian content, with an estimated 20 percent of the messages being posted by bots and reaching nearly 14.4 million users. It is highly likely the same level of bot activity is still happening on social media, with the biggest risk being that the average users may not spot the difference between a bot and a human and could fall for disinformation. The EU issued a notice to Elon Musk and Mark Zuckerburg over the alleged disinformation regarding the Hamas attack, fake news, and out-of-context visual content. The EU demands mitigation measures be implemented to tackle the risks to public security and civic discourse stemming from disinformation.
Israeli, Palestinian, and other entities are actively seeking to monitor communications, infiltrate networks, and gain valuable information that can be used to their advantage. The Gaza-based hacker group Storm-1133 has a history of targeting telecommunications, energy, and defense companies in Israel with limited success. Storm-1133 has taken a slightly different approach than other groups by using everything from LinkedIn to Google Drive to launch social engineering campaigns. Their goal is to deploy backdoors that bypass traditional security methods and then gather information through social engineering instead of relying only on bruteforce hacking attempts. The use of hacked systems and data also plays a role in cyber espionage. Once data or an intrusion is filtered, it can be a stepping stone for further attacks or targeted campaigns to gain additional espionage capabilities.
Hacking and Defacement
Hacking: In the current conflict, it seems like only a small number of proven claims of hacking have made a big difference for either side. AnonGhost, a hacking group based in Africa, the Middle East, and Europe claimed they disrupted an Israeli emergency alert application (according to their social media channel). A group calling itself Team Insane PK’ claimed that it hacked a hydroelectric power plant in Israel. Cyber Av3ngers, a pro-Hamas group, claimed it attempted to target Israel’s power grid organization. If true, this raises the stakes of the possibility of cyberattacks on critical infrastructure, including power grids and water facilities.
Hacked data is another major concern during conflicts. One example is a Russian language forum that appears to be selling the personal data of Israel Defense Forces. These records may reveal sensitive personal information that could go far beyond personal security and safety, as the data could include home addresses, contact details, or even the names of family members, which could be exploited by the hacktivists for harassment or additional cyber attacks. Access to private data can provide additional insights into the soldiers’ digital lives and put them at risk for targeted phishing attempts and malware distribution. Being aware of cybersecurity best practices and understanding the importance of maintaining personal information secure is a priority when any nation’s defense forces have been involved in a data breach.
Defacing: Websites, social media accounts, and digital platforms associated with both Israeli and Palestinian entities have been targeted by defacement. In the first week of the conflict, an estimated 100 websites from both sides were defaced. The goal of these attacks is to hack the website and convey political messages and ideologies. These attacks are usually done through an SQL injection where the hacker exploits vulnerabilities in a website’s input fields to manipulate the website’s database. By injecting carefully crafted SQL queries, an attacker can bypass security measures and gain unauthorized access. This form of attack allows the hacker to retrieve confidential user credentials, or take control of the website and deface it. Although these appear to be major incidents, they are not likely to provide the hacker with any sensitive data or information because sensitive records are usually not stored on a public-facing website. Usually these credentials are specifically for one area of the website’s administrative panel and, as long as credentials are not reused or shared to access other parts of the network, there is a lower risk of a serious data breach.
What we can learn from this
Cyber attacks in the Israel-Palestinian conflict show us how information warfare and cyber activities intertwine with traditional forms of war. My goal is to highlight the cyber security aspects of the conflict without the geopolitical, historical, political, or humanitarian complexities. The use of cyber warfare underscores and defines a new reality of conflicts in the digital age and highlights the importance of addressing these cyber security challenges. Cyberattacks against any nation pose significant dangers with far-reaching consequences. Disrupting critical infrastructure, including power grids and communication systems, can also directly affect civilian populations. These attacks serve as a warning to countries around the world — all nations should be highly prepared for potential future attacks and implement proactive cybersecurity measures. Unfortunately, when it comes to a cyber attack, it is no longer about if it happens, but when it happens. Going forward, the same potential threats apply to corporations, private businesses, and individuals. The tools and methods used by hacktivists today could be used on you, your company, or your government tomorrow. Understanding how hacks occur is the first step to protecting yourself online and your digital life.
Jeremiah Fowler is a Security Researcher and co-founder of Security Discovery. Jeremiah began his career in security research in 2015 and has a mission of data protection. He has helped identify and secure the data of millions of people around the world. His discoveries have been covered in Forbes, BBC, Gizmodo, among others. Security and responsible disclosure are not only a passion, but a way of protecting our digital lives.