The militant group Hamas launched a sudden land, sea and air attack on Israel on Saturday, prompting Israel to declare war and retaliate. The attack on Israel coincided with several hacktivist groups launching a large amount of malicious traffic targeting Israeli websites. Israeli newspaper The Jerusalem Post reported on Monday that its website had been down since Saturday morning "due to a series of cyberattacks targeting us." As of this writing, the newspaper’s website remains down.
The Jerusalem Post is currently down due to a series of cyberattacks launched against us since yesterday morning.
We are actively responding to this situation and will be back soon to continue to be your premier source of information about Operation Sword.....
— Jerusalem Post (@Jerusalem_Post) October 9, 2023
Rob Joyce, director of cybersecurity at the National Security Agency, reportedly said at a meeting on Monday that there were denial-of-service (DDoS) attacks and website defacements, but did not attribute the cyberattack to a specific organization. "But we haven't seen a true state actor," Joyce said.
It is common for hacker groups to launch cyberattacks during armed conflicts, similar to what happened in Ukraine. These hackers are typically not affiliated with any government, but are instead a decentralized group of politically motivated hackers. Their activities can disrupt websites and services, but are much more limited than those of nation-state hacking groups. Researchers and government agencies such as the National Security Agency say they have only seen hacking activity in Hamas's conflict with Israel so far.
The NSA and the Israeli Consulate General in New York did not immediately respond to requests for comment.
Joyce's comments appear to confirm the findings of security researcher Will Thomas, who said that as of Monday he had seen more than 60 websites taken down due to DDoS attacks and more than five websites compromised.
“What surprises me about the hacking campaigns surrounding this conflict is the number of international groups involved, such as those from Bangladesh, Pakistan and Morocco who are also allegedly targeting Israel in support of Palestine. We are also seeing threat actors that have been involved in attacks for a long time return and spread for years using the #OpIsrael hashtag,” Thomas said in an online chat.
Thomas, a cyber threat intelligence researcher at the Equinix Threat Analysis Center, wrote on X (formerly Twitter) that pro-Palestinian hacktivists are targeting government websites, civil services, news sites, financial institutions, and telecommunications and energy companies.
Tracking Hacktivism and the Israel/Hamas War From:
Types of hacking attacks currently shared on Telegram:
–DDoSing*.il website
– Share credentials for *.il site
– Hijack API to send mobile push messages
–Leaking stolen documents
(As of 10/7/23)
— Will (@BushidoToken) October 8, 2023
Thomas said hacktivist groups are not the only ones active in the conflict.
"I've seen some posts from operators of cybercrime services, such as DDoS-for-Hire or initial access brokers, offering their services to people who want to target Israel or Palestine," he said.
Initial access brokers are groups that compromise websites and networks and provide access to other hackers in exchange for payment.
Independent researcher and consultant Lukasz Olejnik said such cyber attacks could have a limited impact on armed conflict.
"The actual ability of such hacktivist groups to conduct any measurable cyber activity is limited. The impact will be very low, limited to no impact given everything that's going on. In other words, it's a disruption (or information impact)," Oleinik said.
The cyberattacks in Israel's war with Hamas come less than a week after the International Committee of the Red Cross published a list of rules it said should govern the activities of hacktivists in military conflicts. One of them is that these groups should not attack civilian targets.
Following the announcement by the International Committee of the Red Cross, hacktivists defaced the website of the Russian Red Cross.
On Saturday, Palestinian militants linked to Hamas launched a surprise attack from the small Palestinian enclave of Gaza inside Israel. Hamas militants bulldozed roadblocks and infiltrated Israeli border towns, killing more than 700 people. According to the Associated Press, in response to what was considered the worst attack in 50 years, the Israeli government formally declared war and retaliated by bombing Gaza.
Gaza has been blockaded by Egypt and Israel since 2007, blocking the import of some goods and isolating the area.