Cyber becomes second front in Israel-Hamas conflict

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 17 Oct 2023
The primary goal of a DDoS attack is to make websites or networks unavailable to legitimate users.
The primary goal of a DDoS attack is to make websites or networks unavailable to legitimate users.

As the Israel-Hamas war continues, distributed denial-of-service (DDoS) attacks are being used by both sides.

This is one of the biggest takeaways from a report published by web developer portal Website Planet, in partnership with security researcher Jeremiah Fowler.

According to the report, the ongoing Israeli-Hamas conflict shows cyber warfare is now the new normal.

“It is an open secret that many nations and other global actors have spent years testing each other’s cyber defences and have extensive experience in offensive and defensive security,” says Fowler.

“State-sponsored cyber attacks are a serious threat during both times of war and peace, but it appears to be the new normal that a cyber war accompanies a physical conflict.”

Fowler points out that the cyber war landscape changes rapidly. Many well-known groups have already announced their involvement in the Israel-Hamas conflict, including various Anonymous factions, KillNet, AnonGhost and others.

According to CyberKnow, a cyber warfare tracker, there were an estimated 58 different groups participating in cyber attacks in the first days of the conflict.

The initial report claims there are 10 groups working in support of Israel and roughly 48 in support of the Palestinians.

Thriving on anonymity

Fowler points out that in general, due to the anonymous and covert nature of hacktivism, cyber crime and espionage groups, it’s difficult to determine what their agenda is and exactly how much impact they have.

“Being anonymous is a core part of their survival and effectiveness, which they try to ensure by hiding their location, identities and any state affiliations. It is also possible that some of these groups are actually formed by the same individuals and simply use different operational names to make the attacks seem bigger than they really are.

“One of the major challenges in cyber warfare is attributing cyber attacks to specific state-sponsored actors or independent hacktivist groups. Not knowing exactly who is targeting what makes it difficult to establish responsibility and accountability.”

Nevertheless, Fowler notes various cyber attacks have been publicly linked to one government or another.

For instance, he explains, multiple Russian-aligned groups, such as KillNet and Anonymous Sudan, have publicly claimed involvement in cyber attacks against Israel.

KillNet Group launched a new Telegram channel called KillNet Palestine, where it reaffirmed its affiliation with Anonymous Sudan and announced its intentions to co-ordinate its targeting of Israeli assets.

Furthermore, according to a report published by Microsoft, Iran targeted Israel’s government and private sector infrastructure more than any other country between July 2022 and June 2023.

In turn, Fowler notes, Iran has blamed Israel for numerous cyber attacks going back many years.

He adds there have been numerous reports of DDoS attacks against private businesses and government entities of both Israel and Palestine.

“These attacks, which come from all over the world, simply flood websites with an overwhelming volume of traffic requests. This ‘bad traffic’ consumes the network’s resources – such as bandwidth, processing power, memory, or network connections – and leaves virtually no capacity for legitimate user requests, hence the term denial of service.

“In other words, a DDoS attack is a relatively low-tech but effective method to launch a malicious disruption of a network, service, or website by overwhelming it with a massive flood of traffic requests.”

Fowler points out the primary goal of a DDoS attack is to make websites or networks unavailable to legitimate users for hours or, in rare cases, days.

Various DDoS attacks have been launched since the conflict started. For instance, Fowler says, the official Hamas site was briefly taken down, allegedly by a pro-Israeli hacktivist group called India Cyber Force.

The Jerusalem Post, the largest English-language news provider, was targeted by Anonymous Sudan, a group that, despite what its name suggests, many experts believe operates from Russia.

KillNet, another Russian-affiliated group, claimed to have taken down the primary website of the Israeli government.

ThreatSec, a pro-Israel group, is suspected to have targeted Gaza’s internet service providers.

“By disrupting internet access, it hinders both people’s ability to acquire information and the cyber capabilities of those who can’t connect to the network,” Fowler says.

Cyber espionage

Website Planet reveals that Israeli, Palestinian and other entities are actively seeking to monitor communications, infiltrate networks and gain valuable information that can be used to their advantage.

It states the Gaza-based hacker group Storm-1133 has a history of targeting telecommunications, energy and defence companies in Israel with limited success.

Storm-1133 has taken a slightly different approach to other groups by using everything from LinkedIn to Google Drive to launch social engineering campaigns, it explains.

“Their goal is to deploy backdoors that bypass traditional security methods and then gather information through social engineering instead of relying only on brute-force hacking attempts.

“The use of hacked systems and data also plays a role in cyber espionage. Once data or an intrusion is filtered, it can be a stepping stone for further attacks or targeted campaigns to gain additional espionage capabilities,” Fowler notes.