Online attacks also started with Hamas’s terrorist attack on Israel. In technically simple DDoS attacks, web servers became overloaded, making websites and mobile apps of authorities and media temporarily unavailable. Repeated overload attacks have been confirmed in the newspaper “Jerusalem Post”, several Israeli hospitals and government agencies. The attacks were usually short-lived and not very effective. Israeli media also reported that the Ministry of Education switched from Zoom to Google for video conferencing after unwanted people posing as Hamas fighters appeared in video meetings.
The pro-Palestinian hacker group AnonGhost is also said to have succeeded in hacking the smartphone app RedAlert. This warns the Israeli population of rocket attacks or other dangers.
On the Monday after the terrorist attack, IT security company Group-IB reported that hackers had exploited a security hole the day before, to send spam messages via alert app. Screenshots suggest that the hacktivists were able to send messages like “Death to the Israelis” or “The atomic bomb is coming” to some users.
It is unclear whether the alert app was actually hacked or – as another hacker group claimed – temporarily disabled via a DDoS attack. The app had now disappeared from the Google Play Store, which indicates problems.
Inciting panic
Such distributed denial-of-service attacks cause no lasting damage and no data is stolen or encrypted. The attackers have other goals: the Israeli population, which was in shock in the first hours of the terrorist attack, must be intimidated even more. The terrorists aim to sow panic, spread disinformation, undermine confidence in the state’s ability to defend its citizens, and generally destabilize the country.
The mere rumor circulating on social media that the warning app, which is important in the current situation, could fail, could create uncertainty among the population. Basically, attackers only need to shut down apps or websites for a few minutes or deface them with anti-Israel slogans to share a screenshot of it on their social media channels. The pro-Russian hacker group Killnet claimed to have taken offline the websites of Israel’s domestic intelligence service and the Ministry of Finance. There is no independent confirmation of this and even if the websites were offline for a short time, they have long been accessible again.
The tricks of the hacktivists
Another tactic used by hacktivists is to publish data from old hacking attacks and pass them off as current attacks to generate attention. For example, on Telegram and in well-known underground forums, hacker groups claimed the day after the Hamas attack that they had compromised Israel’s energy supply and the Iron Dome missile defense system. To do this, they published data stolen from other hackers in previous attacks on other targets to simulate a current attack.
On October 8, #hacktivist group #CyberAv3ngers in their Telegram channel claimed to have successfully attacked #Dorad power plant (Fig. 1). Group-IB’s Threat Intelligence team has discovered that the information posted by CyberAv 3ngers is data stolen by the #ransomware… pic.twitter.com/9PNiefYqzf
— Group-IB Threat Intelligence (@GroupIB_TI) October 10, 2023
IT security researchers quickly debunked the claims as a false statement, but again, the false claims spread on social media may have been enough to upset people. The fact check that refutes the claims is usually seen by far fewer people.
Dozens of hacker groups are involved
Dozens of hacker groups have reported more than 80 alleged DDoS attacks on Israeli websites in recent days. According to the cyber attack tracker Cyberknow, at least 58 groups in total are believed to be involved; 10 of them on the Israeli side.
The website overload attacks observed so far are likely to come mainly from outside the Gaza Strip, and at least three actors have previously caused a stir with pro-Russian or pro-Iranian actions.
So far, there is no evidence of serious cyber attacks (by state actors) or coordinated with Hamas – which does not rule out that such attacks could follow.
The success stories often shared on Telegram should be scrutinized, especially when hacktivists report supposedly successful attacks on Israel’s critical infrastructure. “Much of it turns out to be wrong, outdated or incomplete,” says IT security expert Allan Liska.
What seems clear is that the limited extent of cyber damage in Israel so far is not comparable to the targeted attacks by Russian hackers in the hours before Ukraine was invaded. At that time, at the same time as the Russian military’s invasion, a cyberattack crippled tens of thousands of broadband modems in Ukraine. The satellite network KA-Sat of the American operator Viasat was also affected.
Israel warns against unprotected surveillance cameras
The Israeli Cyber Security Agency announced this shortly after the Hamas attack began There is clearly “no specific cyber attack related to the current situation”. She called on the population to remain vigilant and report any attacks and rumors of alleged hacks.
Israel’s National Cyber Directorate also called on citizens to protect all surveillance cameras with strong passwords or otherwise disable them completely. Authorities fear that unsecured webcams could be used by Hamas for espionage. Authorities say more than 66,000 security cameras across the country are potentially vulnerable to remote attacks.
The Israelis learned an important lesson from the war in Ukraine, in which security cameras across Ukraine were hacked by Russian hackers to track military aid convoys or target targets for rocket fire in real time.
Hamas also uses hacked surveillance cameras for its propaganda: the terrorists distribute recordings from hacked cameras showing their rockets hitting Israeli homes. The terrorists want to demonstrate that their missiles can penetrate the Iron Dome missile defense system.
Criminals profit from war
In addition to hacktivists, the current situation also attracts cyber criminals who are purely out for profit. For example, criminals sell live access to compromised systems.
Some cybercriminals are trying to profit from the war by offering allegedly stolen databases from Israeli and Palestinian organizations.
The criminals may have also already created fake websites calling for donations for Israel or Palestine. Of course, the money does not end up in Israel or with the Palestinians.
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
