The war between Israel and Hamas has reached an uncomfortable of stasis: a series of temporary ceasefires that may eventually culminate in a long-term halt to hostilities. The conflict’s eventual impact remains as obscure as ever, but there was one way in which this latest round of fighting could be precedent-setting.
Experts say that during Operation Pillar of Defence, Israeli websites faced a larger, more coordinated, and more skilled series of cyber attacks than during similar conflicts. At the same time Hamas was trading fire with the Israel Defence Forces, hackers from all over the world launched a string of attacks on electronic targets in Israel.
According to Gadi Aviran, CEO of the Netanya-based open-source intelligence analysis firm SenseCy/Terrogence, hackers have used the last two Israeli military operations in Gaza as an opportunity to strike at the country. But this time their efforts revealed a greater level of capability and expertise.
“It was much more profound than previous operations,” Aviran told Business Insider. “It was well-organised, had a lot of traction, and it used some more advanced techniques than we saw before. It was kind of a logical step in their evolution.”
This meant a greater frequency of typically unsuccessful or short-lived acts of web vandalism, like the replacement of a web page with a picture of Adolf Hitler or Hezbollah leader Hassan Nasrallah, or attempted data bombs or denial of service attacks. But hackers did manage to overwhelm and slow down a major Israeli internet service provider — a nearly unprecedented accomplishment.
In total, 2,500 websites were defaced during the attacks, while “several databases were leaked online,” SenseCy analyst Zahavi wrote.
China-based hackers reportedly tried to steal information related to the Iron Dome missile interceptor system in 2011 and 2012
Israel’s cyber challenges
The vast majority of attacks didn’t originate in Gaza or the West Bank. Many came from hundreds or even thousands of miles from Israel’s borders, from places like Morocco and Indonesia. But there’s one country that seems especially determined to prove its cyber-capabilities against Israel, and Gutman writes that it was likely active during the wave of cyber-attacks that accompanied this past month’s hostilities.
Iran built up its cyber-offensive capabilities during the decade of international isolation leading up to the Joint Plan of Action in November of 2013. Today, Israel considers Russia, China, and Iran to be the sources of the most aggressive and worrying attacks against its online and electronic infrastructure.
Most Russian-based attacks are criminal in nature — attempts to steal credit card numbers or bank account information, for instance. China has a broad-based hacking strategy that involves efforts against ostensibly friendly or at least non-hostile countries, as when Chinese-based hackers attempted to steal information about Israel’s Iron Dome missile interceptor system in 2011 and 2012.
Iranian-based hacking is different in nature. Unlike Russia or China, the Iranian government is politically and ideologically opposed not just to Israeli policy, but to the country’s very existence. Hacking originating in Iran is aimed at directly undermining Israel in a way that Russian or Chinese hacking typically isn’t.
The defacement signature of a group called the Iranian Cyber Army
The Iranian Regime Ups Its Game
Iran made cyber capabilities a top defence priority after the Stuxnet computer bug, a possible joint project of Israel and the U.S. that infiltrated and sabotaged Iran’s nuclear program. The Iranian government realised that its enemies had brought the fight to a new battlefield, and established a dedicated cyber command in 2011.
Gutman suspects an Iranian role in some of the more sophisticated Gaza hacks. And there’s a precedent for Iran using online Palestinian front groups as a front for anti-Israel activities. In 2013, SenseCy identified a group called Qods Freedom that claimed to be Palestinian and was responsible for extensive denial of service attacks on Israeli sites in July and August of that year. But their online vandalism included Arabic mistakes that no native speaker would make, using a tileset that SenseCy determined could only have been produced through a Persian-language keyboard. Qods Freedom also used the same “defacement signature” as two Iranian groups.
According to the same report, the Hamas-linked Izz al-Din Al Qassam Cyber Fighters were also a project of the regime in Tehran.
As George Washington University scholar Frank Cilluffo explained in congressional testimony in 2012, Iranian hacking is a multi-faceted enterprise. It encompasses hidden proxies like Qods Freedom — but also government-backed but semi-independent groups like the highly capable Ashiyane Digital Security Team, and online adjuncts of Iranian-supported foreign militant groups, like Cyber Hezbollah.
Iranian-based hackers’ capability seems to be catching up to their ambitions. In February of 2014, the Wall Street Journal reported that Iran-based hackers had so deeply infiltrated Navy and Marine Corps unclassified web systems that it would take four months to fully dislodge them.
Even as Iran negotiates a nuclear agreement with the U.S. and its partners, it hasn’t scaled back its asymmetrical ambitions — whether on Iraq’s sectarian battlefields, or on Israeli and even American web servers.
Business Insider Emails & Alerts
Site highlights each day to your inbox.