![](\"https:\/\/media.wired.com\/photos\/652475a1e80ea4e8f65267bb\/master\/pass\/Israel%E2%80%99s-War-Brings-Out-Hacktivists-on-All-Sides-Security-GettyImages-1715335536.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman, Matt Burgess| Date: Mon, 09 Oct 2023 22:21:46 +0000<\/strong><\/p>\n Lily Hay Newman<\/a><\/span> Matt Burgess<\/a><\/span><\/span><\/p>\n After an attack<\/span> on Israel by Hamas on Saturday<\/a>, Israel declared war and fighting escalated throughout the weekend. As the death toll mounts on both sides and the Israeli Defense Force (IDF) prepares an offensive, hacktivists in the region and around the world have joined the fight.<\/p>\n Within hours of Hamas militants and rockets entering Israel, such \u201chacktivist\u201d attacks started to spring up against both Israeli and Palestinian websites and applications. In the short period since the conflict escalated, hackers have targeted dozens of government websites and media outlets with defacements and DDoS attacks, attempts to overload targets with junk traffic and bring them down. Some groups claim to have stolen data, attacked internet service providers, and hacked the Israeli missile alert service known as Red Alert.<\/p>\n \u201cI saw at least 60 websites get DDoS attacks,\u201d says Will Thomas, a member of the cybersecurity team at the internet infrastructure company Equinix who has been following the online activity. \u201cHalf of those are Israeli government sites. I've seen at least five sites be defaced to show \u2018Free Palestine\u2019\u2013related messages.\u201d<\/p>\n Most prominently seen in the war between Russia and Ukraine, it is increasingly common<\/a> for both ideologically motivated hackers and cybercriminals to remotely join the chaos on either side of an escalating conflict by attacking government systems or other institutions.<\/p>\n Alex Leslie, a threat intelligence analyst at the security firm Recorded Future, says that he and his colleagues have identified three subsets of activity within the digital pandamonium of the Israel-Hamas war so far. The majority of the digital attacks seem to stem from preexisting groups or a broader context of similar activity adjacent to other conflicts. \u201cThe scope is international, but rather limited to preexisting ideological blocs within hacktivism,\u201d Leslie says.<\/p>\n The subgroups that Recorded Future has identified so far are \u201cself-proclaimed \u2018Islamic\u2019 hacktivists that claim to support Palestine. These groups have historically targeted India and have been around for years\u201d Leslie says. \u201cPro-Russian hacktivists that are pivoting to target Israel, likely with the intent of sowing chaos and spreading Russian state narratives. And groups that are \u2018new,\u2019 in that they were launched within the last [days] and have limited activities prior to this weekend.\u201d<\/p>\n Since Russia\u2019s 2022 invasion of Ukraine, some prominent hacktivist groups backing Russian interests have emerged, including gangs known as \u201cAnonymous Sudan\u201d and \u201cKillnet,\u201d both of which appeared to wade into the conflict between Hamas and Israel this weekend. Some groups have also been active in reaction to India\u2019s support of Israel, both in favor of and against this support.<\/p>\n Hackers from the group known as AnonGhost, who are seemingly conducting pro-Palestinian campaigns, have been launching DDoS attacks and attempting to target infrastructure and application programming interfaces (APIs). The group claimed the alleged attack on the Israeli Red Alert missile warning platform. Researchers from the threat intelligence firm Group-IB said<\/a> on Monday that the hackers exploited bugs in Red Alert\u2019s systems to intercept data, send spam messages to some users, and possibly even send fake missile strike warnings. The app\u2019s developers did not return a request from WIRED for comment. The Red Alert app has been targeted by hacktivists<\/a> in the past, and Hamas itself has previously been accused of circulating malicious imposter versions<\/a> of Israeli missile alert apps.<\/p>\n Meanwhile, the hacktivist group ThreatSec, which says it has \u201cattacked Israel\u201d previously, claimed it targeted Alfanet, an internet service provider based in the Gaza Strip. In a post on Telegram, the group claimed to have taken control of servers belonging to the company and impacted its TV station systems.<\/p>\n Doug Madory, director of internet analysis at monitoring firm Kentik, says that Alfanet was inaccessible for around 10 hours on Saturday, October 7\u2014before the hacktivists posted their claim. The ISP\u2019s systems have since been back online and communicating with the wider world. \u201cSome of their services could still be broken,\u201d Madory says, pointing to an Alfanet TV website and a web portal that were inaccessible on Sunday evening.<\/p>\n In response to a request for comment from WIRED via Facebook Messenger, Alfanet shared a statement in Arabic saying that communications were cut off due to \u201cthe complete destruction\u201d of its headquarters. \u201cCrews are working with all their might to restore service after the bombing of the headquarters and the main tower, despite the difficult and dangerous circumstances,\u201d the message says via machine translation. The company did not comment on the role of a cyberattack, if any, in the outage.<\/p>\n Internet connectivity in Gaza has also been broadly disrupted by electricity outages as Israel implements<\/a> what Defense Minister Yoav Gallant called a \u201ccomplete siege\u201d on Monday, cutting off the region\u2019s electricity and supply lines for water, food, and fuel.<\/p>\n Amid the chaos of any erupting kinetic war, hacktivism often fuels disinformation<\/a>, misinformation, and panic. This can lead to unintended consequences<\/a>. For some digital actors, unpredictability itself is the goal.<\/p>\n \u201cThe Indian cyber force actually claimed to DDoS hamas.ps and webmail.gov.ps,\u201d Equinix\u2019s Thomas says. Meanwhile, "there's one group called the Cyber Avengers who are claiming to steal documents from Israel's national electricity authority. They claimed they stole documents from Israel's Dorad power plant. [But] they are actually known for making up stuff and creating sort of fake infrastructure and screenshotting.\u201d<\/p>\n Victoria Kivilevich, director of threat research at the Israeli cybersecurity firm Kela, says that while hacktivist activity may add to the turmoil, she doesn\u2019t expect that it will significantly impact warfare on the ground.<\/p>\n \u201cWe can expect to see more groups and DDoS attacks because of the severity of the conflict and general evolution of hacktivist groups, however, so far we don't expect any significant impact on the overall threat landscape.\u201d<\/p>\n Last week, the International Committee of the Red Cross put forth rules of engagement<\/a> for \u201ccivilian hackers\u201d wading into a conflict. The eight directives, which are based on international human rights law, came primarily in the context of Russia\u2019s war on Ukraine, but they are relevant globally. They emphasize minimizing threats to civilians\u2019 safety and ban cyberattacks on health care facilities. They also ban use of computer worms and require that actors \u201ccomply with these rules even if the enemy does not.\u201d<\/p>\n In response to the release, some hacktivist groups active on both sides of Russia\u2019s war in Ukraine said they would attempt to follow the rules when possible, but others said it wasn\u2019t feasible or rejected the premise entirely. In its efforts to gather grassroots support, Ukraine has encouraged a sort of legitimized version of hacktivism<\/a> by establishing a volunteer \u201cIT Army\u201d for its war effort against Russia. All of this has created a nuanced and unpredictable element in the digital component of kinetic wars.<\/p>\n \u201cWhat we saw in Ukraine with hacktivism has set a precedent moving forward,\u201d Recorded Future\u2019s Leslie says. \u201cWe believe that many of these groups are motivated by attention. That\u2019s why we see so many groups that probably shouldn\u2019t be active in this conflict for geopolitical reasons jumping into the fray. They want people to know that they\u2019re active and capable of reacting to any event\u2014even if the intentions are disingenuous. Hacktivism is intertwined with information and influence operations, and it is here to stay.\u201d<\/p>\n