‘Hacktivism’, Cyber Warfare, and the 2023 Israel-Hamas Conflict

Kate Langley

On October 7 2023, a several decades-long conflict between Israel and Palestine reached a critical juncture, with the storming of Hamas militants into Israel and Israel responding with a declaration of war and continued rejections of a ceasefire. Thousands of lives have been lost already, with air strikes the primary weapon of choice. However, like many other 21st century conflicts, this is a war that is not solely waged on the ground. The Israel-Hamas War has unleashed a flurry of malign cyber-activity and ‘hacktivism’, as well as glaring weaknesses in cyber-security. The result is a multifaceted digital battleground, with numerous implications for national security.

Cyberattacks in the Israel-Hamas Conflict

On-the-ground armed incursions by Hamas fighters into Israel have been the focal point of the media coverage of October 7. Less-known are the accompanying cyber-attacks that came just before Hamas initiated “Operation Al-Aqsa Flood”. An initial strike targeted the Noga Independent Systems Operator, a crucial entity responsible for managing the Israeli electricity network. This was the first in a series of cyber-warfare blitzes.

Both Palestinian and Israeli governments, as well as media websites and emergency response infrastructure, have reportedly come under a relentless barrage of distributed denial-of-service (DDoS) attacks. These are cyber-attacks where the perpetrator attempts to disrupt traffic on a server to such an extent that it becomes temporarily unavailable to its users. These DDoS attacks have the potential to cause catastrophic failures to key industrial control systems, reminiscent of Israel’s use of the Stuxtnet worm malware in 2010 that completely disrupted Iran’s nuclear program, or the Russian AcidRain viper malware that brought down Ukraine’s Viasat satellite system as it launched its ground invasion. One set of hackers known as AnonGhost, claiming to support Hamas, said that they disrupted an Israeli emergency alert application, and while this claim is unverified, it demonstrates the potential impact cyber-attacks can have on a nation’s critical security infrastructure.

Cyber-attacks in the public domain have also been used to push pro-Israeli and pro-Hamas messaging. Allegedly a billboard in the central Israeli city of Holon was recently hacked, displaying images of rockets and a burning Israeli flag. A recently released Microsoft report recorded how one Gaza-based hacker group, known as Storm-1133, had successfully been spying on Israeli telecommunications companies through cyber-attacks, as well as creating new LinkedIn profiles masquerading as Israeli human resources managers to send malware to employees at Israeli organisations. Public aid organisations have not been left unscathed, with pro-Israeli hackers repeatedly attacking charity Medical Aid for Palestinians, hindering relief efforts for Gaza.

Cryptocurrency is also an increasingly large tool in the arsenal of modern day cyberwarfare, with many militant groups using crypto for funding. Cryptocurrency wallets reportedly attributed to Hamas have received almost $135 million between 2021 and 2023, according to a Wall Street Journal report. Israel has used its own highly advanced cyber-police unit, Lahav 433, to identify these wallets and freeze Hamas’s cryptocurrency channels, disrupting the group’s access to donation revenues.

Spikes in ‘Hacktivist’ Activity

It is unclear who is perpetrating many of these cyber-attacks, with the anonymity of cyberspace meaning that several ‘hacktivist’ groups are taking responsibility for various assaults, with little to no means of verification of these claims available. Hacktivist groups, which largely use computer-based hostilities to push a political or social agenda, are increasingly using global conflicts for their own purposes. One highly organised hacktivist group, ThreatSec, is claiming to have brought down more than 5,000 servers belonging to Gaza internet provider Alfanet.ps. ThreatSec claims to be “anti-war”, and has boasted about previous attacks on both Israel and the Gaza region. Another group, known as the Indian Cyber force, has claimed responsibility for bringing down the Palestinian National Bank’s website on the second day of the conflict.

These cyber threat groups add yet another transnational element to 21st century conflicts, particularly as they are often backed by state-sponsored regimes acting in their own national interests. Often these groups are not necessarily interested in the current conflict itself, but use it as a means of gaining attention for separate causes- more recently the Russia-Ukraine conflict. Pro-Russian hacker group Anonymous Sudan has claimed responsibility for DDoS attacks on multiple countries during the period of the Israel-Palestine War, including Australia. A recent intelligence update by a cybersecurity company found that through analysis of the activity of hacktivist threat groups since Israel formally declared war on 8 October, has included at least 30 groups ideologically aligned with Russia, Ukraine, India, Pakistan and Bangladesh, with many shifting their social media messaging away from the Russian invasion of Ukraine to the Israel-Hamas War.

Other hacktivist groups use conflicts as an opportunity to monetize services. Krypton DDoS-for-hire botnet group has offered to sell its DDoS capabilities to pro-Palestinian hackers, essentially selling its cyberwarfare skills to the highest bidder.

History of Cyber Warfare in Israel-Palestine Conflict

Israel has long been known as a global cybersecurity hub, and the several decades-long Israel-Palestine conflict had witnessed instances of cyberwarfare and hacktivism well before 2023. Notably, these instances included the hacking of the mobile phones of Palestinian human rights defenders using Israeli spyware such as Pegasus, raising concerns about surveillance and privacy violations. Organisations accused of links to groups like the Popular Front for the Liberation of Palestine (PFLP), including Al-Haq, Addameer, Defense for Children International-Palestine, and others, became targets of illegal surveillance by the Israeli government, causing large risks for involved individuals.

In March 2019, Israel also declared preparations for ‘information warfare’ with Palestinians, highlighting the importance of cybersecurity in the on-going conflict. Palestinian hackers have occasionally gained an upper hand, breaching Israeli security and causing significant information leaks. However the Israeli Defence Forces 8200 cyber warfare unit, known as Yehida Shmoneh-Matyim, is notorious for its extensive spying on Palestinian society, intercepting electronic communications through email, phone calls and social media. This surveillance has long been used for political persecution of Palestinians, and to create division within Palestinian society.

Global Impacts

While for the moment Hamas is limited in its ability to wage cyberwarfare, with internet and electricity in Gaza completely cut off, direct and indirect sponsors of this conflict, such as Iran and Russia, continue to use their capability to advance their own interests. Israel, which is known as a global cybersecurity hub, is facing increasing challenges, as many technology experts find themselves called up for military duty, and Israel’s numerous computerized networks become harder to defend against concurrent cyber attacks.

This conflict has been a huge wake-up call for countries that consider themselves cybersecurity leaders. Both the United States and Israeli spy agencies have been stunned at their failure to detect Hamas’s attack before it occurred through online intelligence and satellite, highlighting the weaknesses of current space-based Intelligence Surveillance-Reconnaissance Systems, which are often too far away to capture on-ground activity. The increasing introduction of state-sponsored hacktivist groups into the cyber battlefield means that foreign regimes are often able to pursue their own interests illegally under the cover of anonymity.

There is also a growing possibility that Australia’s public condemnations of Hamas will result in us becoming targets for hacktivist groups, although several other regions remain a much higher priority for cyberattacks. Cybersecurity organisation CyberCX is quoted as recently saying “it is likely that pro-Russia groups already known to target Australia will use this conflict and political responses to it- including physical protests in Australia- as a pretext to increase their campaigns in Australia”. The 2023 Israel-Hamas conflict’s cyber dimension has underscored the growing role of cyberwarfare and hacktivism in modern geo-political conflicts. This digital battlefield has showcased the potential for cyberattacks to accompany traditional warfare and transcend conflicts above national borders. Nations will need to bolster their cyber defenses and international cooperation to mitigate the escalating threats posed by cyberattacks and hacktivism in an increasingly interconnected world.

Kate Langley is an early career professional passionate about diplomacy and youth activism. After graduating with a Masters in International Relations from the University of Melbourne, Kate has worked as an international migration analyst and is currently working in policy at the Department of Climate Change, Energy, the Environment and Water. She is a New Colombo Plan alumni, a World Economic Forum Global Shaper, and DFAT Australia-Indonesia Youth Exchange Program Alumni.