About Israel-Hamas War for both side part of Some Hackers

Since Russia’s 2022 invasion of Ukraine, some prominent hacktivist groups backing Russian interests have emerged, including gangs known as “Anonymous Sudan” and “Killnet,” both of which appeared to wade into the conflict between Hamas and Israel this weekend. Some groups have also been active in reaction to India’s support of Israel, both in favor of and against this support.

Hackers from the group known as AnonGhost, who are seemingly conducting pro-Palestinian campaigns, have been launching DDoS attacks and attempting to target infrastructure and application programming interfaces (APIs). The group claimed the alleged attack on the Israeli Red Alert missile warning platform. Researchers from the threat intelligence firm Group-IB said on Monday that the hackers exploited bugs in Red Alert’s systems to intercept data, send spam messages to some users, and possibly even send fake missile strike warnings. The app’s developers did not return a request from WIRED for comment. The Red Alert app has been targeted by hacktivists in the past, and Hamas itself has previously been accused of circulating malicious imposter versions of Israeli missile alert apps.

Meanwhile, the hacktivist group ThreatSec, which says it has “attacked Israel” previously, claimed it targeted Alfanet, an internet service provider based in the Gaza Strip. In a post on Telegram, the group claimed to have taken control of servers belonging to the company and impacted its TV station systems.

Doug Madory, director of internet analysis at monitoring firm Kentik, says that Alfanet was inaccessible for around 10 hours on Saturday, October 7—before the hacktivists posted their claim. The ISP’s systems have since been back online and communicating with the wider world. “Some of their services could still be broken,” Madory says, pointing to an Alfanet TV website and a web portal that were inaccessible on Sunday evening.

In response to a request for comment from WIRED via Facebook Messenger, Alfanet shared a statement in Arabic saying that communications were cut off due to “the complete destruction” of its headquarters. “Crews are working with all their might to restore service after the bombing of the headquarters and the main tower, despite the difficult and dangerous circumstances,” the message says via machine translation. The company did not comment on the role of a cyberattack, if any, in the outage.

Internet connectivity in Gaza has also been broadly disrupted by electricity outages as Israel implements what Defense Minister Yoav Gallant called a “complete siege” on Monday, cutting off the region’s electricity and supply lines for water, food, and fuel.

Amid the chaos of any erupting kinetic war, hacktivism often fuels disinformation, misinformation, and panic. This can lead to unintended consequences. For some digital actors, unpredictability itself is the goal.

“The Indian cyber force actually claimed to DDoS hamas.ps and webmail.gov.ps,” Equinix’s Thomas says. Meanwhile, "there's one group called the Cyber Avengers who are claiming to steal documents from Israel's national electricity authority. They claimed they stole documents from Israel's Dorad power plant. [But] they are actually known for making up stuff and creating sort of fake infrastructure and screenshotting.”

Victoria Kivilevich, director of threat research at the Israeli cybersecurity firm Kela, says that while hacktivist activity may add to the turmoil, she doesn’t expect that it will significantly impact warfare on the ground.

“We can expect to see more groups and DDoS attacks because of the severity of the conflict and general evolution of hacktivist groups, however, so far we don't expect any significant impact on the overall threat landscape.”

Last week, the International Committee of the Red Cross put forth rules of engagement for “civilian hackers” wading into a conflict. The eight directives, which are based on international human rights law, came primarily in the context of Russia’s war on Ukraine, but they are relevant globally. They emphasize minimizing threats to civilians’ safety and ban cyberattacks on health care facilities. They also ban use of computer worms and require that actors “comply with these rules even if the enemy does not.”

In response to the release, some hacktivist groups active on both sides of Russia’s war in Ukraine said they would attempt to follow the rules when possible, but others said it wasn’t feasible or rejected the premise entirely. In its efforts to gather grassroots support, Ukraine has encouraged a sort of legitimized version of hacktivism by establishing a volunteer “IT Army” for its war effort against Russia. All of this has created a nuanced and unpredictable element in the digital component of kinetic wars.

“What we saw in Ukraine with hacktivism has set a precedent moving forward,” Recorded Future’s Leslie says. “We believe that many of these groups are motivated by attention. That’s why we see so many groups that probably shouldn’t be active in this conflict for geopolitical reasons jumping into the fray. They want people to know that they’re active and capable of reacting to any event—even if the intentions are disingenuous. Hacktivism is intertwined with information and influence operations, and it is here to stay.”