Advertisement

It was ‘inevitable’ that bombs would fall in response to a cyberattack

Israel's targeting of alleged Hamas hackers was the first instance of a 'kinetic' response to a cyberattack. But it wasn't a surprising outcome.
hamas cyberattack
The incident marks the first time a government has publicly announced it has immediately responded to a cyberattack. (Getty)

Israel’s military announced Sunday it had launched airstrikes on a building allegedly housing a number of Hamas soldiers that were preparing to launch a cyberattack against Israel.

Israel Defense Forces (IDF), which launched the airstrike jointly with the Israel Security Authority, did not detail the alleged cyberattack and other offensive capabilities Hamas was developing, but said it had neutralized the attack before launching the airstrikes.

The incident marks the first time a government has publicly announced it has immediately responded to a cyberattack by launching a “kinetic attack,” a military term that describes the use of lethal force.

Although this marks a first in cyberwarfare, Paul Rosenzweig, a former deputy assistant secretary for policy at the U.S. Department of Homeland Security, tells CyberScoop it’s not a surprising outcome.

Advertisement

“We mistakenly tend to think that the cyber domain exists apart from the physical world, but it doesn’t,” Rosenzweig, a senior fellow at R Street Institute, said. “It was always a claim — an unreasonable claim — that the two wouldn’t intersect. There were some people that had this phrase, ‘what happens in cyber stays in cyber,’ kind of like ‘what happens in Vegas stays in Vegas,’ but that wasn’t a realistic expectation.”

In the U.S., it is possible that the Pentagon could respond to a cyberattack on the nation in the kinetic realm as well, if directed to do so by the president. In 2015 the Obama administration said that the U.S. would, in theory, “use all necessary means, including military, to respond to a cyber attack on the nation.”

“Ever since it was clear cyberweaponry would have physical, kinetic effects it became inevitable that people would start using kinetic weaponry to affect operations in the cyber domain,” Rosenzweig said.

The U.S. Department of Defense has at least once before used a kinetic attack in response to cyberthreats when it launched a drone strike to kill British national Junaid Hussain, who ran the Islamic State’s hacking group. However, the strike was launched years after Hussain conducted his operations.

In a statement, IDF said Hamas’ cyber-operation “failed to achieve its goals.” But the fact that IDF was compelled to respond in the physical realm does not necessarily show Hamas is becoming more powerful or dangerous in cyberspace, John Hultquist, Director of Intelligence Analysis at FireEye, told CyberScoop.

Advertisement

“I don’t think it tells us anything about their capabilities,” Hultquist said. “The word ‘cyberattack’ is so broad.”

There was no public information available Monday as to what kind of cyberattack IDF alleges Hamas had attempted or what offensive capabilities Hamas was allegedly developing.

‘Not a formidable adversary’

Security researcher Eyal Sela, who has been tracking Hamas for years, told CyberScoop that its offensive capabilities in cyberspace are “not new,” but not particularly masterful, either.

Advertisement

“The capabilities are not ranked as high, it’s like medium-to-low in their level of sophistication, execution, and quality assurance. They are not a formidable adversary in this dimension,” said Sela, who is the head of intelligence at ClearkSky Cyber Security.

Over the last several years Hamas has been conducting cyber-espionage and reconnaissance operations, not those that necessarily threaten disruption, according to Sela.

“We know they have been … targeting mobile phones of soldiers, and breaching websites, sending phishing emails in various folders to people and infecting them,” Sela said, adding that some of their tools have been developed in house. “Some of them are generic sometimes they are self-developed.”

Hamas conducts some social engineering to make sure its emails and contacts truly trick their targets, according to ClearSky. For instance, Hamas has used fake social media accounts — primarily on Facebook — to trick IDF soldiers into befriending them, Sela says.

The kinetic response came amid several days of shelling in Israel. U.S. Secretary of State Mike Pompeo told Fox News on Sunday he believes Israel has a right to defend its sovereignty while discussing the strikes this weekend.

Advertisement

CNN reports that an apparent ceasefire was reached after Israel launched air strikes on over 300 targets. Four people had died in Israel and 23 people were killed in Gaza.

When asked if the IDF strike resulted in civilian casualties, the IDF directed CyberScoop to a statement that did not address the question.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts