Written by Shannon Vavra
Israel Defense Forces announced Sunday it had launched airstrikes on a building allegedly housing a number of Hamas soldiers that were preparing to launch a cyberattack against Israel.
The IDF, which launched the airstrike jointly with the Israel Security Authority, did not detail the alleged cyberattack and other offensive capabilities Hamas was developing but it said it had neutralized the attack before launching the airstrikes.
The incident marks the first time a government has publicly announced it has immediately responded to a cyberattack by launching a “kinetic attack,” a military term that describes the use of lethal force.
Although this marks a first in cyberwarfare, Paul Rosenzweig, a former deputy assistant secretary for policy at the U.S. Department of Homeland Security, tells CyberScoop it’s not a surprising outcome.
“We mistakenly tend to think that the cyber domain exists apart from the physical world, but it doesn’t,” Rosenzweig, a senior fellow at R Street Institute, said. “It was always a claim — an unreasonable claim — that the two wouldn’t intersect. There were some people that had this phrase, ‘what happens in cyber stays in cyber,’ kind of like ‘what happens in Vegas stays in Vegas,’ but that wasn’t a realistic expectation.”
In the U.S., it is possible that the Pentagon could respond to a cyberattack on the nation in the kinetic realm as well, if directed to do so by the president. In 2015 the Obama administration said that the U.S. would, in theory, “use all necessary means, including military, to respond to a cyber attack on the nation.”
“Ever since it was clear cyber weaponry would have physical, kinetic effects it became inevitable that people would start using kinetic weaponry to affect operations in the cyber domain,” Rosenzweig said.
The U.S. Department of Defense has at least once before used a kinetic attack in response to cyberthreats when it launched a drone strike to kill British national Junaid Hussain, who ran ISIL’s hacking group. However, the strike was launched years after Hussain conducted his operations.
In a statement, IDF said Hamas’ cyber efforts “failed to achieve its goals.” But the fact that IDF was compelled to respond in the physical realm does not necessarily show Hamas’ cyber threat is becoming more powerful or dangerous, John Hultquist, Director of Intelligence Analysis at FireEye, tells CyberScoop.
“I don’t think it tells us anything about their capabilities,” Hultquist said. “The word ‘cyberattack’ is so broad.”
There was no public information available as to what cyberattack IDF alleges Hamas had attempted or what offensive capabilities Hamas was allegedly developing.
Eyal Sela, who has been tracking Hamas-backed cyber capabilities for years, told CyberScoop he doesn’t think the group is particularly masterful in the cyber realm.
“The act that Hamas is using cyber offensive capabilities is not new,” Sela, who is the head of intelligence at ClearkSky Cyber Security, said. “The capabilities are not ranked as high, it’s like medium-to-low in their level of sophistication, execution, and quality assurance. They are not a formidable adversary in this dimension.”
Over the last several years Hamas has been conducting cyber-espionage and reconnaissance operations, not those that necessarily threaten disruption, according to Sela.
“We know they have been … targeting mobile phones of soldiers, and breaching websites, sending phishing emails in various folders to people and infecting them,” Sela said, adding that some of their tools have been developed in house. “Some of them are generic sometimes they are self-developed.”
Hamas conducts some social engineering to make sure their emails and contacts truly trick their targets, according to ClearSky. For instance, Hamas has used fake social media accounts — primarily on Facebook — to trick IDF soldiers into befriending them, Sela says.
The kinetic response came amid several days of shelling in Israel. U.S. Secretary of State Mike Pompeo told Fox News on Sunday he believes Israel has a right to defend its sovereignty while discussing the strikes this weekend.
CNN reports that an apparent ceasefire was reached after Israel launched air strikes on over 300 targets. Four people had died in Israel and 23 people were killed in Gaza.
When asked if the IDF strike resulted in civilian casualties, the IDF directed CyberScoop to a statement that did not address the question.