Hamas, Iranian Hackers Seek to Leverage Israeli People’s Stress

Jerusalem, 19 December, 2023 (TPS) -- The Israel National Cyber Directorate announced on Monday that Iran and Hezbollah were behind an attempted cyberattack on the Ziv Medical Center in Safed in late November.

“The attack was thwarted before it could successfully disrupt hospital operations and impact citizens’ medical treatment,” the INCD stated. “However, the attackers managed to extract private data stored in the hospital’s systems.”

While the INCD defends Israeli civilian and government cyberspace, including hospitals, and Internet and phone service providers, military cybersecurity is a very different matter, according to Alon Arvatz, CEO and co-founder of Stealth Startup.

Most computers with any sensitive information are not connected to the Internet, and Israeli soldiers operating in Gaza aren’t allowed to carry cell phones for fear of exposing their locations or other sensitive data, Arvatz told the Tazpit Press Service in an interview last month.

“We read the frustrations from their families, saying, ‘I don’t know what’s going on with my son, or wife or child.’ So it’s heartbreaking,” he said. “But from a security perspective, it means very good things about the army and how it handles it. The worst thing that can happen is that a soldier would accidentally expose his location and the plans of the army.”

On Oct. 7 and since, there has been widespread speculation about how Hamas terrorists infiltrated Israel in such large numbers, as well as how they were able to murder, torture and kidnap so many Israelis and others. Despite Israel’s reputation as one of the world’s cyberspace superpowers, Hamas appears to have sought to sabotage Israel’s vaunted rocket-alert system and siphon off donations intended for Oct. 7 victims, Arvatz told TPS.

Hackers Leveraging People’s Stress

Parallel to Hamas’s ground invasion, the terrorists also launched “attacks into cyberspace, targeting various civilian and governmental targets,” said Arvatz, a veteran of the Israel Defense Force’s elite cyber Unit 8200 and author of The Battle for Your Computer: Israel and the Growth of the Global Cyber-Security Industry.

Hamas’s multi-pronged attack—from land, sea, air and cyberspace—sought to sow confusion among those seeking shelter from incoming rockets, which acted as cover for its invasion of Israeli territory, according to Arvatz. The terror group reportedly tampered with the Red Alert application, which informs Israelis of incoming rocket fire in their area so they can seek shelter, he added.

Hamas tried to crash the server hosting the Red Alert: Israel app, in a “distributed denial of service,” which typically comes during an overload of requests. It also created a fake application, replicating the look of the Red Alert, and uploaded it to the popular Google Play store.

“There was a website that was built around that, which directed people to download this application to their smartphones,” Arvatz said. “They leverage the fact that people are stressed with needing to download an existing application.”

Once downloaded, the counterfeit app both provided incorrect information and could potentially steal sensitive information from people’s phones.

“It wasn’t Hamas, which doesn’t have the capabilities needed to do something like that. But there are a lot of armed groups in the world that support Hamas and want to help them,” Arvatz said. He cited groups in Sudan, Russia and other entities in the Arab world that may have lent their technical guidance to Hamas.

‘They’re All Fake’

Other Israeli cyber targets have also been hit, including a large insurance and health-services company; sensitive information leaked from those hacks was meant to spread further Israeli fear.

Arvatz distinguished between bad actors looking to damage the Israeli psyche and acts that can do physical harm. Independent actors don’t have the capacity to inflict much damage, according to Arvatz, who cited text messages sent to Israelis in November to spread fear.

State-sponsored groups, like those in Iran, have “some serious capabilities” when it comes to cybersecurity, including the capacity to hurt critical infrastructure, he said.

“Nothing of significance has happened to date on that front. I’m happy to say it probably means that Israel has raised awareness when it comes to cybersecurity and that their Israeli cyber directorate is doing a good job from this perspective,” he said.

Hamas and its allies are “trying to get access to classified data by social engineering, sending messages to IDF soldiers, asking them where they are fighting, what they are doing, how many people they are with and what their mission is,” Refael Franco, founder of the Tel Aviv-based Code Blue Cyber, told TPS.

A former deputy head of the INCD and Israeli National Cyber Defense Branch, Franco said Iran has used artificial intelligence to create fake pictures of a purported attack on a key piece of Israeli infrastructure.

“They published pictures from the internal network, but they’re all fake. I got emails and phone calls from reporters from all over the globe asking me to tell them more about the attack,” Franco said. “I tried to tell them this is fake news. It takes a lot of time until they believe me.”

As of last month when he spoke to TPS, Arvatz has given Israel high marks for fending off cyberattacks, especially those that could cost lives. But it takes hits in other areas.

“There are a lot of initiatives to fundraise for soldiers, for people from the south that were hurt, and this is being leveraged for fraud attacks—to essentially steal money from civilians that want to donate to good causes,” Arvatz said.

‘It’s Very Easy to Take Money From People’

Anti-Israel thieves have used artificial intelligence to create a realistic Hebrew-language website to solicit donations purportedly for Oct. 7 victims.

Arvatz said the use of artificial intelligence helps non-Hebrew speakers eliminate grammatical and other mistakes in their website copy that might otherwise set off red flags among native Hebrew speakers. “When there isn’t any way to validate the website or the domain behind it, it’s very easy to take money from people,” he said.

But new artificial intelligence methods run both ways.

Arvatz couldn’t cite specific examples but said it’s “fair to assume” that the Israeli military is using artificial intelligence to analyze footage to identify Hamas members and other terrorists who took part in the Oct. 7 massacre. He also assumes it is doing so to analyze phone calls and translate them into text in a “very fast, very high-scale manner, and to make sure you don’t miss anything.”

There are no indications that the efforts of Hamas and its allies have cost Israeli lives or done significant damage on the cyberspace front. But there is still much to be learned from the efforts, Arvatz noted.

“What’s happened in cyberspace tells us a lot about things that don’t happen in the real world,” he said.

For instance, groups that launched cyberattacks on Israeli targets in the opening weeks of the Israel-Hamas war soon turned their attention to Western targets, including attacking several major U.S. news organizations.

“They conceive us all part of the same group of Western civilization that is fighting them,” he said. “Israel is trying to explain to the world that Israel is only the beginning, and this is part of a campaign against the entire Western world. This is a narrative that is very hard to convey to people because they see the war here in Israel.”