Amid the latest volley of rocket fire in Gaza, the Israel Defense Forces launched an airstrike on a building allegedly used by Hamas to conduct cyber operations. The strike occurred shortly after Hamas attempted to mount a cyberattack against unspecified Israeli targets. We know this because within hours of the strike the IDF had put out a press release, tweeted a mocking notification (‘HamasCyberHQ.exe has been removed’), provided pictures and video, and given comments from senior officers to the media.
The media swiftly picked up the story, framing it as ‘a first’, ‘unprecedented’ near real-time kinetic response to a specific cyberattack (although it isn’t the first time airpower has been used to target hackers—the US did it in 2015 against Islamic State hacker Junaid Hussein).
There are reasons to be somewhat sceptical of this narrative, however. First, although we know almost nothing about the details of the cyberattack, two things we do know are that it was easily blocked by the IDF before the airstrike and that there was nothing particularly novel or threatening about the attack itself. The commander of the IDF’s cyber division, Brigadier General ‘D’, emphasised the ease with which the IDF was able to deal with the attack, and Hamas’s lack of sophistication in cyberspace generally, saying, ‘We were ahead of them all the time. The moment they tried to do something, they failed and [we] removed the threats, as we always do.’
This raises the question of why, if this was such an ordinary and easily thwarted cyberattack, it would merit such an extraordinary response.
Another point is worth noting. While much of the media coverage has (not unreasonably) jumped to the conclusion that the building targeted by the IDF was the place from which this particular cyberattack was launched, careful parsing of the IDF’s statements doesn’t actually confirm that.
The IDF’s tweet announcing the strike reads, in part: ‘Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work’ (emphasis added). ‘A building where the Hamas cyber operatives work’ is not the same as ‘the building from which this cyberattack was launched’.
Nor does the relevant sentence in the IDF’s press release—‘In the course of the technical counterterrorism activities, IDF fighter jets attacked a structure from which Hamas’s cyber network operated’—actually say that the specific cyberattack foiled shortly before had come from that location.
Read the article by Elise Thomas on The Strategist.