Fighting in the Gaza Strip hit a lull this week as a 72-hour cease-fire ends its third and final day Thursday — but a digital war has still been raging as hackers pay little mind to the temporary truce. Cyberattacks directed against Israel have increased dramatically since it invaded Gaza in early July, intensifying last month as the violence peaked, according to a report released this week by the security research firm Arbor Networks.
Websites of Israeli civilian governmental agencies, financial services and military agencies—including the legendary intelligence agency Mossad and the Prime Minister’s office—were targeted as part of the sharp uptick in attacks that began in July, when the total number of strikes increased by 500%.
Whether those online attacks had much of an impact, however, is a subject of debate. U.S. House Intelligence Committee Chairman Mike Rogers Mike Rogers (R-Mich.) warned in an interview on CBS News’ Face the Nation late last month that cyberattacks against Israeli websites could present a risk to the country’s security. “So far I think Israel has done a great job of defending from these cyberattacks, but the sheer volume and intensity as it grows could spread from what is a conflict between Israel and Gaza to some cybereffort to try to shut these operations down, and that’s always a concern,” Rogers said.
But some experts said the attacks were doing little substantial harm against the Israeli government. The attacks are primarily targeting external, user-facing websites, perhaps increasing the time it takes to load a webpage or temporarily shutting the page down altogether by jamming up the works with bogus traffic. But the attacks have not yet affected the Israeli agencies’ internal operations, researchers said.
“To be able to do something effective against the [Israeli] government you have to be a very sophisticated hacker,” said Giora Engel, vice president of LightCyber, a security firm that provides security for Israeli government agencies. “A group of activists can’t do any damage.”
Most of the the recent and mostly harmless attacks against prominent Israeli websites are known as Distributed Denial of Service (DDoS) attacks. Carrying out a DDoS involves flooding websites or servers with traffic to deny other, legitimate users access to those websites. Hackers that conduct such attacks usually control a wide array of third-party computers which they instruct to do their bidding; the owners of those machines rarely know their devices are even involved.
The number of denial of service attacks against Israel increased from an average of 30 per day in June, before the violence began, to 150 per day in July, while the armed conflict raged on. The number of attacks peaked on July 21, with a total of 429 attacks. Researchers haven’t been able to definitively track the attacks back to any particular groups, but the timing of the incidents correlate with rising violence.
“There’s a clear increase not only in number of attacks but in the size of attacks and how long they’re lasting,” said Kirk Soluk, manager of threat intelligence and response at Arbor. “Interestingly enough, when there’s a cease-fire, the attacks seem to drop off.”
Cyber attacks have increasingly accompanied political conflicts in recent years, with actors like the Syrian Electronic Army notoriously hacking BBC News, eBay and other sites. There has also been an increase in attacks associated with recent disputes over the South China Sea.
In the case of the recent attacks against Israel, Arbor said the third-party computers used to strike Israeli government sites are scattered across the globe in countries including the U.S., Myanmar, Russia, Mexico, Great Britain, and others. However, that does not mean the attacks originated in those countries—it just means those are the locations of computers hackers have commandeered to stage attacks against Israel.
So where are the attacks coming from? One clue could be that the structure of the attacks bears a resemblance to a certain kind of attack that targeted U.S. banks en masse in 2012, Arbor said. U.S. security forces later linked those attacks to Iranian hackers. Meanwhile, the hacking group Anonymous claimed to have attacked Israeli sites, but it’s unclear if the organization is just taking credit for others’ work.
The attacks appear not just to be one-sided, however, as an Israeli civilian group called the Israeli Elite Force (IEF) has said that it’s attacking Palestinian websites. In the early days of the figthing, the IEF regularly updated its Twitter with reports of attacks on Palestinian websites, posting email addresses of what it said were login codes at the Palestinian Ministry of Health.
If a cease-fire holds and violence ends, cyberattacks may dwindle in the short term, but hacking has become a permanent feature in conflicts. “Cyber has joined land, air, sea, and space as the fifth domain of modern warfare,” said Chris Petersen, the co-founder of security firm LogRhythm.