As the Israel-Hamas conflict intensified, a new battleground emerged in the form of digital warfare. The battlefield was not on the ground but in cyberspace, where Distributed Denial of Service (DDoS) attacks wreaked havoc on numerous Israeli online platforms, specifically targeting media outlets and software companies. A recent report by internet security company Cloudflare sheds light on this escalating cyber onslaught.
The Conflict’s Digital Frontline
The digital offensive began as Hamas terrorists breached the Israeli border on October 7. Initially, they launched relatively low-intensity DDoS attacks, with approximately 100,000 connection requests per second. These connection requests are attempts to access websites, online services, applications, or even internal corporate networks. However, around 45 minutes later, the intensity surged to an unprecedented one million connection requests per second, a scale unseen in previous confrontations with Hamas.
Inspired by Russian Warfare Doctrine?
The strategy of combining ground invasions with massive DDoS attacks is not entirely new. It has been observed in previous conflicts involving Russia, such as the invasion of Georgia and two invasions of Ukraine. This approach aligns with a well-established Russian warfare doctrine that targets critical infrastructures like electricity and railways while simultaneously launching ground and aerial assaults. The question arises: was Hamas or Iran inspired by this Russian doctrine, or did they receive discreet assistance from Russian or pro-Russian entities? Recent activities by pro-Russian hacker groups targeting Israeli assets suggest a concerning trend.
Targeting Critical Infrastructure and Media Outlets
A significant portion of Hamas’ cyberattacks was directed at apps that issue security alerts. For instance, the hacker group AnonGhost, associated with pro-Palestinian activities, exploited a vulnerability in the Red Alert app to spread fake messages like “Nuclear bomb on the way” or “Death to Israel.” Another Red Alert app was counterfeited, with malware designed to steal users’ personal data.
The English-language Jerusalem Post website also fell victim to these attacks, rendering it unavailable for three days. This attack appeared to be an attempt to silence reports on events from the Israeli perspective, preventing critical information from reaching the international community.
Six Days of Unrelenting Attacks
The DDoS attacks continued unabated for approximately six days, finally subsiding on October 12. The majority of these attacks were directed at media websites and apps. Intriguingly, software companies were also among the targeted entities, suggesting an attempt to gain access to databases or online services operated by these companies. Banking and financial sites followed closely behind, while government sites were the least targeted.
Palestinian Websites Also Under Attack
It’s worth noting that Palestinian websites also experienced a significant surge in DDoS attacks during the conflict. While Cloudflare did not disclose the origin of these attacks, its data revealed a substantial increase compared to the days preceding October 7. Approximately 46% of all traffic to Palestinian sites on the day of Hamas’s attack was identified as DDoS attacks. Two days later, this figure skyrocketed to around 60% of the total traffic. The primary targets on the Palestinian side were banking sites, internet service companies, and to a lesser extent, media outlets.
As the Israel-Hamas conflict continues to evolve, it is clear that the digital dimension has become an integral and highly active front. The use of DDoS attacks, intense and strategically aimed at critical infrastructure and information sources, further underscores the complex nature of modern warfare, transcending traditional boundaries and escalating the stakes in the battle for information and control.