Hamas's Cyber Soldiers... The First Drop in "Al-Aqsa Flood"
Hamas's Cyber Soldiers... The First Drop in "Al-Aqsa Flood"
A report from the American newspaper, "The New York Times," has revealed that footage captured from cameras mounted on the helmets of members affiliated with the Islamic Resistance Movement, Hamas, who were martyred in the "Al-Aqsa Flood" operation on October 7th of this year, showed that they possessed significant knowledge and secrets about the Israeli army and its vulnerabilities. The attackers managed to access the server room in one of the Israeli army's facilities based on the information they had.
The newspaper indicates that these images provide horrifying details about how the Al-Qassam Brigades managed to surprise one of the most powerful armies in the Middle East, according to their description.
Experts have presented various theories about how Palestinian resistance obtained this information, with some suggesting that the movement may have spies within the Israeli army.
However, what many have overlooked is that "Hamas" possesses a cyber warfare strategy that it initiated over a decade ago and continues to develop rapidly. Simon P. Handler, in a report prepared for the State Cyber Unit of the Atlantic Council – a member of the Digital Forensic Research Lab – published at the end of 2022, issued a warning regarding this strategy.
What is noteworthy in Handler's report is that he directed his warning to the United States, not Israel. This underscores the significant danger of these cyber capabilities and the potential impact they can have on the balance of power on the ground. Handler emphasizes the necessity of understanding Hamas's strategy and dealing with it in a different manner.
The digital realm typically offers an important opportunity for entities with limited capabilities and resources to compete with their relatively stronger counterparts. Hence, these entities increasingly seek to acquire offensive capabilities and integrate them into their existing tools to advance their strategic objectives.
Handler's report notes that while the United States' cyber strategy has primarily focused on its four major adversaries, China, Russia, North Korea, and Iran, Washington's and its allies' cyber warfare strategy, including Israel, failed to predict the electronic capabilities and offensive and intelligence capabilities of the Hamas movement.
The Green-Helmeted Warriors
Hamas is known for the green headbands worn by its fighters, bearing the word "Tawhid" (the belief in the oneness of God). Interestingly, this same color green distinguishes them in cyberspace as well.
According to the cybersecurity community's classification, Hamas is considered "Green-Helmeted Warriors," a classification distinct from others like Black-Hat hackers, White-Hat hackers, and Elite hackers.
What sets this green classification apart is that its members are regarded as "cyber warriors" rather than "hackers," despite some tolerance in calling them "green-hat hackers" for the sake of name uniformity. Security experts differentiate the Green-Helmeted Warriors by their continuous development of capabilities to become more powerful. Their motivations are rooted in political and ideological principles rather than financial gain, sabotage, or even personal security concerns.
Why Did Hamas Choose the Cyber Space?
Hamas has its unique motivations for developing offensive cyber capabilities, and examining its operations helps to understand these motivations and their alignment with its broader strategy. The following motivations stand out:
Propaganda and Recruitment
Hamas's strong online presence plays a crucial role in recruiting and gathering information, as well as in other media-related goals, such as drawing attention to the cause it advocates for. These are all primary motivations to maintain the movement's importance and visibility among the public.
The Atlantic Council's report suggests that Hamas uses social media platforms to mobilize the Palestinian population and encourage them to engage in resistance operations against Israel. However, despite the significance of this role of social media and the advanced propaganda tools used by Hamas, the digital threat it poses to Israel in cyberspace goes far beyond mere propaganda.
Striking in the Shadows
Despite Hamas's uncompromising stance toward Israel, the movement's leaders are well aware of Israel's military and technological strength. They understand the arenas where the movement can achieve impactful successes, while practicing strategic restraint to avoid retaliatory actions that could be devastating.
The digital realm, where activities can be conducted anonymously and the actor's identity is difficult to determine, is one of Hamas's preferred arenas. The organization knows that any discovery of its presence in cyberspace would have dire consequences on the ground. As a result, Hamas refrains from some cyber operations that other actors working on behalf of nations, like Russia or China, might conduct.
Hamas avoids targeting Israeli infrastructure with destructive malware because it realizes that such actions could expose it to Israeli retaliation. Additionally, the organization does not propagate ransomware programs seeking financial gain, unlike many other groups.
The movement's strategic plan revolves around two primary objectives. The first is gathering intelligence on the Israeli army, its soldiers, or their affiliates. The second is disseminating deceptive information aimed at achieving military or counter-propaganda objectives to undermine the morale of Israelis.
This strategy not only shields the movement from Israeli retaliation but also guards it against the wrath of supportive nations. It provides the necessary room for maneuvering in its long-term military plans. As a result, these cyber operations are seen as an effective complement to on-ground military actions, as witnessed in the recent major operation, "The Last Al-Aqsa Tempest."
Cost Efficiency
The Atlantic Council's report cautions against underestimating Hamas's cyber capabilities. While it is considered relatively weak and lacks the advanced tools that other hackers may possess, many security experts have been surprised by its potential. Despite Israel's control over communication frequencies and infrastructure, as well as the chronic electricity shortages in the Gaza Strip, Hamas has managed to harness its cyber potential.
Tel Aviv perceives Hamas's offensive cyber threat as highly dangerous. In 2019, Israel thwarted one of the movement's electronic operations and executed an airstrike targeting what it claimed to be "Hamas's cyber headquarters," hitting a building in the Gaza Strip. This operation was one of the first publicly acknowledged by the Israeli army in response to a cyber operation.
However, despite the Israeli military spokesperson's assertion that "Hamas no longer possesses electronic capabilities after our strike," several reports have highlighted electronic operations conducted by the movement in the months and years following that incident.