Nearly 100 hacker groups take Israel-Hamas conflict into cyberspace by waging online proxy war
Sign up now: Get ST's newsletters delivered to your inbox
Oct 7 was the day the Israel-Hamas conflict broke out, after gunmen from Palestinian group Hamas launched a surprise attack that left 250 Israelis dead.
PHOTO: REUTERS
Follow topic:
SINGAPORE - The Red Alert phone app was designed to alert Israeli residents when enemy missiles were headed towards them but last Sunday, it suddenly started sending notifications that sounded like threats.
One said: “Death to Israel.” Next to it was the image of a swastika – an ancient religious symbol modified and adopted by Adolf Hitler and the German Nazi Party in the early 1900s.
Another message warned of an impending nuclear bomb but only conventional weapons have been used in the conflict between Israel and the Palestinians in Gaza.
Other Israeli alert apps were also hacked recently, reported the threat intelligence platform FalconFeeds.io, and it listed at least three apps that were affected.
One of them – an app with more than a million downloads on the Google Play Store – carried a note by its developer to say a review dated Oct 7 found that it was hit by a “coordinated, worldwide distributed denial-of-service attack on our service”, resulting in users being unable to receive notifications.
Such attacks are aimed at rendering a service inaccessible by flooding it with Internet traffic.
Oct 7 was also the day the Israel-Hamas conflict broke out,
As the Gaza conflict enters its fifth day, a cyberspace battle in the form of a proxy war is being waged by an array of hacker groups entering the fray and taking sides with Israel or the Palestinians.
According to FalconFeeds.io, there are at least 100 different groups so far, of which 20 lean towards Israel, while 77 are supporting Palestine. Three groups appear to be neutral and are hacking both sides.
Those aligning with Palestine appear to be linked to countries like Iran and Russia – two key players linked to cyber attacks targeting Israel. Meanwhile, a handful of groups are believed to be hackers based in Malaysia and Indonesia.
Several Israeli government websites were believed to be crippled by cyber attacks, with one hacker group shutting down 20 sites in just one day.
The Jerusalem Post, an Israeli daily broadsheet, was also targeted last Sunday when its website crashed. It was up and running again several hours later, but users continued having problems accessing the portal on Tuesday.
Websites linked to the Palestinian people and Hamas were not spared either, falling victim to a raft of hacker groups, including one calling itself the Indian Cyber Force.
Meanwhile, on messaging platform Telegram’s channel of the IT Army of Ukraine – made up of volunteers who conduct cyber attacks against Russian targets after it invaded Ukraine in 2022 – a message sent on Oct 7 also expressed solidarity with Israel, with the group identified as one of those allegedly taking sides against Palestine.
However, analysis by cyber threat intelligence platform SOCRadar said “it does not look like they will take action”.
As for the fake notifications on the rocket alert apps, those responsible were a well-known network of international hackers called AnonGhost, who exploited a vulnerability to break into the app, said Singapore-based cyber-security firm Group-IB.
In a series of posts on the social media platform X, formerly known as Twitter, Group-IB said the hackers “successfully intercepted requests, exposed vulnerable servers and application programming interfaces (API), and employed Python scripts to send spam messages to some users of the app”.
An API allows two or more programs to communicate with each other.
On Monday, the app was taken down from the Google Play Store, and the link was still dead on Tuesday.
A cached version of the app’s page, however, showed that it had at least more than 100,000 downloads. The number of downloads made by Apple users is unclear because Apple does not make the numbers available on its app store.
