Palestine’s Hamas moves online: researchers warn of cyber terrorism


Hamas, a militant Palestinian group, will expand into the cyber domain, where it is slowly becoming a threat actor capable of executing offensive operations, a new report by the Atlantic Council think tank finds.

The report urges the United States to look more closely at the growing offensive capabilities of militant and terrorist organizations. Hamas is designated as a terrorist organization by the US, Canada, the European Union, and other Western powers.

“Hamas, despite being a well-studied militant and terrorist organization, is expanding its offensive cyber and information capabilities, a fact that is largely overlooked by counterterrorism and cyber analysts alike,” Simon Handler, a fellow at the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab, claims.

ADVERTISEMENT

Green hat hacker

According to Handler, Hamas primarily prioritizes espionage and information maneuvers so far, and “offensive cyber operations are a new way for Hamas to do old things better.”

The report also calls Hamas a ‘green hat hacker’. This term is not specific to the group but is recognized in the information security community as describing someone who is relatively new to the hacking world, lacking sophistication but fully committed to making an impact.

Hamas is trying hard. For example, it initiated a cyber espionage campaign in Israel during the 2012 FIFA World Cup, when it inserted spyware into a popular Android application called Golden Cup and reaped reams of data from compromised smartphones.

According to the report, devices of Israeli soldiers were also infected, as the adversary successfully collected sensitive information about various Israel Defense Forces (IDF) bases, offices, and military hardware, such as tanks and armored vehicles.

“There is no Iron Dome in cyberspace,”

Simon Handler

Israeli officials were naturally inclined to think that the campaign was the work of a nation-state actor – traditional geopolitical nemesis Iran, for example, or China – and overlook the possibility of a non-state actor, such as Hamas, being responsible.

Safer and cheaper

ADVERTISEMENT

According to Handler, many countries make the same mistake. For instance, the US mostly focuses on the so-called “big four” of nation-state adversaries – China, Russia, Iran, and North Korea. Washington, the report claims, lacks policy countermeasures designed to deal with militant or terrorist organizations – such as Hamas.

“The group’s burgeoning cyber capabilities, alongside its propaganda tactics, pose a threat to Israel, the Palestinian Authority, and US interests in the region—especially in tandem with the group’s capacities to fund, organize, inspire, and execute kinetic attacks,” the Atlantic Council report says.

“This combination of capabilities has historically been the dominion of more powerful state actors. However, the integration of offensive cyber capabilities into the arsenals of traditionally kinetic non-state actors, including militant organizations, is on the rise due to partnerships with state guarantors and the general proliferation of these competencies worldwide.”

Throughout its history, Hamas has used suicide bombings, rocket fire, sniper attacks, knifings, and civilian kidnappings to target both Israel and the more moderate Palestinian Authority.

But the group seemingly realizes – or has been forced to realize by the IDF – that unrestrained terrorism comes at a cost to its reputation. So it is looking for safer and cheaper methods of influence.

“Deploying offensive cyber capabilities involves exceptionally low risks and costs for operators. For groups like Hamas that are worried about potential retaliation, these operations present an effective alternative to kinetic operations that would otherwise provoke an immediate response,” Handler claims in the report.

No Iron Dome in cyberspace

In 2019, Israel deemed the offensive cyber threat to be critical enough for the IDF to carry out a strike to destroy Hamas’s cyber headquarters. It was one of the first acknowledged kinetic operations by the military in response to a cyber operation.

ADVERTISEMENT

However, Hamas' cyber operations continue to this day. What’s more, according to the Israeli threat intelligence company Cybereason, recent discoveries indicate a new level of sophistication in the group’s operations.

For example, Hamas has been using malware featuring enhanced stealth mechanisms. This indicates that it is trying to protect the operational security of its cyber espionage missions in Israel and the West Bank, where the PA is located.

“There is no Iron Dome in cyberspace,” Handler warns, and adds that Hamas’ cyber program may evolve in the future – just like the group’s infamous rocket terror program, which began with crude, inaccurate rockets, but then reached the level of a sophisticated long-range rocket fire.