Palestinian hackers were preparing for cyberwar against Israel

Hamas hackers are still amateurs, but they are gaining experience and protection, perhaps with Iran's help.

Israel has faced balloons equipped with fire vehicles for months along the Gaza border. An earthly device has been developed against terrorist tunnels, terror ships have been blocked by a sea barrier, and a method can be found to combat terror balloons. At the same time, however, in the digital sphere, Hamas is trying to develop cyber skills that will enable him to attack Israeli civilians without facing a physical obstacle.

In recent weeks, a series of attacks targeting Israeli citizens and IDF soldiers have been uncovered. These attacks, which bear the fingerprints of Hamas hackers, were neutralised, but they may be supposed to be just the tip of the iceberg. They will probably repeat themselves, using far more sophisticated technology tools. Next time, they will target Israeli institutions and organisations, as well as civilians.

Last month, before the start of the World Cup in football, a free app named Golden Cup was offered at the Google apps store. This app provided direct reports from the World Championship with excellent photographs and unforgettable goals clips. The application seems to be innocent, but those who deliberately installed it became very valuable information about Hamas: all their calls were recorded, all their files were stolen, their identities and whereabouts were registered, and the app writers were able to operate with microphones and cameras at any time and record the environment around them without their knowledge. Supposeding that many of those who downloaded the app were soldiers, this information could be of dangerous security importance.

Hamas hackers: still neglected

The people who examined the app and caused its removal from Google servers were Roy Yarkhi and Eyal Rynkoski, researchers from the Symantec company's lab in Tel Aviv. Yarkhi, who heads the mobile security research team at the company, says the app was éspyware that moved into the store by bypassing Google testing systems. The method is simple: the busy app was really innocent and did what it had to do, but after being installed by the user, it activated an update process that charged the attack mechanisms on it.

“Application was able to do everything you can imagine”, - says Yrkhi, “made phone recording, marks everything that happens next to the device, uses a camera to photograph image sequences, load up contact people's features, collect all SMS messages, movies, cargo files sent by the operator, reports the GPS location, and identify the phone number and phone owner. ”

According to Yarkhi, the link between the app and Hamas hackers is clear. The communications structure with the server is the same as the one found on previous Hamas-born applications, for example, an application for telephone connections that IDF (Israel Army) displayed two weeks ago.

“This is a monitoring campaign”, he says, adding that he will not be the last of this type. “Application was distributed on Facebook to a large audience of Israelis, not just soldiers. We found it in companies that are not necessarily connected to the” army. In professional language, this is called the “social engineering” by convincing users on social networks to install the tools of spying attacks disguised as innocent apps.

Symantec's researchers describe the work of hackers as careless, which made it easy for them to discover that a fraud was involved. For example, the company's website was created one day before apps were distributed and it contained no important content. Moreover, amateur app construction made possible easy detection of its purpose. In addition, hackers made a fatal mistake: the server in which they loaded stolen files and records remained open, enabling researchers to reach eight gigabytes of stolen data from phones of hundreds of Israelis.

The Golden Cup app has been erased, but Yrkhi is convinced he will be followed by more sophisticated and focused ones. Symantec's personnel are linked to civilian and military cyber defence units and are exchanging information and methods of work. Eli Amar, CERT's Computer Emergency Readiness Team CTO, said at a recent conference on the issue that the solution to cyberattacks is the exchange of information among all those dealing with information security and that all should act together to increase readiness for attacks. It might be assumed that whatever Symantec knows is also known at the National Cyber Bureau, and much more.

The hackers from Iran: Business infrastructure attacks

Yaron Edan, a cyberscient expert, owner of Edan Worldwide Security and head of the cyber studies department at the Institute of Technology and innovation, says the investigations he is conducting show that cyber attacks on Israel by terrorist groups are a fact. The goal is no longer to close or damage Israeli internet sites ] actions that are irritating but cause no concrete damage and do not require technical knowledge.

“Fenomen is widespread and cyber dimension has become a battlefield for all purposes and purposes. There are attacks by Hamas groups on the Gaza Strip, and not just from them, and they are run in two spheres: personal and commercial. We are seeing an increase in this phenomenon in social networks, which I also see as a battleground for cyberattack”.

Edan says Hamas hackers are taking on the offensive skills of various countries. The Chinese are considered leaders in cyberattacks, which are usually directed to economic and financial institutions. Russians attack less focused political systems. What might be of particular interest to us is that Edan says Iranians are developing advanced cyberattack skills, even though these are not targeting Israel at this stage.

“In contrast to Hamas, Iranian attacks are not Spordical, they are organised and militant with clear objectives of business infrastructure, defence agencies and semi-protection organisations”, he says.

Is Iranian technology capable of taking over from Hamas? Edani says that at this stage, Hamas' technological capacity is very basic, but this is obviously forced to change. “They can develop skills using tools in the dark web and even on the regular internet, which is loaded and available, anyone can buy cyber tools. There are no restrictions and there is definitely” leak.

Private companies are not alone in trying to deal with the problem. The IDF is also operating a cyber defence system. Reports are published from time to time for certain aspects of her work. In January 2017, IDF found that Hamas had tried to collect information about soldiers through false identities in social networks. In January 2018, the IDF Information Security Department began investigating soldiers for questionable social networking activities. This led to Operation Broken Heart, which blocked a connection application. The Israeli Security Agency (ISA) is also active in cyber monitoring and defence, but they refused to comment on every aspect of this activity.

National Cyber Authority: Business as usual

Israel is aware of cyber threats and founded previously National Cyber Bureau to confront them (responsible to preventive actions) and Cyber Authority. These two agencies joined the National Cyber Directorate, led by former - ISA, Yigal Una. All the official parties we requested were avoided by giving a direct answer in the matter. The general message they gave was that amateur piercing efforts were involved and that existing systems could neutralise without any effort

It seems that official agencies are less concerned than private concerns about Hamas' cyber skills, at least from abroad. They are convinced that the attacks on the Israelis are part of a global phenomenon of cyberattacks using social networking and imitation applications and that Palestinians have no particular or dangerous abilities. The way to protect yourself is simply to remove suspicious apps, not provide the authorization they seek, and to ask for the National Cyber Authority for alarms and help if necessary.

A well-known source in the Israeli cyber sector, known in the cyber-intensive sphere, says: <x0Hamas has no power, has only the beginning of skills, but they are making efforts, mainly using tools that are downloaded from the internet, and their successes are a fact. They know to make people click on all types of links, download all kinds of things into their computers, and access systems that have not updated their” servers. He adds that it is possible that the source of the attacks is neither the Gaza Belt nor the West Coast, which share their infrastructure with Israel, making it very easy to locate attackers. It is quite possible that Hamas' foreign cells are involved.

Each offensive campaign has an overall goal and an analysis of the assault patterns and a cross section of targeted people could lead to its exposure. What is the overall objective of the current attacks? The sources we consulted raised their shoulders when asked about it. If responsible authorities have information on this topic, they are not sharing it with the public at this stage./Taken from Israeli portal Globes.co.il/