This weekend, violence between Israel and Gaza escalated to a degree not seen since 2014, with 25 Palestinians and four Israelis killed in the fighting. Decades into the entrenched tensions of the region, the incident overall was tragically unsurprising. But for cybersecurity professionals, one aspect particularly stood out: The Israeli Defense Force claimed that it bombed and partially destroyed one building in Gaza because it was allegedly the base of an active Hamas hacking group.
The assault seems to be the first true example of a physical attack being used as a real-time response to digital aggression—another evolution of so-called “hybrid warfare.” That makes it a landmark moment, but one that analysts caution must be viewed in the context of the conflict between Israel and Palestine, rather than as a standalone global harbinger.
Lily Hay Newman is a WIRED staff writer focused on information security, digital privacy, and hacking.
This is a very good question, but one that still lacks clear answers. IDF said in a tweet on Sunday that “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.” But IDF has not provided any other details about the nature of the alleged cyberattack, and it is unclear from current IDF statements why Israel would choose to retaliate for an assault that it claims to have successfully fended off.
State-backed hacking and physical warfare have been on a slow but steady path toward convergence for about two decades, and both information security and warfare researchers say that it was only a matter of time before a nation launched a kinetic attack against enemy hackers. “When I joined the very first Cyber Command in April 1999, we were talking about that as a serious thing in case it was needed,” says Jason Healey, a former staffer in the George W. Bush White House and current cyberconflict researcher at Columbia University. “I wouldn’t say we necessarily had plans for it, but we were thinking it through.” The US has reserved the right to retaliate against cyberattacks with military force since 2011.
Has Anything Like This Happened Before?
Basically no, but with some caveats. The role of destructive cyberattacks in all-out warfare has expanded in recent years, particularly driven by Russia-backed hackers who have caused incidents of critical infrastructure sabotage during numerous Russian wars, including in Estonia, Georgia, and, most expansively, in Ukraine.
A more directly related incident is a US airstrike in 2015 to assassinate Islamic state hacker Junaid Hussain. But the action was planned over many months, versus Israel’s apparent real-time response. And Hussain was not just targeted for hacking, but for serving as a sort of linchpin in broad ISIS recruiting strategies.
What Are the Implications Here?
There are currently two schools of thought about how to interpret the IDF attack. Some view it as a crucial turning point in the evolution of hybrid warfare, potentially setting a dangerous precedent that offensive hackers are fair game for physical retaliation.
“Hackers are unarmed,” says Jake Williams, a former member of the National Security Agency’s elite Tailored Access Operations hacking group. “They are not able to defend themselves. Of course in combat combatants that can’t defend themselves against the aircraft bombing them are regularly targeted. I think the key difference is that they represent a clear threat to life that the hackers do not. These are back-end support personnel. If ISIS targets our troops on the ground in Iraq, people clearly understand they are in the line of fire. If ISIS targeted troops processing payroll in Fort Gordon, that’s a less legitimate target, even though those troops are combatants.”
Williams notes that hackers do potentially have the capability to inflict real-world harm through critical infrastructure hacking. But he cautions that just because hackers have established access in a system or even appear to be setting up such an attack, that doesn’t mean they will actually execute it. And they may just be placing that access for reconnaissance and intelligence-gathering.
Warfare researchers present a different view, though, and caution that this particular incident comes in the context of a much larger assault that was not motivated by anything playing out in cyberspace.
“The fact that IDF made this silly joke about ‘Cyber HQ,’ that’s really the most remarkable thing that they feel they can make tasteless jokes about killing people,” says Thomas Rid, professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies. “But this is not cyberwar, and it has nothing to do with cyber-deterrence. This building appears to have been used by Hamas intelligence operatives, so they’re a legitimate target for Israel.”
Does This Set Any Kind of Precedent?
Regardless of how they feel about the Gaza bombing, many analysts agree that incidents of physical, violent retaliation against hackers are all but inevitable as modern warfare continues to evolve. But the IDF’s actions don’t seem to set a strong precedent on their own, especially for countries that aren’t actively at war.
“Most important in this case is that there was an existing armed conflict ongoing,” says Lukasz Olejnik, an independent cybersecurity adviser and research associate at the University of Oxford’s Center for Technology and Global Affairs. “It’s an unprecedented event that will be important in the history of cyberconflict. But it is not crossing the line. The fact that combatants can become targets is not exactly surprising. And as more and more countries treat cyberspace as a domain of warfare, you would have to arrive at this point sooner or later.”
Still, nation state cyberattacks happen all the time between countries without missiles coming into play. In addition to antagonizing its neighbors in Ukraine and elsewhere, Russia has targeted the US electoral system and critical infrastructure. Israel and the US famously developed the sophisticated, destructive malware known as Stuxnet to sabotage Iranian nuclear centrifuges. And China is known to be engaged in a years-long espionage campaign targeting countless governments and corporations around the world to steal intellectual property, consumer data, and government records. So far, nations not at war have largely dealt with these types of activities through diplomatic negotiations, economic sanctions, and indictments to avoid escalating tensions into the physical realm.
Observers note, too, that it’s possible the hacker-targeting line was crossed long ago by an actor who was less interested in bragging about it. “When we really dive into the history, will we find that this was actually the first?” Columbia’s Healey says of the IDF strike on Hamas. “It might come out that the US or some other country has done a kinetic strike or a soft raid, but this was certainly the first one that was advertised. What it comes down to is if you’re attacking another country more is going to be fair game. When you’re at war, you’re at war.”