For the first time, Israel has used brute military force to respond to a Hamas cyberattack, three years after NATO proclaimed "cyber" an official battlefield in modern warfare.
The "bomb-back" response took place on Saturday when Israel Defense Forces (IDF) launched an air strike against a building in the Gaza Strip. They claimed it housed Hamas cyber operatives, which had been engaging in a cyberattack against Israel's "cyberspace."
"We were ahead of them all the time," said Brigadier General D., the head of the IDF's cyber defense division. "The moment they tried to do something, they failed."
Israeli officials did not disclose any details about the Hamas cyberattack; however, they said they first stopped the attack online, and only then responded with an air strike.
"After dealing with the cyber dimension, the Air Force dealt with it in the physical dimension," said IDF spokesperson, Brig. Gen. Ronen Manlis. "At this point in time, Hamas has no cyber operational capabilities."
The Shin Bet security service was also involved in the operation, the IDF said in a press release.
US did it first
Israel's response to the Hamas' attempted cyberattack is a turning point in modern warfare, where military action was chosen instead of a typical "hack-back" response.
In 2015, the US became the first country to respond with military force to cyberattacks, when it used a drone strike to kill Junaid Hussain, a British citizen who was in charge of ISIL's hacker groups, and who was responsible for dumping personal details of US military forces online, via Twitter.
However, Israel's response against Hamas marks the first time that a country has reacted with immediate military force to a cyberattack in an active conflict, in real-time, rather than wait months to plan an operation and respond.
At the time of the Israeli air strike against the Hamas cyber-unit's headquarters, the IDF was already engaged with Hamas forces in the Gaza Strip after the group had launched over 430 rockets over the border into Israel territory.
Israel responded with retaliatory air strikes of its own, including targeted attacks against the offices of the Hamas military intelligence, and Hamas operatives and sponsors.
"The Israelis have every right to defend themselves," said US Secretary of State Mike Pompeo, discussing Israel's air-strikes in the Gaza Strip.
Bomb-back responses should never be the norm
"Immediately assessing the level of conflict in such a dynamic situation is impossible. However, military activity working along laws of armed conflict should consider principles of proportionality when using force," Dr. Lukasz Olejnik, an independent cybersecurity and privacy advisor, research associate Center for Technology and Global Affairs Oxford University, told ZDNet in an email discussing Israel's response to the Hamas cyberattack.
"The scarce official announcement suggests that the potential cyberattack has been thwarted using technical means. That will make analysts wonder what was the point, and justification grounds for using kinetic force.
"That said, the view that people involved in cyber activity linked to a conflict need to be aware of such risks to them has been more and more crystallizing over the last years," Dr. Olejnik said.
However, Dr. Olejnik warns about nation-states adopting this bomb-back approach as a primary response to cyberattacks, in general.
"The particular conflict we're speaking about was already ongoing. This is a very different situation to that when a conflict is not yet the case," he said.
"Any potential response needs to consider many factors, such as the complex circumstances, including the conflict intensity, the perceived and true threat, and the actual actions.
"While you can perfectly imagine cyber activity not crossing the threshold of a conflict, bombs typically do cross the threshold of using force," Dr. Olejnik said. "No sane strategist should consider kinetic response to low impact cyber-activity when not engaged in a conflict."
Related government coverage:
- DHS gives agencies 15-day deadline to patch security flaws
- Japanese government to create and maintain defensive malware
- Only six TSA staffers are overseeing US oil & gas pipeline security
- EU votes to create gigantic biometrics database
- China uses biometrics and digital scanning 'data doors' to track Muslim minority
- UK could build an automatic national defence system, says GCHQ chief
- How Estonia became an e-government powerhouse TechRepublic
- Sri Lanka blocks social media after deadly Easter explosions CNET