A Historical Review of Hamas’ Hackers, Digital Intelligence and Cyberattacks

Mujamma Haraket

*This post was originally published on Mujamma Haraket’s Substack.

One of the facets of the Islamic Resistance Movement that has been overlooked in popular commentary and scholarship alike is the movement’s technological prowess and the Qassam Brigades’ “Cyber Unit” (Quwwat al-Sāybar) and “Electronic Warfare Unit” (Waḥdat al-Ḥarb al-Iliktrūniyya), also known as its “Cyber Weapon” (Silāḥ al-Sāybar). This is despite the fact that this unit has undertaken significant interventions on occupation soldiers, commanders, politicians, and others within command post structures. These intelligence operations have licensed the Qassam Brigades’ subsequent kinetic operations. Indeed, intelligence successes achieved by these Qassam units enabled the “Great Crossing” on 7 October 2023, which was the culmination of a major security breach and numerous, long-running cyberattacks launched by the movement against the occupation.[1] Indeed, in a recent report published by Cloudflare on 23 October 2023, titled “Cyber attacks in the Israel-Hamas war,” it was confirmed that cyberattacks occurred on 7 October at 3:30 p.m. GMT with the aim of disrupting service to various websites with servers in occupied Palestine. The first attack peaked at 100,000 requests per second and lasted for 10 minutes, while a second, much larger attack lasted 6 minutes and peaked at 1 million requests per second to disrupt service, according to the same report.[2] The report chronicled that:

On October 7, 2023, at 03:30 GMT (06:30 AM local time), Hamas attacked Israeli cities and fired thousands of rockets toward populous locations in southern and central Israel, including Tel Aviv and Jerusalem. Air raid sirens began sounding, instructing civilians to take cover.

Approximately twelve minutes later, Cloudflare systems automatically detected and mitigated DDoS attacks that targeted websites that provide critical information and alerts to civilians on rocket attacks. The initial attack peaked at 100k requests per second (rps) and lasted ten minutes. Forty-five minutes later, a second much larger attack struck and peaked at 1M rps. It lasted six minutes. Additional smaller DDoS attacks continued hitting the websites in the next hours.[3]

According to the investigation, malicious apps targeted Android phones, enabling Hamas hackers to access users’—particularly occupation soldiers’—sensitive information. The investigation noted that in the days following the launch of Tufan al-Aqsa, other websites were targeted by intensive distributed denial-of-service (DDoS) attacks. It revealed that this accounted for 56 percent of all attacks. Additionally, hackers successfully exploited a vulnerability in the “Red Alert” app, which alerts denizens living in occupied Palestine to a possible attack; this enabled the hackers to expose servers and application programming interfaces (APIs) and send users misleading alerts. The banking sector, financial services companies, insurance companies, and government administration websites were exposed. This cyberattack demonstrates a degree of sophistication that justifies a more thorough historical review of Hamas’ cyber-intelligence capabilities. For, although Hamas’ Cyber Unit was only officially announced on 13 October 2022, its infrastructure was developed over multiple decades.[4]

The History of Hamas’ Cyber-Intelligence

Jumʿa al-Ṭaḥla, a Jordanian of Palestinian origin, was born in Jordan in 1962. He participated as a fighter in the Israeli invasion of Beirut in 1982 and subsequently in the war in Afghanistan, before later joining the ranks of the Izz al-Din al-Qassam Brigades in the Gaza Strip. In 2004, he formally joined the Qassam Brigades, leaving his business activities and a construction company he had founded in the United Arab Emirates in order to travel to Syria, where he contributed to the development of the Brigades’ weapons and combat tactics.

2004 was also the year in which Hamas undertook one of its earliest hacking operations. Beginning in 2004, an operative known as “R.” who lived within 1948 occupied Palestine was employed as a software engineer at the telecommunications company, Cellcom. By virtue of his position, he obtained wide access privileges to the company’s computers, information systems, and databases. Over the subsequent decade, he diligently and clandestinely collected information that would later be passed on to Hamas operatives. This report will return to “R.,” whose data, come 2017, was finally utilized by the Hamas Cyber Unit.

Meanwhile, al-Tahla continued his work from Damascus until 2009, when, at the request of the movement’s leadership, he set out for the Gaza Strip. During this journey, he was arrested by Egyptian security forces and remained in Abū Zaʿbal Prison until 2011, following the fall of the Mubarak regime. Upon his arrival in Gaza thereafter, the Qassam Brigades initiated the first phase in the formation of the Cyber Unit.[5]

The establishment of this unit followed the Brigades’ first electronic attack during the “Battle of Ḥijārat al-Sijjīl” in 2012, during which more than 5,000 mobile phones belonging to officers and soldiers in the occupation army were penetrated. This operation was accompanied by the hacking of an Israeli television channel and the broadcast of threatening messages in Hebrew, constituting an important turning point.

During the approximately ten years that al-Ṭaḥla spent in the Gaza Strip, he became a close confidant of Mohammed Deif and contributed his expertise in cybersecurity through the development of programs related to electronic warfare and scientific development within the Qassam Brigades. In 2014, al-Tahla oversaw the establishment, formation, and structuring of the Electronic Warfare Unit and the “Cyber weapon” (Silāḥ al-Sāybar), personally leading numerous attacks targeting the occupation’s critical infrastructure.

READ THE FULL ARTICLE ON SUBSTACK FOR FREE

Mujamma Haraket is a political scientist based in the Middle East writing under an anonymous sobriquet. Areas of concentration include: the political history of the Palestinian muqawama with focus on the Islamic Resistance Movement and political philosophy