Cyber vigilantism – deterrent or provocation?

It depends on who you ask.

Calling themselves Hannibal, IDF-TEAM, Nuclear, and 0xOmer (a play on the Saudi hacker 0xOmar), Israeli hackers mobilized to retaliate against a series of cyberattacks launched earlier this month, spiraling into what has been called a “cyberwar” by some Israeli and Saudi hackers. In addition to their “cyberswipes,” the hackers have also ratcheted up their rhetoric and issued ominous warnings, like something out of a hero-and-villain story in the pages of a comic book.

Now entering its fourth week, the cyberwar only seems to be intensifying. Anti-Israel hackers threatened in recent days to paralyze some 40 critical Israeli websites , while self-described Saudi hacker 0xOmar — believed to be responsible for the first round of cyberattacks against Israel — said this week: “I am one of the strongest haters of Israel … I will finish Israel electronically … I can publish any information about Israel but I am just waiting for the right time and place.”

Just one day later, Israeli hacker Hannibal said in an online post that he had published the details of 100,000 Arab email accounts, and warned: “The Arabs should learn a lesson and know not to mess with me … I have about 30 million email accounts, 10 million bank accounts, 4 million credit cards of Arabs from all over the world …”

Like a Batman on broadband, Hannibal and his fellow Israeli hackers claim to execute cyberattacks that are retaliatory in nature, swooping in to come to Israel’s defense.

“If [the foreign hackers] appear again, I [will] again come to save Israel. Trust me. I’ll always be around,” Hannibal said. “You can call us the defenders of Israel,” 0xOmer said.  “We have no desire to hurt innocent people … We are only trying to deter additional attacks against Israeli websites,” a member from the hacker IDF-TEAM said.

Their proclamations are certainly heroic, but are these cyberspace saviors all they purport to be?

The Israeli hackers have been hailed by their peers, by others in the cyberworld and even by some in the press — but how many more innocent people will be affected in this cyber tit-for-tat that appears to be more of a contest to show “who’s boss” in the cyber-Middle East than a real defense of Israel?

So far, the hackers have confined themselves to leaking personal information and carrying out denial-of-service attacks against their targets — something that sparked alarm among those affected, even if it was not a major attack — but could this escalate into something more dangerous?

Dr. Gabi Siboni, head of the Cyber Warfare Program at the Institute for National Security Studies, warns that if Israeli hackers are allowed to continue their unsanctioned cyberattacks against other countries, “a real cyberwar could develop and we could lose control of our cyberspace.”

In effect, one attack by an Israeli hacker against the cyberspace of another country could shut down that country’s electronic infrastructures. This could, in turn, provoke a major confrontation between Israel and that country, leading to possibly harsher counterattacks extending from the cyberbattlefield into reality.

“Just imagine if every time a Qassam was fired at a kibbutz near Gaza that one of the residents of the kibbutz was to fire one back,” Siboni told me, illustrating the danger that cyber vigilantism poses for Israel’s security.

In order to prevent such scenarios, Siboni says that the rules that apply for the deployment of force against other countries must also be applied for launching cyberattacks against international targets. “In a democratic country, only authorized organizations are allowed to use force. And it’s the same in the cyberworld. Israel, or any other democratic country, cannot allow private individuals to attack the cyberspace of other countries. The authorities must state loud and clear that this is illegal and that [hackers] will be subject to full enforcement of the law. The response to hacker attacks by foreigners must come only from the government.”

However, with the exception of a few Israeli officials who have spoken out  in the last few weeks against the hackers, an organized or official government response to the cyberattacks has been lacking. Without an overarching policy or mechanism to protect the country’s cyberspace, the Israeli hackers’ counterattacks could actually be doing Israel a service.

As Dror Ben David, writing for Israel Hayom this week, pointed out, there are separate state bodies in Israel that have been charged with protecting electronic data bases and online privacy, but they are not enough. “E-commerce and a plethora of other activities conducted in cyberspace aren’t covered by these measures. Civilian online activity must also be overseen by the government,” Ben David writes.

A new National Cyber Directorate, announced by Prime Minister Benjamin Netanyahu last August, was to address some of these issues and coordinate with other government bodies on monitoring all areas of Israel’s cyberspace, but the directorate has been slow in moving, with some reports even saying that it has lacked resources and personnel. Absent an organized policy or response against anti-Israel hackers, and Israel’s cyber vigilantes may serve as a good deterrent against future attacks.

Another issue that arises is that, unlike in conventional warfare where the targets are known, in the complex and seemingly borderless cyberworld it may not be so easy to find rogue hackers and bring them to justice. The Israel Air Force can pursue a terror squad in the Gaza Strip after it launches a Qassam at Israel, but can the authorities just as easily capture a crafty hacker?

In comments published by Arab media on Sunday, 0xOmar, the purported Saudi hacker, boasted, “No one in the electronic world can find me, hence no one can arrest me.”

The Israeli Hannibal revealed in a post on Sunday that the authorities had successfully shut down his email, but he simply created another address and continued operating, moving on to his next project: recruiting “members of the military and spies from Iran who want me to leak information, military documents of the Iranian Army … especially on the nuclear reactor.”

Siboni, however, hints that the hackers can be tracked down. “If the authorities want to know who launched the attacks, we have the capabilities to find this out. It will cost money and take time, but it is possible to find this out, just like we can find out which foreign hackers attacked us.”

Reprinted here with permission from Israel Hayom.