America's pre-cyber 9/11 moment: What U.S. Cyber Security establishment can learn from global cyber attacks on Israel

This July, as Hamas was firing missiles at Israel's main cities and Israeli citizens were huddled in bomb shelters, they began to receive text messages claiming to be from Israel's General Security Service warning them that "suicide bombers [have] sneaked into Tel-Aviv and [are] targeting shelters," and "Rocket from Gaza hit petrochemical plant in Haifa, huge fire, possible chemical leak, advised to evacuate Haifa." Others received text messages warning their recipients that they were being targeted for kidnapping. These messages were all from Hamas who managed to hack into more than a half million smart phones.

As soon as the recent Gaza conflict began in early July, Israel was also subjected to ongoing cyber attacks by Arab and Muslim hacktivist groups such as the Syrian Electronic Army (SEA), Izz Al-Din Al-Qassam Cyber Fighters, AnonGhost Cyber Army and groups affiliated with Hamas. Many of these groups have described the cyber-jihad against Israel as a religious obligation, and have received vocal and other support from leading religious figures.

In a lecture at the "#We_Are_All_Gaza" festival in Kuwait, Kuwaiti Muslim Brotherhood leader Tariq Al-Suwaidan – who has tweeted and posted to his 10 million social media followers that Arab and Muslim hacktivists must attack Israeli and Jewish targets – urged his audience, comprising of mostly students: "We want all the young people who are skilled in the use of Twitter, Facebook, and other technological media to think about what we call 'electronic jihad.' Today, the youth of the resistance hacked the Israeli Channel 10 twice... Each and every one of us, when leaving this hall, should be contemplating a plan how to wipe out Israel."


Al-Suwaidan was referring in his lecture to Hamas' July 15 hack into the satellite feed of Israel's Channel 10, with text stating: "Your government chose to begin this campaign. If your government won't agree to our terms, then prepare yourselves for a drawn-out stay in bomb shelters."

Previously, on July 3, the official Israel Defense Forces (IDF) Twitter account sent out a tweet warning Israelis that a missile had hit the country’s nuclear facility in Dimona, creating a hazardous nuclear leak – the result of a hack by the Syrian Electronic Army.

Other skilled hackers went after systems that control vital Israeli infrastructure, including Israel Electric Company power stations, water desalination plants, traffic lights, and railroads and other transportation systems.

Israel's defense establishment and military computers were also targeted by Anonymous and the Tunisian Hackers Team. They included Israel's Foreign Affairs and Defense Ministries, Air Force, the office of the president, the Knesset, the Israel Police, and the government's official jobs portal.

Israel's banking system was also under attack – notably, the Bank of Israel, one of the country’s largest banks, was hacked by Moxer Cyber Team, resulting in the leaking of emails and passwords, as well as the leaking by GhostSecTeam of employees' names, email addresses, passwords, and telephone numbers. At the same time, anti-Israel hackers went after thousands of largely unprotected civilian websites – most of which were taken down via DDoS attacks or defaced.

These cyber attacks against Israel give U.S. cyber security authorities a strategic understanding of what they can expect and what they need to prepare for in the future.

As John Carlin, the Assistant Attorney General for National Security in the U.S. Department of Justice, said on July 24 at the Aspen Security Forum: "[L]ooking ahead on cyber terrorism – and the 9/11 report just gave an updated report – we're in a ... pre-9/11 moment with cyber. It's clear that the terrorists want to use cyber-enabled means to cause the maximum amount of destruction as they can to our infrastructure. It's clear because they have said it... [and] have the capability now to cause significant damage..."

The 9/11 Commission's report further warned: "Security officials are concerned that terrorist groups' skills in computer technology – and in particular in manipulating offensive cyber capabilities – will increase in the years ahead..."

As the U.S. becomes more dependent on digital services for the functioning of critical infrastructure, business, education, finances, communications, and social connections – all of which have recently come under attack in Israel – "the Internet's vulnerabilities are," according to the commission, "outpacing the nation's ability to secure it."

This must serve as a warning to the U.S. that just as we need to protect our physical infrastructure, we must also protect our cyber domain and prepare for the types of attacks Israel recently experienced.