Euro Security Watch with Mathew J. Schwartz

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Intelligence Failure: Surprise Strike on Israel by Hamas

Militants Likely Planned Assault Offline, to Evade Digital Surveillance Dragnet
Intelligence Failure: Surprise Strike on Israel by Hamas
The Israel Navy striking Gaza from the sea on July 25, 2014 (Image: IDF via CC BY-SA 2.0 DEED)

How did Israeli intelligence fail to spot and stop the deadly assault on Saturday by Hamas militants?

See Also: First Annual Generative AI Study - Business Rewards vs. Security Risks: Research Report

The worst attack against Israel since the 1973 Yom Kippur War appears to represent a massive intelligence failure for the Middle Eastern nation and its allies.

"This is our 9/11," said Maj. Nir Dinar, a spokesperson for the Israeli Defense Forces, in a Monday statement. "They got us."

The surprise, coordinated assault from the Gaza Strip by a force believed to comprise 1,000 fighters has led to over 700 Israelis being killed, 2,150 injured and an unknown number taken hostage by Hamas and Islamic Jihad militants, the Israeli Defense Forces reported Monday.

"To call this an intelligence failure is too simple. Every single piece of defense - air, land, water - failed," said Juliette Kayyem, a national security expert who is a senior lecturer at Harvard's Kennedy School of Government, via X, formerly known as Twitter.

"It is inexplicable to those of us who have worked with them or know their capacity," added Kayyem, who served as assistant secretary for intergovernmental affairs at the Department of Homeland Security under President Barack Obama.

While U.S. intelligence had been tracking increased tensions in recent months, it saw no indications suggesting Hamas was planning a major offensive, a senior U.S. intelligence official told CNN. Expect Israel and the U.S. to collate intelligence reports "in the coming days to see whether there were things missed or if there was intelligence collected and misread, or if we have a completely dark area we didn't know about," the official said.

"We were surprised this morning," Lt. Col. Richard Hecht, the IDF's international spokesman, told CNN on Saturday. "About failures, I prefer not to talk at this point right now. We're in war. We're fighting. I'm sure this will be a big question once this event is over."

He added: "I assume the intelligence question will be talked about down the road and we'll learn what happened there."

Offline Planning?

Israel's intelligence apparatus is viewed as being one of the best in the world. Where commercial spyware is concerned, the country is a powerhouse. Perhaps the planners of the Saturday attack used these facts against their adversaries.

"Given how everyone missed it, I wonder if they just planned everything without using computers and phones at all," the cybersecurity expert known as the Grugq said in a post to X.

Such capabilities are well within Hamas' grasp, and there's no sign Russia was directly involved, said Hanna Notte, who works with the James Martin Center for Nonproliferation Studies as well as the Center for Strategic and International Studies.

"I have not seen evidence of direct Russian backing for Hamas and this attack - planning, weapons, execution," she said in a post to X. "To be clear: There was no need for Russian assistance. The Iran-Hezbollah-Hamas axis is highly capable. Let's not delude ourselves." The Hezbollah movement, backed by Iran, also supplies weapons and support to Hamas.

The Role of Compartmentalization

Like 9/11, the Saturday attack on Israel was a surprise - and likely also planned using extreme amounts of compartmentalization.

In 2001, British intelligence officials told the Observer newspaper that the FBI had officially concluded that of the Sept. 11 hijackers, 11 out of 19 believed they were taking part in "conventional" airplane hijackings, not suicide missions.

The planners behind this past weekend's assault must have also carefully controlled the flow of information to prevent leaks. The 1,000 fighters deployed in the assault initially believed they were only participating in military exercises, as part of a campaign that was planned for two years and timed to occur on both the Jewish Sabbath as well as a major religious holiday, a source close to Hamas told Reuters.

The assault began with what Israel described as 2,500 missiles fired from Gaza - some reaching as far north as Tel Aviv. At the same time, fighters using hang-gliders and motorized paragliders crossed into Israel and destroyed part of Israel's security barrier designed to keep militants from sneaking in, backed by a bulldozer, allowing militants to stream through from Gaza, Reuters reported.

No Suggestion of Cyberattacks

Thus far, no observers have suggested Hamas combined its assault with cyberattacks. Hamas has some degree of cyberespionage and online attack capability. Western intelligence sources in 2020 told newspaper The Times of London that Hamas had created a cyber operations and cyberattack headquarters in Turkey, without the knowledge of that country's officials.

In a report released last week, Microsoft said it has tracked some cyber operations being launched by a Gaza-based group with the codename Storm-1133, which it said has been "targeting Israeli private sector energy, defense and telecommunications organizations," by using phishing messages sent via social media, often using fake LinkedIn profiles. Throughout the year, researchers reported that the group had continued to try and infect victims with a backdoor (see: Global Cyberespionage Operations Surging, Microsoft Warns).

If cyberattacks played no part in the Saturday assaults, that would be no surprise. Before Russia launched its all-out assault on Ukraine in February 2022, some cybersecurity experts predicted Moscow would use malware to cripple Ukraine's infrastructure ahead of an invasion by ground forces.

Aside from Moscow using some wiper malware, including bricking tens of thousands of Viasat KA-SAT satellite communications network consumer broadband modems on the day of invasion, this never came to pass. Nearly 20 months into the war, military experts say one notable aspect of Russia's strategy remains the degree to which it has not coordinated cyber operations with kinetic attacks.

Likely that's because missiles can be used to more reliably cause death, destruction and terror. Also, integrating conventional military efforts with cyber operations turns out to be incredibly difficult. As a result, experts say, Moscow appears instead to be focusing much more on cyberespionage operations.

Israel Launches Military Offensive

In response to the Saturday assault from Gaza, the IDF on Saturday launched Operation Swords of Iron, targeting Hamas militants and members of Islamic Jihad in part via air strikes. Israeli Prime Minister Benjamin Netanyahu warned civilians to evacuate the Gaza Strip, warning that parts of it would be turned "into rubble." By Monday, the Palestinian Health Ministry reported that 493 people have been killed in Gaza and 2,751 injured.

"The days ahead will be long and difficult," the IDF's chief spokesman, Rear Adm. Daniel Hagari, said on Sunday. "We have paid a heavy price, but we will restore security to the people of Israel."

The White House said it has sent "additional assistance" to the Israeli Defense Forces and that more will follow in the coming days.

President Joe Biden, in a Sunday phone call with Netanyahu, "pledged his full support for the government and people of Israel in the face of an unprecedented and appalling assault by Hamas terrorists," the White House said.

Biden ordered additional U.S. naval and jet forces to be deployed to the region. The White House said it is working to prevent other regional powers from attempting to exploit the situation, including the Iran-backed Hezbollah movement, the BBC reported.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.