Persian Gulf
INT'L MOD
- Feb 19, 2023
- 8,939
- 10,851
- Country of Origin
- Country of Residence
Anti-Israel hackers stole troves of sensitive Israeli data and are now publishing gigabytes of secret and classified information. Unable to stop the hacks, Israel is waging a futile war to against the leaks
A few months ago, foreign hackers managed to break into a computer linked to Israel's Justice Ministry. Tens of thousands of classified files and sensitive emails were leaked. Links allowing anyone to download the breached files were published on Telegram, the popular instant messaging app.
However, they soon began to disappear. One by one, the hacker's Telegram channels were taken down, their users deleted and posts that shared the download links gone.
Since October 7, Israel has faced an unprecedented onslaught of cyber-attacks: accounts of officials and key figures from Israel's security establishment, servers of private firms, military and defense contractors, municipalities, hospitals and even government ministries and key bodies they interact with were all targeted, if not successfully hacked, in a seemingly endless string of attacks, the full extent of which has not yet been made public.
Many of the hackers present themselves as pro-Palestinian forces, but are often fronts for Iran's semi-official cyber-intelligence hackers. Usually, their goals are to collect information, attack infrastructure and disrupt different services. However, they are also interested in what is termed "perception hacking" and psychological warfare, in this case intended to embarrass Israel, the so-called cyber nation.
Sources say the true extent of the damage to Israel's security and economy caused by these leaks is not yet fully known, not even to those in charge of dealing with the issue in Israel. They say that despite massive investment in defensive cybersecurity measures, the scale of the leaks is likely the most severe in Israel's history – "an unprecedented looting of gigabytes upon gigabytes of information of all sorts."
Local cyber security experts explain that many times, the surfacing of hacked materials is just the public crescendo of a clandestine hack that began some time ago.
After their intelligence value is maxed out, or their operation is caught, the hackers shift gears and begin very loudly trying to publicize the stolen digital goods. Their goal: cause financial and reputational damages to Israel and Israeli firms, especially those who work with the military or state.
In other words, after the hacks come the leaks. Accordingly, once hacked, Israel works to prevent the leak and try to minimize its spread, and thus try to mitigate the long term damage caused by its online existence.
According to a number of people knowledgeable on the matter, Israel is waging a digital war on a number of fronts to try to stem the seemingly endless leak of its information. These efforts include monitoring the web and social media sites for leaks and using legal take-down requests to tech firms like Google, Amazon, Meta and even Telegram, to have them removed or blocked.
In some cases, the policy proves quite successful. Websites hosted by Western firms have been taken down for providing a home for digital loot flagged by Israeli authorities. Recently, a number of accounts were taken down by Telegram after posting links to hacked materials, including the hackers' own official channels, but also that of a well-known leaks website that frequently works with journalists and has recently started hosting leaked Israeli data.
However, critics say the efficacy of the policy, which also includes the use of local gag orders and censorship, is of limited value and poses a number of risks and ethical dilemmas. Though it helps quell some of the spread of what officials say is "information intended to harm Israel," it does so only partially.
Moreover, it has sparked a cat-and-mouse game with hackers who, dead set on leaking their goods online, have shifted to more advanced technological means to create websites that cannot be taken down.
The policy and the way it is deployed makes Israel unique. Many countries, including the U.S., usually take criminal or legal steps against leakers, foreign and local, but will make peace with the leak's existence online. Israel, on the other hand, uses tech firm's internal rules to get them to take down the hacked goods on its behalf – and thus prevent the leaked data from reaching the public or journalists, both in Israel and abroad.
Platforms, even those considered hostile to government requests like Telegram, have rules in place intended to defend them against the legal ramifications of their users' conduct. These can include anything from take down requests due to copyright infringement, or legal claims of libel.
Hacked materials fall under a broad category of stolen goods, so the same policies in place to prevent the spread of files for illegally downloading movies or television series can also be used to take down hacked materials stolen from Israeli servers without consent.
In recent months, for example, Israeli requests flagging violations of Telegram's terms of use have led to at least 10 takedowns of hacker groups' users and channels. Many times, it's the same hacker group who, undeterred, have opened a new channel and posted new links to the same leak.
Telegram has proved a massive challenge for Israel since the start of the war. While many tech firms have streamlined mechanisms through which states can reach out to them, Telegram is considered the least cooperative of them all.
More than that, while many social media platforms have invested heavily in moderation, allowing people and organizations to help monitor content – for example, the removal of antisemitic content or posts inciting terrorism or even the removal of videos from the October 7 massacre – Telegram has not. States and users alike have a single email address to which they can send their grievances.
The data speaks for itself: According to official numbers provided by Israel, the Justice Ministry has sent Facebook over 40,000 successful requests to remove "illegal content." These are not pro-or-anti-Israel posts, but rather content that is illegal by Western standards. Even TikTok has taken down over 20,000 posts flagged by Israel. On Telegram, that number is just over 1,300.
After the initial leak from the Justice Ministry breach was published in April, officials at the office and in Israel's National Cyber Directorate tried to downplay its significance. "These are just old documents from an outdated system and no ministry network was actually penetrated."
The data itself however, reveals the personal details of senior Israeli officials and contains sensitive documents and email exchanges, including those about classified subjects and information that cannot be published for legal reasons.
At the time, Israeli officials said that a gag order had been placed on the leak and the investigation into it, but also on "the publication of any information" derived from it. "A number of Telegram channels that published the documents were also taken down, and work on this front continues," the cyber body said at the time.
"One of the main issues that Iranian operators seem to face is hosting," Ben Ami explains. "These difficulties aren't unique to Iran, Russia faces similar difficulties and utilizes bulletproof hosting providers that also support cybercrime," he says.
In fact, the Iranians are using Russian providers not beholden to Western legal standards. Somewhat in line with its influence goals, Ben Ami notes that one of the Russian hosting sites the Iranian hackers utilize was recently exposed as a key hosting provider for the Russian Doppelganger campaign, in which websites across the world were forged using AI.
He further explains that hackers have started making use of decentralized "onion domains" that "make it significantly harder for government agencies to identify the domain host, thus making a takedown from the provider significantly more difficult."
Just this week, another known Iranian hacker group posted a new leak on such a website. It claimed to have hacked a mid-sized private Israeli defense contractor and is threatening to leak its data on a new website is set up that uses the same type of technology behind cryptocurrencies like Bitcoin.
One of the more recent Telegram takedowns saw not just hackers removed, but also a channel run by a collective of former journalists who now operate a WikiLeaks-style website. The goal of their site is to provide a safe online haven for leaks of different types, and they frequently work with journalists, including on leaks from Israel, that are also referred to from their Telegram channel.
They claimed that their channel was taken down after a request from Israel. The Justice Ministry's cyber unit refused to specifically address this or any case, but seemed to shift the blame to Telegram, saying in response to a question by Haaretz: "We take action against posts, and sometimes the platforms use their independent discretion to make their own decisions, based on their own policies, to also remove a page."
However, many say the digital cat is already out of the bag, and any attempt to effectively try and censor leaks will prove futile – like herding cats, to use the 1990s internet adage about moderating chat rooms and forums.
Critics point to recent publications abroad of stories based on information originating in leaked data as a proof of the futility of Israel's policy. Though Israeli journalists were legally barred from reporting them, in one case a story also ended up being published locally by a number of Israeli outlets who did not know about the secretive gag order. These reports, much like the leaked data and the websites hosting it, are still online.
A few months ago, foreign hackers managed to break into a computer linked to Israel's Justice Ministry. Tens of thousands of classified files and sensitive emails were leaked. Links allowing anyone to download the breached files were published on Telegram, the popular instant messaging app.
However, they soon began to disappear. One by one, the hacker's Telegram channels were taken down, their users deleted and posts that shared the download links gone.
Since October 7, Israel has faced an unprecedented onslaught of cyber-attacks: accounts of officials and key figures from Israel's security establishment, servers of private firms, military and defense contractors, municipalities, hospitals and even government ministries and key bodies they interact with were all targeted, if not successfully hacked, in a seemingly endless string of attacks, the full extent of which has not yet been made public.
Many of the hackers present themselves as pro-Palestinian forces, but are often fronts for Iran's semi-official cyber-intelligence hackers. Usually, their goals are to collect information, attack infrastructure and disrupt different services. However, they are also interested in what is termed "perception hacking" and psychological warfare, in this case intended to embarrass Israel, the so-called cyber nation.
Sources say the true extent of the damage to Israel's security and economy caused by these leaks is not yet fully known, not even to those in charge of dealing with the issue in Israel. They say that despite massive investment in defensive cybersecurity measures, the scale of the leaks is likely the most severe in Israel's history – "an unprecedented looting of gigabytes upon gigabytes of information of all sorts."
Local cyber security experts explain that many times, the surfacing of hacked materials is just the public crescendo of a clandestine hack that began some time ago.
After their intelligence value is maxed out, or their operation is caught, the hackers shift gears and begin very loudly trying to publicize the stolen digital goods. Their goal: cause financial and reputational damages to Israel and Israeli firms, especially those who work with the military or state.
In other words, after the hacks come the leaks. Accordingly, once hacked, Israel works to prevent the leak and try to minimize its spread, and thus try to mitigate the long term damage caused by its online existence.
According to a number of people knowledgeable on the matter, Israel is waging a digital war on a number of fronts to try to stem the seemingly endless leak of its information. These efforts include monitoring the web and social media sites for leaks and using legal take-down requests to tech firms like Google, Amazon, Meta and even Telegram, to have them removed or blocked.
In some cases, the policy proves quite successful. Websites hosted by Western firms have been taken down for providing a home for digital loot flagged by Israeli authorities. Recently, a number of accounts were taken down by Telegram after posting links to hacked materials, including the hackers' own official channels, but also that of a well-known leaks website that frequently works with journalists and has recently started hosting leaked Israeli data.
However, critics say the efficacy of the policy, which also includes the use of local gag orders and censorship, is of limited value and poses a number of risks and ethical dilemmas. Though it helps quell some of the spread of what officials say is "information intended to harm Israel," it does so only partially.
Moreover, it has sparked a cat-and-mouse game with hackers who, dead set on leaking their goods online, have shifted to more advanced technological means to create websites that cannot be taken down.
The policy and the way it is deployed makes Israel unique. Many countries, including the U.S., usually take criminal or legal steps against leakers, foreign and local, but will make peace with the leak's existence online. Israel, on the other hand, uses tech firm's internal rules to get them to take down the hacked goods on its behalf – and thus prevent the leaked data from reaching the public or journalists, both in Israel and abroad.
Platforms, even those considered hostile to government requests like Telegram, have rules in place intended to defend them against the legal ramifications of their users' conduct. These can include anything from take down requests due to copyright infringement, or legal claims of libel.
Hacked materials fall under a broad category of stolen goods, so the same policies in place to prevent the spread of files for illegally downloading movies or television series can also be used to take down hacked materials stolen from Israeli servers without consent.
In recent months, for example, Israeli requests flagging violations of Telegram's terms of use have led to at least 10 takedowns of hacker groups' users and channels. Many times, it's the same hacker group who, undeterred, have opened a new channel and posted new links to the same leak.
Telegram has proved a massive challenge for Israel since the start of the war. While many tech firms have streamlined mechanisms through which states can reach out to them, Telegram is considered the least cooperative of them all.
More than that, while many social media platforms have invested heavily in moderation, allowing people and organizations to help monitor content – for example, the removal of antisemitic content or posts inciting terrorism or even the removal of videos from the October 7 massacre – Telegram has not. States and users alike have a single email address to which they can send their grievances.
The data speaks for itself: According to official numbers provided by Israel, the Justice Ministry has sent Facebook over 40,000 successful requests to remove "illegal content." These are not pro-or-anti-Israel posts, but rather content that is illegal by Western standards. Even TikTok has taken down over 20,000 posts flagged by Israel. On Telegram, that number is just over 1,300.
After the initial leak from the Justice Ministry breach was published in April, officials at the office and in Israel's National Cyber Directorate tried to downplay its significance. "These are just old documents from an outdated system and no ministry network was actually penetrated."
The data itself however, reveals the personal details of senior Israeli officials and contains sensitive documents and email exchanges, including those about classified subjects and information that cannot be published for legal reasons.
At the time, Israeli officials said that a gag order had been placed on the leak and the investigation into it, but also on "the publication of any information" derived from it. "A number of Telegram channels that published the documents were also taken down, and work on this front continues," the cyber body said at the time.
"One of the main issues that Iranian operators seem to face is hosting," Ben Ami explains. "These difficulties aren't unique to Iran, Russia faces similar difficulties and utilizes bulletproof hosting providers that also support cybercrime," he says.
In fact, the Iranians are using Russian providers not beholden to Western legal standards. Somewhat in line with its influence goals, Ben Ami notes that one of the Russian hosting sites the Iranian hackers utilize was recently exposed as a key hosting provider for the Russian Doppelganger campaign, in which websites across the world were forged using AI.
He further explains that hackers have started making use of decentralized "onion domains" that "make it significantly harder for government agencies to identify the domain host, thus making a takedown from the provider significantly more difficult."
Just this week, another known Iranian hacker group posted a new leak on such a website. It claimed to have hacked a mid-sized private Israeli defense contractor and is threatening to leak its data on a new website is set up that uses the same type of technology behind cryptocurrencies like Bitcoin.
One of the more recent Telegram takedowns saw not just hackers removed, but also a channel run by a collective of former journalists who now operate a WikiLeaks-style website. The goal of their site is to provide a safe online haven for leaks of different types, and they frequently work with journalists, including on leaks from Israel, that are also referred to from their Telegram channel.
They claimed that their channel was taken down after a request from Israel. The Justice Ministry's cyber unit refused to specifically address this or any case, but seemed to shift the blame to Telegram, saying in response to a question by Haaretz: "We take action against posts, and sometimes the platforms use their independent discretion to make their own decisions, based on their own policies, to also remove a page."
However, many say the digital cat is already out of the bag, and any attempt to effectively try and censor leaks will prove futile – like herding cats, to use the 1990s internet adage about moderating chat rooms and forums.
Critics point to recent publications abroad of stories based on information originating in leaked data as a proof of the futility of Israel's policy. Though Israeli journalists were legally barred from reporting them, in one case a story also ended up being published locally by a number of Israeli outlets who did not know about the secretive gag order. These reports, much like the leaked data and the websites hosting it, are still online.
