Iran’s electronic confrontation with Israel

The Econimist-Aug 15th2024

ZIV HOSPITAL is nestled at the bottom of Safed, the highest city in Israel, not far from the border with Syria and Lebanon. In November the hospital acknowledged that hackers had penetrated its computer systems. An Iran-backed hacking group would later claim to have gained access to 500 gigabytes of patient data, including 100,000 medical records linked to Israeli soldiers. That is hardly unusual. Hackers regularly target and breach hospitals, usually to extort ransoms.

The digital assault on Ziv, however, embodied the cyberwar raging between Israel and its enemies in the aftermath of Hamas’s massacre of Israelis on October 7th. The attack was novel in several respects, says Gaby Portnoy, the head of the Israel National Cyber Directorate (INCD), the country’s defensive cyber-agency, in an interview with The Economist. For one thing, it was a joint operation conducted by Iran and its ally Hizbullah, the militia and political party that dominates Lebanon. “They didn’t work so well together until October 7th,” he says. “We now see them…exchanging targets, exchanging capabilities. They are almost the same.”

The choice of target also broke with the past. Iran and Hizbullah had not previously attacked Israeli hospitals, says Mr Portnoy, a retired brigadier-general. After October 7th Ali Khamenei, Iran’s supreme leader, ordered cyber-operations against Israel to be expanded, he says, citing Israeli intelligence. The result has been a barrage both more intense and more refined.

The rate of cyberattacks against Israel rose three-fold after October 7th. Iranian ones have grown more sophisticated, with less spillover beyond the intended target. “They are more accurate, they collect better intel and they go to the right places,” says Mr Portnoy. “They know more about Israel, sometimes, than we do.” Previously it would take Iran weeks to exploit software vulnerabilities that had become public, he adds. That has fallen to days.

None has succeeded in disrupting Israel’s critical infrastructure, such as power or water systems, in part thanks to digital sensors placed inside the networks of crucial facilities after October 7th. Most of the intrusions are, in essence, a form of harassment rather than anything resembling an armed attack. Some are meant for espionage rather than subversion. But many are also a form of information warfare.

Know your enemy

Some Iran-linked hackers have masqueraded as the families of hostages captured by Hamas, with the aim of widening divisions in Israeli society. Iranian hackers have developed a sophisticated understanding of Israel’s social and political fractures, notes a recent study by the Institute for National Security Studies in Tel Aviv, with separate messages aimed at proponents and opponents of the war.