[News] Laptop Warriors - Who Are Hamas’ ‘Green Hat Hackers’, and Why They Terrify Israel

[Anti-Imperialist News]

palestinechronicle.com
<https://www.palestinechronicle.com/laptop-warriors-who-are-hamas-green-hat-hackers-and-why-they-terrify-israel/>
Laptop Warriors - Who Are Hamas’ ‘Green Hat Hackers’, and Why They Terrify
IsraelJanuary 13, 2024
------------------------------
Meet Hamas' cyber unit. (Image: Palestine Chronicle)

*By Palestine Chronicle Staff
<https://www.palestinechronicle.com/writers/palestine-chronicle-staff>*

Using simple means, hackers belonging to Al-Qassam Brigades became one of
the most formidable cyberforces anywhere in the Middle East. But how did
they do it?

*‘Golden Cup’*

In an article published in Al-Jazeera, Mohamed Youssef wrote a short
investigation on Hamas’ ‘Green Hat Hackers’, the cyber force of the
Palestinian Resistance movement, which, at times, has managed to play a
major role in disabling or controlling Israel’s technological communication
networks using the simplest of means.

Youssef gave the example of the ‘Golden Cup’ app, a freely downloaded app
from the Google store, designed for Android phones.

This simple app was introduced to the market in the summer of 2018,
promising to be the fastest source of match dates, goals, and stats related
to each World Cup game.

The app was quickly downloaded by many people around the world. It was also
downloaded by the Green Hat Hackers of Hamas. But what was so interesting
about this app?

“In the case of this app, the malware is deliberately installed after
downloading the app from the Google Store with the aim of bypassing the
security screening process imposed by Google,” Youssef wrote, adding:

“This gave the group of hackers the opportunity to remotely execute code on
the smartphone so that they could take full control of it, and with it they
could track location, access the camera and microphone, upload photos,
eavesdrop on calls, and extract files from the phone”.

Through that simple trick, the military wing of the Palestinian Resistance
Movement Hamas managed to harvest a huge amount of data from cell phones
belonging to possibly thousands of Israeli soldiers.
*‘Green Hat Hackers’*

According to Youssef, Hamas’ cyber unit is not world-famous, nor is it
affiliated with a government, which is often the case. Instead, it is
talent-oriented, relying mostly on human intelligence as opposed to
technological infrastructure.

How did it start?

According to Youssef, the first major cyber attack was carried out in 2012.
However, Hamas did not announce that such a unit existed until October
2022.

This might be related to the fact that there was no longer a need to keep
the identity of Juma al-Tahla, the founder of the unit, secret.

Al-Tahla was assassinated by Israel in the war of May 2021, known to
Palestinians as the ‘Battle of the Sword of Jerusalem’.

An Al-Qassam source told Al-Jazeera that “the establishment of this unit
was aimed at organizing technical attacks of the resistance, and further
developing them, especially in employing information, whether in terms of
field offensive operations or to thwart enemy operations”.

Indeed, a parallel battlefield has been taking place since the October 7
Al-Aqsa Flood operation, which success was also attributed to the
capabilities of the Green Hat Hackers.

Though denial-of-service attacks  (DoS) are one of the strategies used by
the group, the Hamas’ hackers prioritize “espionage operations and
intelligence gathering.”

The term ‘Green hat hackers’ was coined by the Atlantic Council Foundation
in a report published in November 2022.

According to Youssef, the term is a well-known one in cyber security
circles, referring to a relatively new specialist in the world of hacking.
Though this hacker may lack experience, “he is fully committed to making an
impact on the field, and is keen to continuously learn from everything that
happens during his journey.”

Hamas’ hackers are as impressive as its fighters, in the eyes of
intelligence and military specialists, as they are able to utilize simple
means to make great impacts, with the aim of defeating traditional armies
and state-run intelligence.

According to Youssef, in May 2019 the Israeli army carried out an airstrike
against a building in Gaza, claiming that it belonged to Hamas’ cyber unit.
This was the first time in the history of warfare that a traditional
military operation was carried out in response to the threat of cyber
attacks.
*Hamas’ Cyber Unit and October 7*

The New York Times was one of many newspapers that reported on the impact
of Hamas’ cyber units in collecting accurate information about the Israeli
army and intelligence before the October 7 operation.

Indeed, while Israel attempts to paint ‘Al-Aqsa Flood’ as a random attack
aimed at killing as many Israelis as possible, the opposite is true.

Al-Qassam Brigades fighters seemed to know exactly where they were headed
and the precise locations of their military targets. They even anticipated
the response of the Israeli army and managed to cut off much of its
communications before and during the operation itself.

It would not be an exaggeration to argue that the October 7 attack would
have not been possible without Al-Qassam’s cyber units and the months, if
not years, of planning and information gathering.

It is also important to note that Al-Qassam fighters were asked to haul
computers and other communication devices from military bases, belonging to
the Israeli ‘Gaza Division’ after successfully storming them, with a large
degree of ease.

Many claims have been made in media and social media regarding the use of
the information gleaned from these devices, although concrete information
on this issue remains sparse and unverified.
*‘New Level of Complexity’*

However, it was not October 7, 2023, but rather April 2022 that witnessed
what Cybereason described as the most sophisticated espionage operations
against Israel.

According to the Israeli company, this operation illustrated a ‘new level
of complexity’ in Hamas’ cyberwork.

“The Israeli company discovered an elaborate espionage campaign targeting
Israeli individuals, including a group of high-profile targets operating in
sensitive defense, law enforcement, and emergency services institutions
inside Israel,” Youssef wrote.

Yet, this elaborate and complex operation resorted to simple means of
social engineering methods through the Facebook platforms and other
‘backdoor’ methods.

What is so odd about the effectiveness of Hamas’ cyber unit work is that
Israeli companies are the ones affiliated with the most sophisticated, and
illegal, spyware, coveted by governments and underground organizations
alike. They include Pegasus, the infamous spyware developed by the Israeli
cyber-arms company NSO Group.

Hamas’ cyber unit, however, is either directly or loosely affiliated with
other hacker groups, which often manage to penetrate official and
non-official Israeli websites, disabling them or downloading their data.

The Cyber Flood Operation, for example, has claimed, following the October
7 war, through their Telegram channel, that they have penetrated the
Israeli Ministry of Defense website and “obtained millions of data on
Israeli reservists and military, especially about the Israeli military
division of northern Gaza.”

It was this particular hacking operation that informed the world about the
dual national soldiers fighting in the Israeli military. They included
Canadians, Belgians, Ukrainians, among others. Even their photos and other
related information were obtained through this hack, according to
Youssef. There
is no question that the ongoing war on Gaza is a multi-layered one, and
that the Al-Qassam’s Yassin-105 facing the Israeli Merkava tank is only a
small chapter in a far-more sophisticated war, fought by the Gaza youth
using all means available, and necessary.

*(The Palestine Chronicle)*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://freedomarchives.org/pipermail/news_freedomarchives.org/attachments/20240113/aaa9bde6/attachment.htm>