<div dir="ltr">
<div class="gmail-top-anchor"></div>
<div id="gmail-toolbar" class="gmail-toolbar-container">
</div><div class="gmail-container" lang="en-US" dir="ltr">
<div class="gmail-header gmail-reader-header gmail-reader-show-element">
<a class="gmail-domain gmail-reader-domain" href="https://www.palestinechronicle.com/laptop-warriors-who-are-hamas-green-hat-hackers-and-why-they-terrify-israel/">palestinechronicle.com</a>
<div class="gmail-domain-border"></div>
<h1 class="gmail-reader-title">Laptop Warriors - Who Are Hamas’ ‘Green Hat Hackers’, and Why They Terrify Israel</h1>January 13, 2024</div>
<hr>
<div class="gmail-content">
<div class="gmail-moz-reader-content gmail-reader-show-element"><div id="gmail-readability-page-1" class="gmail-page"><div>
<img src="https://www.palestinechronicle.com/wp-content/uploads/2024/01/Hamas_Hackers_PC.png" alt="" title="Hamas_Hackers_PC" class="gmail-moz-reader-block-img" width="391" height="262" style="margin-right: 25px;">
Meet Hamas' cyber unit. (Image: Palestine Chronicle)
<p><strong>By <a href="https://www.palestinechronicle.com/writers/palestine-chronicle-staff" title="Display all articles for Palestine Chronicle Staff">Palestine Chronicle Staff</a></strong> </p>
<blockquote>
<h3><span>Using simple means, hackers belonging to Al-Qassam Brigades
became one of the most formidable cyberforces anywhere in the Middle
East. But how did they do it?</span></h3>
</blockquote>
<h4><b>‘Golden Cup’</b></h4>
<p><span>In an article published in Al-Jazeera, Mohamed Youssef wrote a
short investigation on Hamas’ ‘Green Hat Hackers’, the cyber force of
the Palestinian Resistance movement, which, at times, has managed to
play a major role in disabling or controlling Israel’s technological
communication networks using the simplest of means.</span></p>
<p><span>Youssef gave the example of the ‘Golden Cup’ app, a freely downloaded app from the Google store, designed for Android phones. </span></p>
<p><span>This simple app was introduced to the market in the summer of
2018, promising to be the fastest source of match dates, goals, and
stats related to each World Cup game. </span></p>
<p><span>The app was quickly downloaded by many people around the world.
It was also downloaded by the Green Hat Hackers of Hamas. But what was
so interesting about this app?</span></p>
<p><span>“In the case of this app, the malware is deliberately installed
after downloading the app from the Google Store with the aim of
bypassing the security screening process imposed by Google,” Youssef
wrote, adding: </span></p>
<p><span>“This gave the group of hackers the opportunity to remotely
execute code on the smartphone so that they could take full control of
it, and with it they could track location, access the camera and
microphone, upload photos, eavesdrop on calls, and extract files from
the phone”.</span></p>
<p><span>Through that simple trick, the military wing of the Palestinian
Resistance Movement Hamas managed to harvest a huge amount of data from
cell phones belonging to possibly thousands of Israeli soldiers. </span></p>
<h4><b>‘Green Hat Hackers’</b></h4>
<p><span>According to Youssef, Hamas’ cyber unit is not world-famous,
nor is it affiliated with a government, which is often the case.
Instead, it is talent-oriented, relying mostly on human intelligence as
opposed to technological infrastructure. </span></p>
<p><span>How did it start?</span></p>
<p><span>According to Youssef, the first major cyber attack was carried
out in 2012. However, Hamas did not announce that such a unit existed
until October 2022. </span></p>
<p><span>This might be related to the fact that there was no longer a
need to keep the identity of Juma al-Tahla, the founder of the unit,
secret. </span></p>
<p><span>Al-Tahla was assassinated by Israel in the war of May 2021, known to Palestinians as the ‘Battle of the Sword of Jerusalem’. </span></p>
<p><span>An Al-Qassam source told Al-Jazeera that “the establishment of
this unit was aimed at organizing technical attacks of the resistance,
and further developing them, especially in employing information,
whether in terms of field offensive operations or to thwart enemy
operations”.</span></p>
<p><span>Indeed, a parallel battlefield has been taking place since the
October 7 Al-Aqsa Flood operation, which success was also attributed to
the capabilities of the Green Hat Hackers.</span></p>
<p><span>Though denial-of-service attacks (DoS) are one of the
strategies used by the group, the Hamas’ hackers prioritize “espionage
operations and intelligence gathering.”</span></p>
<p><span>The term ‘Green hat hackers’ was coined by the Atlantic Council Foundation in a report published in November 2022.</span></p>
<p><span>According to Youssef, the term is a well-known one in cyber
security circles, referring to a relatively new specialist in the world
of hacking. Though this hacker may lack experience, “he is fully
committed to making an impact on the field, and is keen to continuously
learn from everything that happens during his journey.” </span></p>
<p><span>Hamas’ hackers are as impressive as its fighters, in the eyes
of intelligence and military specialists, as they are able to utilize
simple means to make great impacts, with the aim of defeating
traditional armies and state-run intelligence. </span></p>
<p><span>According to Youssef, in May 2019 the Israeli army carried out
an airstrike against a building in Gaza, claiming that it belonged to
Hamas’ cyber unit. This was the first time in the history of warfare
that a traditional military operation was carried out in response to the
threat of cyber attacks. </span></p>
<h4><b>Hamas’ Cyber Unit and October 7</b></h4>
<p><span>The New York Times was one of many newspapers that reported on
the impact of Hamas’ cyber units in collecting accurate information
about the Israeli army and intelligence before the October 7 operation. </span></p>
<p><span>Indeed, while Israel attempts to paint ‘Al-Aqsa Flood’ as a
random attack aimed at killing as many Israelis as possible, the
opposite is true. </span></p>
<p><span>Al-Qassam Brigades fighters seemed to know exactly where they
were headed and the precise locations of their military targets. They
even anticipated the response of the Israeli army and managed to cut off
much of its communications before and during the operation itself.</span></p>
<p><span>It would not be an exaggeration to argue that the October 7
attack would have not been possible without Al-Qassam’s cyber units and
the months, if not years, of planning and information gathering. </span></p>
<p><span>It is also important to note that Al-Qassam fighters were asked
to haul computers and other communication devices from military bases,
belonging to the Israeli ‘Gaza Division’ after successfully storming
them, with a large degree of ease. </span></p>
<p><span>Many claims have been made in media and social media regarding
the use of the information gleaned from these devices, although concrete
information on this issue remains sparse and unverified. </span></p>
<h4><b>‘New Level of Complexity’</b></h4>
<p><span>However, it was not October 7, 2023, but rather April 2022 that
witnessed what Cybereason described as the most sophisticated espionage
operations against Israel.</span></p>
<p><span>According to the Israeli company, this operation illustrated a ‘new level of complexity’ in Hamas’ cyberwork. </span></p>
<p><span>“The Israeli company discovered an elaborate espionage campaign
targeting Israeli individuals, including a group of high-profile
targets operating in sensitive defense, law enforcement, and emergency
services institutions inside Israel,” Youssef wrote.</span></p>
<p><span>Yet, this elaborate and complex operation resorted to simple
means of social engineering methods through the Facebook platforms and
other ‘backdoor’ methods. </span></p>
<p><span>What is so odd about the effectiveness of Hamas’ cyber unit
work is that Israeli companies are the ones affiliated with the most
sophisticated, and illegal, spyware, coveted by governments and
underground organizations alike. They include Pegasus, the infamous
spyware developed by the Israeli cyber-arms company NSO Group.</span></p>
<p><span>Hamas’ cyber unit, however, is either directly or loosely
affiliated with other hacker groups, which often manage to penetrate
official and non-official Israeli websites, disabling them or
downloading their data.</span></p>
<p><span>The Cyber Flood Operation, for example, has claimed, following
the October 7 war, through their Telegram channel, that they have
penetrated the Israeli Ministry of Defense website and “obtained
millions of data on Israeli reservists and military, especially about
the Israeli military division of northern Gaza.”</span></p>
<p><span>It was this particular hacking operation that informed the
world about the dual national soldiers fighting in the Israeli military.
They included Canadians, Belgians, Ukrainians, among others. Even their
photos and other related information were obtained through this hack,
according to Youssef. </span><span>There is no question that the ongoing
war on Gaza is a multi-layered one, and that the Al-Qassam’s Yassin-105
facing the Israeli Merkava tank is only a small chapter in a far-more
sophisticated war, fought by the Gaza youth using all means available,
and necessary.</span></p>
<p><i><span>(The Palestine Chronicle)</span></i></p>
</div></div></div>
</div>
<div>
</div>
<div></div>
</div>
</div>