On October 7, Hamas launched an unprecedented terrorist attack against Israel, killing more than 1,200 people and taking hundreds hostage. The attack prompted a deadly response from the Israel Defense Forces, which has reportedly left more than 10,000 people dead in airstrikes and a ground raid.
Shortly after the attack, the number of people connected to the Internet honeys in Israel (manufactured networks designed to attract hackers) have increased dramatically, according to cybersecurity experts who monitor the Internet.
Honeypots are commonly used by cybersecurity companies and governments to trap hackers and observe their attacks on a decoy network or system under their control. In other words, these networks and systems are designed to be hacked to catch the hackers or observe their techniques. It is clear that Israel and Hamas are engaged in real-life kinetic conflicts, but in 2023, every conflict on the ground will have some type of cyber component. Implementing honeypots can help discover what hackers are doing during the conflict.
John Matherly, founder of Shodan, the search engine for publicly exposed devices and networks, told TechCrunch that there has been an increase in honeypots in Israel.
“Most honeypots aim to be a wide range of products/services. “They are not emulating specific devices but are trying to detect any malicious activity occurring throughout Israel,” she said.
Matherly said the increase started in September, but has increased since then.
“It seems that all honeypots run web servers. “I don’t see any traps that claim to be industrial control systems, meaning they are trying to track any type of large-scale attack against Israel and are not focused on tracking attacks on industrial infrastructure,” Matherly said.
And since the initial wave, the number of honeypots “has only been increasing,” according to Matherly.
Piotr Kijewski, CEO of the Shadowserver Foundation, an organization that implements honeypots to monitor what hackers are doing on the Internet, he also confirmed that his organization has seen “many more honeypots deployed now in Israel than before October 7.”
The increase brought Israel to the top three in the world in terms of the number of honeypots deployed. Before the war, the country was not even in the top 20, according to Kijewski.
“Technically, it is possible for someone to suddenly launch a new honeypot deployment once they have developed that capability, and yes, in this case it seems focused on Israel,” Kijewski said in an email. “However, we do not normally see such large-scale cases appear overnight, and Israel has not until now been a place for this amount of cheating (although, of course, there have always been cheating in Israel, including ours )”.
According to Silas Cutler, a resident hacker at cybersecurity firm Stairwell, deploying honeypots in the midst of a war “makes sense tactically.”
Contact Us
Do you have more information about the cybersecurity aspect of the war between Israel and Hamas? We would love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email [email protected]. You can also contact TechCrunch via SecureDrop.
Cutler told TechCrunch that during the first months of the war in Ukraine, “there was a lot of general, background, unattributed exploitation against any infrastructure within the conflict area.”
“It’s pretty much the same background noise as the Internet… just a lot more,” Cutler added. “I suspect people learned that the only way to really see what’s happening is to put the infrastructure in place and watch.”
It is not clear who is deploying the honeypots throughout Israel or for what reason. In theory, having honeypots would be of interest to Israel as a tactical advantage, as a way to monitor what its adversaries are doing online.
A spokesman for the Israel Defense Forces did not respond to a request for comment.
