Powerful state actor, not hackers, behind major attack on Israeli govt websites

The Black Shadow hacker group had claimed responsibility; it has long been linked to Iran.

 By Batya Jerenberg, World Israel News

Israeli officials believe that only a state actor could have downed Israeli government websites on Monday night, Israel Hayom reported Wednesday.

The attack, which the National Cyber Directorate took only several minutes to repel, prevented users from accessing almost all government websites that use the .gov.il domain. Defense and other security-related sites were not affected.

The Directorate said that it was a distributed denial-of-service (DDos) attack on a communications provider that also prevented access to some non-governmental sites as well. This kind of attack uses multiple connected online devices to overwhelm a website with fake traffic so that it crashes.

Although DDos attacks are a very common hacker tool, this one “could have been carried out only by a powerful entity – not a hacker or even a group of hackers,” one senior official told Israel Hayom.

A group calling itself Black Shadow had claimed responsibility for the cyber assault. Israeli officials have linked it to Iran over the last few years. Its public attacks on Israeli sites have often followed soon after some kind of serious anti-Iranian action had been taken, whether online or in real life, regardless of whether Israel admitted responsibility for them or not.

Those attacks, however, were never linked to political demands. Even if Black Shadow is controlled by the mullahs, it has made a name for itself in the traditional trade of hackers – blackmail. It has stolen data from private Israeli companies several times over the last two years. When the businesses refused to pay up, the group flooded the internet with sensitive medical and personal information of hundreds of thousands of Israelis.

Now, just around the time of the takedown, a Telegram group of Iran’s Islamic Revolutionary Guards Corps (IRGC) posted the word “Surprise” in both Hebrew and English. The timing is suspicious, especially since about half an hour after the websites crashed, Iranian television reported that the IRGC had supposedly prevented an Israeli-backed attempt to sabotage one of the country’s nuclear facilities.

While the official would not point a conclusive finger at Iran, he emphasized the seriousness of the incident by comparing it to the sort of attacks Israelis have suffered for decades, while praising the fast defensive measures that had been taken.

“Operational continuity was maintained,” he said. “Overall, this incident is similar to that of apprehending a suicide bomber heading to central Israel before he has the chance to carry out the attack.”

By some estimates, Israel suffers tens of thousands of anonymous cyberattacks a month, targeting among others, its hospitals, logistics companies and other strategic sectors. Only last August, the National Cyber Directorate and Communications Ministry carried out a long exercise that simulated a wide-ranging cyberattack on government and vital infrastructure.