On October 7, Hamas launched an unprecedented terrorist attack against Israel, killing more than 1,200 people and taking hundreds of hostages. The attack provoked a deadly response from the Israel Defense Forces, which reportedly left more than 10,000 dead in airstrikes and a ground incursion.
Shortly after the attack, the number of Internet-connected honeypots in Israel – networks manufactured to attract hackers – increased significantly, according to cybersecurity experts who monitor the Internet.
Cybersecurity companies and governments routinely use honeypots to catch hackers and observe their attacks on a decoy network or system under their control. In other words, these networks and systems are designed to be hacked in order to catch hackers or observe their techniques. Israel and Hamas are obviously engaged in real-world kinetic conflicts, but in 2023 every conflict on the ground has some form of cyber component. Deploying honeypots can help understand what hackers are doing during conflict.
Piotr Kijewski, CEO of the Shadowserver Foundation, an organization that deploys honeypots to monitor what hackers are doing on the Internet, told TechCrunch that his organization has seen “many more honeypots now deployed in Israel than before.” October 7.
This increase placed Israel among the top three in the world in terms of the number of honeypots deployed. Before the war, the country was not even in the top 20, according to Kijewski.
“Technically, it is possible for someone to suddenly deploy a new honeypot deployment after developing this capability and yes, in this case it appears to be focused on Israel,” Kijewski said in an email. “However, we don’t normally see such large-scale instances popping up overnight, and until now, Israel hasn’t been a place for that many honeypots (although, of course, there are has always had honeypots in Israel, including ours). »
John Matherly, the founder of Shodan, the search engine for publicly exposed devices and networks, also confirmed to TechCrunch an increase in honeypots in Israel.
Matherly said the increase started in September but has been increasing since then.
“It seems that all honeypots use web servers. I don’t see any honeypots pretending to be industrial control systems, meaning they are trying to track any sort of large-scale attacks on Israel and are not focused on tracking attacks on industrial infrastructure.” , Matherly said.
And since the first wave, the number of honeypots “has only increased,” according to Matherly.
According to Silas Cutler, resident hacker at cybersecurity firm Stairwell, deploying honeypots in a war conflict “makes tactical sense.”
Do you have more information on the cybersecurity aspect of the Israel-Hamas war? We would like to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email at firstname.lastname@example.org. You can also contact TechCrunch via SecureDrop.
Cutler told TechCrunch that during the first months of the war in Ukraine, “there were many general, unattributed exploitations against any infrastructure in the conflict zone.”
“It’s basically the same background noise as the Internet…but a lot more,” Cutler added. “I suspect people have learned that the only way to really see what’s going on is to run the infrastructure and watch.”
It is not clear who is deploying these honeypots across Israel, or for what reason. Theoretically, having honeypots would be in Israel’s interest as a tactical advantage, as a way to monitor what its adversaries are doing online.
An Israel Defense Forces spokesperson did not respond to a request for comment.