How a Pennsylvania cyberattack links to the war in Gaza — and how Israel is reacting
JUANA SUMMERS, HOST:
An Iran-linked hacking group broke into a water facility northwest of Pittsburgh last weekend, and while the breach didn't affect water safety here in the U.S., it is a striking example of how cyberattacks can bring a war happening continents away right up close. NPR cybersecurity correspondent Jenna McLaughlin joins us in studio to explain. Hi, Jenna.
JENNA MCLAUGHLIN, BYLINE: Hey.
SUMMERS: So, Jenna, there's a link here between this Pennsylvania water facility and the war between Israel and Hamas. Is that right?
MCLAUGHLIN: Yeah. It might seem random, but there is a connection. I promise. So the group responsible for the attack - they call themselves the Cyber Av3ngers, and they left a message on a video screen for one water pump in the station in Aliquippa. They wrote the message, you've been hacked, and down with Israel. They said that they targeted that particular device because some of its components were made in Israel. So in the early days of the conflict, after Hamas' brutal attack on Israelis, hackers played a smaller role. There were some smaller hacktivist groups. They boasted about low-level denial of service attacks, breaking into CCTV cameras. But then Iranian-linked groups kind of joined in the fight mid-November. And look. You know, this attack didn't end up having a major impact, but it still does show that Iran sees that anything tied to Israel, including U.S. critical infrastructure, is fair game.
SUMMERS: Jenna, what else can you tell us about the other hacking groups that you're seeing involved in this war?
MCLAUGHLIN: Yeah, there are actually a lot of them. There are dozens on both sides of the conflict, pro-Israel and pro-Hamas. Some of them already existed. Others are just recently popping up. I spoke to Gil Messing. He's the chief of staff at the Israeli cybersecurity firm Check Point, and he's been tracking all of this very closely. Here's what he said.
GIL MESSING: We're now tracking over 150 such groups. And since you and I started to correspond, it was probably 20 or 30 or 40. So there's more groups, and more hacktivist groups are joining.
MCLAUGHLIN: His main concern, though, was Iran. He says that these groups have gotten a lot more advanced in recent years. He made note of another group besides the Cyber Av3ngers called Cyber Toufan, and they've hacked some really prominent companies in Israel and taken down major businesses for multiple days, including Israel's version of Home Depot called Home Center.
SUMMERS: Cyber Toufan. I'm not familiar. What can you tell us about them?
MCLAUGHLIN: Yeah. So Messing actually told me that Toufan refers to the name that Hamas is using for this war. It means flood. They popped up on November 18 on Telegram. Messing says that Telegram is getting very popular in Israel, kind of similar to how Ukrainians are using it during the war with Russia. Messing says even his mom has it now. On Telegram, they've been dumping all of this sensitive data. And not only is it a huge disruption for the companies themselves. It gives hackers data about customers so that they can target additional future attacks. Cyber Toufan did actually briefly pause operations during the cease-fire, but they've already resumed their activities. They're claiming that they hacked an Israeli metalworking conglomerate now.
SUMMERS: OK. And how seriously is Israel taking these cyberattacks?
MCLAUGHLIN: It's a real concern, enough so that Israeli authorities are giving themselves new emergency wartime powers over cyber issues.
SUMMERS: Like what? Can you give us some examples?
MCLAUGHLIN: Yeah. So when it comes to cloud storage and digital service companies, if there's a major cyberattack and the Israeli government thinks that the company's response isn't sufficient, they can kind of step in and take over. And the main reason for that is because these companies are a major part of the supply chain. They work with and have contracts with vital services in Israel. That includes hospitals, government agencies. I think overall, this is a recognition of how Israel is really concerned about cyberattacks in the ongoing war with Hamas and its supporters.
SUMMERS: Thank you, Jenna.
SUMMERS: That was NPR's Jenna McLaughlin.
(SOUNDBITE OF KAYTRANADA'S "WEIGHT OFF (FEAT. BADBADNOTGOOD)") Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.