On October 7, Hamas launched an unprecedented terror attack on Israel, killing more than 1,200 people and taking hundreds of hostages. The attack prompted a deadly response from the Israel Defense Forces, which have reportedly left more than 10,000 dead in airstrikes and a ground invasion.
Shortly after the attack, the number of people online honeypots in Israel – fabricated networks designed to attract hackers – have increased dramatically, according to cyber security experts who monitor the Internet.
Cybersecurity companies and governments regularly use honeypots to catch hackers and observe their attacks on a network or decoy system under their control. In other words, these networks and systems are designed to be hacked to catch hackers or observe their techniques. Israel and Hamas are obviously engaged in real, kinetic conflicts, but in 2023, every conflict on the ground has some sort of cyber component. Developing honeypots can help understand what hackers are doing during the conflict.
John Matherly, founder of Shodan, the search engine for publicly exposed devices and networks, told TechCrunch that there has been an increase in honeypots in Israel.
“Most of the honeypots pretend to be a wide range of products/services. They don’t mimic specific devices as much as they try to capture any malicious activity happening across Israel,” he said.
Matherly said the increase started in September, but has grown since then.
“It appears that all honeypots are running web servers. I don’t see honeypots pretending to be industrial control systems, which means they’re trying to monitor all kinds of large-scale attacks on Israel, and they’re not focused on monitoring attacks on industrial infrastructure,” Matherly said.
And since the initial wave, the number of honeypots is “only increasing,” according to Matherly, who also noted that the increase could be attributed to AWS launching a new area in Israel in August.
Piotr Kijewski, CEO of Shadowserver Foundation, an organization that develops honeypots to monitor what hackers are doing online, he also confirmed that his agency has seen “far more honeypots being deployed in Israel now than before October 7.”
The increase put Israel in the top three in the world in terms of the number of deployed honeypots. Before the war, the country wasn’t even in the top 20, according to Kijewski.
“Technically it is possible for someone to suddenly launch a new honeypot deployment when they have developed this capability and yes in this case it appears that Israel is the focus,” Kijewski said in an email. “Usually we don’t see such large-scale cases appear overnight, and Israel has so far not been home to these amounts of honeypots (although of course there have always been honeypots in Israel, including ours).”
According to Silas Cutler, a resident hacker at the cybersecurity firm Stairwell, deploying honeypots in the conflict of a war “makes tactical sense.”
Contact us
Do you have more information on the cyber security aspect of the Israel-Hamas war? We would love to hear from you. Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.
Cutler told TechCrunch that during the first months of the war in Ukraine, “there was a lot of unaccountable, background, general exploitation against any infrastructure in the conflict area.”
“It’s mostly the same noise in the Internet environment … just more of it,” Cutler added. “I suspect people have learned that the only way to really see what’s going on is to upgrade the infrastructure and look.”
It is not clear who is deploying the honeypots across Israel or why. In theory, having honeypots would be in Israel’s interest as a tactical advantage, as a way to monitor what its adversaries are doing online.
A spokesman for the Israel Defense Forces did not respond to a request for comment.
