Skip to main content


‘Golden Cup’

In an article published in Al-Jazeera, Mohamed Youssef wrote a short investigation on Hamas’ ‘Green Hat Hackers’, the cyber force of the Palestinian Resistance movement, which, at times, has managed to play a major role in disabling or controlling Israel’s technological communication networks using the simplest of means.

Youssef gave the example of the ‘Golden Cup’ app, a freely downloaded app from the Google store, designed for Android phones.

This simple app was introduced to the market in the summer of 2018, promising to be the fastest source of match dates, goals, and stats related to each World Cup game.

The app was quickly downloaded by many people around the world. It was also downloaded by the Green Hat Hackers of Hamas. But what was so interesting about this app?

“In the case of this app, the malware is deliberately installed after downloading the app from the Google Store with the aim of bypassing the security screening process imposed by Google,” Youssef wrote, adding:

“This gave the group of hackers the opportunity to remotely execute code on the smartphone so that they could take full control of it, and with it they could track location, access the camera and microphone, upload photos, eavesdrop on calls, and extract files from the phone”.

Through that simple trick, the military wing of the Palestinian Resistance Movement Hamas managed to harvest a huge amount of data from cell phones belonging to possibly thousands of Israeli soldiers.

‘Green Hat Hackers’

According to Youssef, Hamas’ cyber unit is not world-famous, nor is it affiliated with a government, which is often the case. Instead, it is talent-oriented, relying mostly on human intelligence as opposed to technological infrastructure.

How did it start?

According to Youssef, the first major cyber attack was carried out in 2012. However, Hamas did not announce that such a unit existed until October 2022.

This might be related to the fact that there was no longer a need to keep the identity of Juma al-Tahla, the founder of the unit, secret.

Al-Tahla was assassinated by Israel in the war of May 2021, known to Palestinians as the ‘Battle of the Sword of Jerusalem’.

An Al-Qassam source told Al-Jazeera that “the establishment of this unit was aimed at organizing technical attacks of the resistance, and further developing them, especially in employing information, whether in terms of field offensive operations or to thwart enemy operations”.

Indeed, a parallel battlefield has been taking place since the October 7 Al-Aqsa Flood operation, which success was also attributed to the capabilities of the Green Hat Hackers.

Though denial-of-service attacks (DoS) are one of the strategies used by the group, the Hamas’ hackers prioritize “espionage operations and intelligence gathering.”

The term ‘Green hat hackers’ was coined by the Atlantic Council Foundation in a report published in November 2022.

According to Youssef, the term is a well-known one in cyber security circles, referring to a relatively new specialist in the world of hacking. Though this hacker may lack experience, “he is fully committed to making an impact on the field, and is keen to continuously learn from everything that happens during his journey.”

Hamas’ hackers are as impressive as its fighters, in the eyes of intelligence and military specialists, as they are able to utilize simple means to make great impacts, with the aim of defeating traditional armies and state-run intelligence.

According to Youssef, in May 2019 the Israeli army carried out an airstrike against a building in Gaza, claiming that it belonged to Hamas’ cyber unit. This was the first time in the history of warfare that a traditional military operation was carried out in response to the threat of cyber attacks.

Hamas’ Cyber Unit and October 7

The New York Times was one of many newspapers that reported on the impact of Hamas’ cyber units in collecting accurate information about the Israeli army and intelligence before the October 7 operation.

Indeed, while Israel attempts to paint ‘Al-Aqsa Flood’ as a random attack aimed at killing as many Israelis as possible, the opposite is true.

Al-Qassam Brigades fighters seemed to know exactly where they were headed and the precise locations of their military targets. They even anticipated the response of the Israeli army and managed to cut off much of its communications before and during the operation itself.

It would not be an exaggeration to argue that the October 7 attack would have not been possible without Al-Qassam’s cyber units and the months, if not years, of planning and information gathering.

It is also important to note that Al-Qassam fighters were asked to haul computers and other communication devices from military bases, belonging to the Israeli ‘Gaza Division’ after successfully storming them, with a large degree of ease.

Many claims have been made in media and social media regarding the use of the information gleaned from these devices, although concrete information on this issue remains sparse and unverified.

‘New Level of Complexity’

However, it was not October 7, 2023, but rather April 2022 that witnessed what Cybereason described as the most sophisticated espionage operations against Israel.

According to the Israeli company, this operation illustrated a ‘new level of complexity’ in Hamas’ cyberwork.

“The Israeli company discovered an elaborate espionage campaign targeting Israeli individuals, including a group of high-profile targets operating in sensitive defense, law enforcement, and emergency services institutions inside Israel,” Youssef wrote.

Yet, this elaborate and complex operation resorted to simple means of social engineering methods through the Facebook platforms and other ‘backdoor’ methods.

What is so odd about the effectiveness of Hamas’ cyber unit work is that Israeli companies are the ones affiliated with the most sophisticated, and illegal, spyware, coveted by governments and underground organizations alike. They include Pegasus, the infamous spyware developed by the Israeli cyber-arms company NSO Group.

Hamas’ cyber unit, however, is either directly or loosely affiliated with other hacker groups, which often manage to penetrate official and non-official Israeli websites, disabling them or downloading their data.

The Cyber Flood Operation, for example, has claimed, following the October 7 war, through their Telegram channel, that they have penetrated the Israeli Ministry of Defense website and “obtained millions of data on Israeli reservists and military, especially about the Israeli military division of northern Gaza.”

It was this particular hacking operation that informed the world about the dual national soldiers fighting in the Israeli military. They included Canadians, Belgians, Ukrainians, among others. Even their photos and other related information were obtained through this hack, according to Youssef. There is no question that the ongoing war on Gaza is a multi-layered one, and that the Al-Qassam’s Yassin-105 facing the Israeli Merkava tank is only a small chapter in a far-more sophisticated war, fought by the Gaza youth using all means available, and necessary.

Meet Hamas’ cyber unit. (Image: Palestine Chronicle)

Source: The Palestine Chronicle

Leave a Reply