May 2019, the Israel Defense Forces (IDF) launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space. It came amid days of intense fighting between the IDF and terror groups in the Gaza Strip.
The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.
Israel Defense Forces said via Twitter: “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”
It could mark a change in modern cyber warfare tactics, given that it is the first time a cyber-attack has been met with immediate physical retaliation in real-time during active conflict. However, allegedly the US is still the first country to respond to cyber-attacks with military force. In 2015, USA launched a drone strike to kill the British national in charge of ISIL’s hacker groups Junaid Hussain. Hussain had also dumped personal details of US military forces online.
This 2019 attack is different to the 2015 US retaliation: The IDF apparently reacted immediately, rather than planning its response over weeks or months.
Operations in cyber space are not governed by the rules of warfare. However, the Geneva protocols and international law do cover a response occurring in the physical domain. There have been attempts to bring in rules for cyber warfare with the Tallinn Manual on the International Law applicable to Cyber Warfare, but this has not been ratified or adopted by any nation or multinational organization.