Former NSA hacker Jake Williams was referring to the attack that Israel carried out on Sunday on a building it claimed housed Hamas cyber attackers.
CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work.— Israel Defense Forces (@IDF) May 5, 2019
HamasCyberHQ.exe has been removed. pic.twitter.com/AhgKjiOqS7
"Israel destroys a Hamas hacking facility (non-combatants) in response to a non-specific cyber attack that was successfully repelled," Williams said. "The only official comment from the administration is to deny new military deployments are related (an obvious lie)."
iTWire contacted the Israel Defence Force on Monday morning to ask for any statement it had issued about the strike as there was no public statement on its website. The IDF has not yet replied.
The attack on this building was part of other offensive operations that took place after Hamas was alleged to have fired rockets into Israel over the weekend.
This is apparently real, it looks like Israel is boasting they blew up some people involved in a cyberattack. pic.twitter.com/lRiUPLQsXy— Kevin Beaumont ??♀️ (@GossiTheDog) May 5, 2019
Williams, a former member of the NSA's elite Tailored Access Operations Unit who now runs his own firm, Rendition Infosec, said: "Don't label Israel's actions as 'not our problem' or 'something happening a world away'. Neither is true."
He added: "It's not just the military at risk either. The US already linked hackers and contract support staff (developers, QA, systems admins) as legally equally culpable in nation state hacking. US contractors working in tertiary roles are equally at risk if we let this stand."
To be clear, I'm okay with anyone involved in the defense industrial complex being targeted. I understand the history and the law around this. But just because something is legal, that doesn't make it right. Pandora's Box has been opened. We may not like where this goes. 2/2— Jake Williams (@MalwareJake) May 6, 2019
In another thread, Williams, who regularly trains people in cyber security, put forward a theoretical situation, asking "Suppose we're in an active shooting conflict (like Israel and Hamas were). I'm teaching a group of students who happen to be Hamas hackers and support).
Regardless of any sovereign defense argument, an airstrike on cyber targets is murder. Lethal force against a cyber actor is killing someone unarmed.— Brandon McCrillis (@13M4C) May 6, 2019
Even if those actors may be able to cause a cyber effect, they cannot individually direct lethal force to defend themselves.
"Suppose we're in a commercial training facility in a high rise. We're one group on one floor (civilians elsewhere). Although there's no immediate danger from them right now, they performed an unspecified cyber attack (that was repelled) before class starts.
"After class is over today, they might go back to hacking Israel again. We obviously don't know their targets or their capabilities. What do you do here? Is it justified to blow up the building in retaliation for earlier attack?
"What if the motive is to prevent some unspecified future threat? Does the motive matter? They are, after all combatants on the cyber battlefield. But they aren't actively threatening anyone. How do you handle this? How should it be handled? Is bombing the building okay?
"After answering, read that again and replace Hamas and Israel with US and ISIS respectively. Does that change your answer at all? Then consider this is not a hypothetical. Does that change the answer?"