Thousands of new honeypots were deployed across Israel to catch hackers

ΣwhatOn October 7, Hamas launched an unprecedented terrorist attack on Israel, killing more than 1.200 people and taking hundreds of hostages. The attack prompted a deadly response from the Israel Defense Forces, which have reportedly left more than 10.000 dead in airstrikes and a ground invasion.

Shortly after the attack, the number of people online honeypot in Israel – fabricated networks designed to attract hackers – have increased dramatically, according to cyber security experts who monitor the Internet.

Cybersecurity companies and governments regularly use honeypots to catch hackers and observe their attacks on a network or decoy system under their control. In other words, these networks and systems are designed to be hacked to catch hackers or observe their techniques. Israel and Hamas are obviously engaged in real, kinetic conflicts, but in 2023, every conflict on the ground has some sort of cyber component. Developing honeypots can help understand what hackers are doing during the conflict.

Piotr Kijewski, CEO of Shadowserver Foundation, an organization that develops honeypots to monitor what hackers are doing online, he told TechCrunch that his organization has seen "far more honeypots being deployed in Israel now than before October 7."

The increase put Israel in the top three in the world in terms of the number of deployed honeypots. Before the war, the country wasn't even in the top 20, according to Kijewski.

"Technically it is possible for someone to suddenly launch a new honeypot deployment when they have developed this capability and yes in this case it appears that Israel is the focus," Kijewski said in an email. "Usually we don't see such large-scale cases appear overnight, and Israel has so far not been home to these amounts of honeypots (although of course there have always been honeypots in Israel, including ours)."

John Matherly, the founder of Shodan, the search engine for publicly exposed devices and networks, also confirmed to TechCrunch an increase in honeypots in Israel.

Matherly said the increase started in September, but has grown since then.

“It appears that all honeypots are running web servers. I don't see honeypots pretending to be industrial control systems, which means they're trying to monitor all kinds of large-scale attacks on Israel, and they're not focused on monitoring attacks on industrial infrastructure,” Matherly said.

And since the initial wave, the number of honeypots is "only increasing," according to Matherly.

According to Silas Cutler, a resident hacker at the cybersecurity firm Stairwell, deploying honeypots in the conflict of a war "makes tactical sense."

Cutler told TechCrunch that during the early months of the war on Ukraine, "there was a lot of unaccountable, background, general exploitation against any infrastructure in the conflict area."

"It's mostly the same noise in the Internet environment ... just more of it," Cutler added. "I suspect people have learned that the only way to really see what's going on is to upgrade the infrastructure and look."

It is not clear who is deploying the honeypots across Israel or why. In theory, having honeypots would be in Israel's interest as a tactical advantage, as a way to monitor what its adversaries are doing online.

A spokesman for the Israel Defense Forces did not respond to a request for comment.