Internet networks at cafes and popular rest houses scattered across the coast of the Gaza Strip have greatly benefited Mustafa al-Sayed (pseudonym), 29, from the Jabaliya refugee camp north of Gaza City. Since 2015, Sayed has been carrying out hacking and piracy activities along with a group of amateurs. By masking their IP addresses, they avoid being pursued by security services in Gaza and thus being held accountable.
Sayed received training courses in the field of information technology and programming seven years ago and specialized in what is known as “ethical hacking.” He told Al-Monitor that, along with a group of eight people, his goal is to make a profit — especially given the current economic conditions, the high unemployment rates among young people and the scarcity of job opportunities in the besieged enclave.
After Hamas took control of the Gaza Strip in 2007, the enclave became a fertile environment for cybercrime. Also, the Palestinian Legislative Council was disrupted and later dissolved in 2021, leading to the failure to enact new legislation or even amend old legislation so that it is equipped to combat cybercrime.
Articles 43, 44 and 45 of the Palestinian Electronic Transactions Law No. 6 of 2013 stipulate that persons who illegally break into the computers of others and seize their systems or use their data unlawfully are penalized. The penalties range from imprisonment for one to 10 years and a fine ranging from 2,000 Jordanian dinars ($2,813) to 20,000 Jordanian dinars ($28,133).
Sayed pointed out that in the beginning, his work was based on the theft of some personal accounts on social networking sites in Gaza, the West Bank and abroad. He later turned toward hacking bank accounts and credit cards. During one of his operations in 2020, he gathered around $11,000 and $500 from bank accounts.
“I was able to hack international companies such as Microsoft, Intel and Amazon, in addition to piracy of airlines and seat reservations on flights for people in exchange for small amounts of money. For example, if a ticket is worth $700, it would be hacked for $300. This would save the buyer money. In the meantime, using VPN and TOR would make it difficult to identify the hacker,” Sayed said.
He said that his work “is not only aimed at material profit. In some cases, he helps people recover their stolen accounts on social networking sites or their emails for free.” He also helps them adequately secure their accounts to avoid or reduce the possibility of breaches.
He added, “Hackers in Gaza are practicing their work somewhat freely from within the strip to target any international or Arab company or institution. This is possible because of the lack of cooperation between the security services of Hamas and Interpol. Moreover, articles of the Palestinian Penal Code are not being applied to those who have been arrested.”
In 2010, the al-Watan Palestinian news website published a research paper prepared by the head of the Legal Research and Studies Department at the Advisory and Legislation Bureau in Gaza entitled “Computer and Internet Crimes in Palestinian Legislation.”
The paper explained the absence of legislation related to computer and internet crimes in Palestine. It stated, “However, these crimes could be pursued through adapting the provisions of the Palestinian Penal Code to include computer-related crimes such as texts linked to theft, fraud, breach of trust, damage and others.”
The situation is no different for Asaad Ramadan (pseudonym), 33, from Gaza City, who told Al-Monitor that he has been working in hacking and piracy for 10 years, during which he was able to earn sums of money amounting to $37,000.
Ramadan describes himself as a white hat hacker — an “ethical hacker,” in other words. Yet his actions contradict this description as he aims to achieve financial gain through his various operations.
He said, “Before breaching the target site, we search for loopholes that allow us to access the entire site and its database and make copies. Breaching Arab sites is easier in comparison to international sites because of the many gaps that enable hackers to access and hack them.”
Ramadan targets credit cards and bank accounts of people in the Palestinian territories and abroad. He indicated that electronic crimes have become a widespread phenomenon in the sector, given the difficulty of arresting hackers by the security services. In fact, hackers use anonymous tools that are difficult to detect.
According to Ramadan, it is better to work individually in order to reduce the risks of detection and snitching. When working in groups, one individual could lead security services to the rest, so individual work in the field of hacking is much better than collective work.
Mahmoud Hassouna, a Gaza-based information technology expert, told Al-Monitor, “Hacking is an elaborate science that requires years of experience and training. There are training centers in Gaza that claim to teach young men and girls ethical hacking to protect themselves from hacking, extortion and data theft.”
Hassouna indicated that “these institutions receive sums of money ranging from $100 to $200 for each trainee depending on the material presented. The main goal is actually piracy and hacking instead of protection. One of the topics covered is certified ethical hacking, which is provided by the Vision Plus foundation in Gaza.”
He stressed that “the majority of graduates from these courses aim to achieve financial gain by hacking bank accounts and similar targets. There are those who, out of revenge, want to blackmail and spy on private messages and emails of some people by planting files in the victim’s computer. There are also some who aim to achieve national goals such as hacking websites for the Israeli army and other Israeli institutions.”