Cyber Incident Victim: Israel Defense Forces

On July 4, 2014, the official Twitter account of the Israel Defense Forces (IDF) posted a false warning about a nuclear leak at the Negev Nuclear Research Center near Dimona. The tweet claimed two rockets had struck the facility and included the hashtag #WARNING, potentially alarming the 252,000 followers of the account and residents of Southern District communities located 13 kilometers from the site. The Syrian Electronic Army (SEA) claimed responsibility for the compromise, demonstrating access to the IDF's Hootsuite dashboard through a published screenshot. This dashboard served as the management interface for scheduling tweets, direct messaging, and monitoring account activity. A second unauthorized tweet was issued from the account stating "Always via @Official_SEA16 Long live #Palestine" before the IDF regained control. The incident caused brief public panic until the IDF confirmed the tweets were fraudulent.

The IDF removed both fraudulent tweets and issued an apology via Twitter, stating their account had been compromised and vowing to "combat terror on all fronts including the cyber dimension." This breach occurred less than a week after the SEA defaced the IDF's official blog, replacing its content with an Arabic-language message while displaying a "under maintenance" notice. While the specific intrusion method for either attack remained unconfirmed, the SEA had established notoriety for credential theft via phishing campaigns, as evidenced in contemporaneous breaches of media platforms Taboola and Outbrain. The group publicly characterized itself as Syrian activists countering perceived media misinformation campaigns. Prior SEA operations included compromises of major international media organizations such as the Financial Times, BBC, CNN, and The Onion. The IDF incident highlighted operational security vulnerabilities in military social media accounts during heightened regional tensions.