This weekend, violence between Israel and Gaza escalated to a degree not seen since 2014, with 25 Palestinians and four Israelis killed in the fighting. Decades into the entrenched tensions of the region, the incident overall was tragically unsurprising. But for cybersecurity professionals, one aspect particularly stood out: The Israeli Defense Force claimed that it bombed and partially destroyed one building in Gaza because it was allegedly the base of an active Hamas hacking group.

The assault seems to be the first true example of a physical attack being used as a real-time response to digital aggression—another evolution of so-called "hybrid warfare." That makes it a landmark moment, but one that analysts caution must be viewed in the context of the conflict between Israel and Palestine, rather than as a standalone global harbinger.

Lily Hay Newman is a WIRED staff writer focused on information security, digital privacy, and hacking.

What Happened?

This is a very good question, but one that still lacks clear answers. IDF said in a tweet on Sunday that "We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed." But IDF has not provided any other details about the nature of the alleged cyberattack, and it is unclear from current IDF statements why Israel would choose to retaliate for an assault that it claims to have successfully fended off.

State-backed hacking and physical warfare have been on a slow but steady path toward convergence for about two decades, and both information security and warfare researchers say that it was only a matter of time before a nation launched a kinetic attack against enemy hackers. "When I joined the very first Cyber Command in April 1999, we were talking about that as a serious thing in case it was needed," says Jason Healey, a former staffer in the George W. Bush White House and current cyberconflict researcher at Columbia University. "I wouldn’t say we necessarily had plans for it, but we were thinking it through." The US has reserved the right to retaliate against cyberattacks with military force since 2011.

Has Anything Like This Happened Before?

Basically no, but with some caveats. The role of destructive cyberattacks in all-out warfare has expanded in recent years, particularly driven by Russia-backed hackers who have caused incidents of critical infrastructure sabotage during numerous Russian wars, including in Estonia, Georgia, and, most expansively, in Ukraine.

A more directly related incident is a US airstrike in 2015 to assassinate Islamic state hacker Junaid Hussain. But the action was planned over many months, versus Israel's apparent real-time response. And Hussain was not just targeted for hacking, but for serving as a sort of linchpin in broad ISIS recruiting strategies.

What Are the Implications Here?

There are currently two schools of thought about how to interpret the IDF attack. Some view it as a crucial turning point in the evolution of hybrid warfare, potentially setting a dangerous precedent that offensive hackers are fair game for physical retaliation.

"Hackers are unarmed," says Jake Williams, a former member of the National Security Agency's elite Tailored Access Operations hacking group. "They are not able to defend themselves. Of course in combat combatants that can't defend themselves against the aircraft bombing them are regularly targeted. I think the key difference is that they represent a clear threat to life that the hackers do not. These are back-end support personnel. If ISIS targets our troops on the ground in Iraq, people clearly understand they are in the line of fire. If ISIS targeted troops processing payroll in Fort Gordon, that's a less legitimate target, even though those troops are combatants."

Williams notes that hackers do potentially have the capability to inflict real-world harm through critical infrastructure hacking. But he cautions that just because hackers have established access in a system or even appear to be setting up such an attack, that doesn't mean they will actually execute it. And they may just be placing that access for reconnaissance and intelligence-gathering.