The Israel Defense Forces uncovered a plot in which Hamas members posed as attractive women on social media in order to trick soldiers into revealing sensitive military information, a senior intelligence official said Wednesday.
The Military Intelligence officer would not reveal the exact number of soldiers affected by these attacks, which took place over the last few months, but said it was “many dozens.”
“There is, of course, a potential of serious harm to national security, but the damage that was actually done was minor,” the official said.
The Hamas hackers also posed as army veterans in some of the attacks.
At this point, the official said, the plot is considered foiled, and no additional soldiers have been hacked.
‘Anyone who was infected, is not infected anymore. If it comes up again, we’ll ‘mow the grass’ again’
“Anyone who was infected, is not infected anymore. If it comes up again, we’ll ‘mow the grass’ again,” he said.
However, the officer noted, “we don’t know everything.”
In a type of attack known as “catfishing,” the Hamas hackers set up fake profiles on social media, mostly on Facebook, using stolen photos of young, attractive girls from Israel and Europe. The profiles had Israeli-sounding names like Amit Cohen, Naama Sheva or Eliana Amar.
With these profiles, the hackers contacted IDF soldiers — nearly all of them male, but also a handful of women — and started chatting with them in high-level Hebrew, using the latest Israeli slang. They would send photos, some of them risque, in order to maintain the connection, the officer said.
At a certain point, they would ask the soldier to use an “app store” known as Apkpk to download software to continue chatting, telling them they couldn’t download WhatsApp or other popular communication apps.
The applications, which had names like YeeCall Pro, SR Chat and Wowo messenger, were in fact “Trojan horse” programs that gave the Hamas hackers control over the soldiers’ cellphones, allowing them to download contacts and files, GPS data, photographs, collect text messages and install additional applications on the device.
With full control of the smartphone, the hackers could take pictures — of offices, the insides of tanks or computer screens — without the soldiers’ knowing, uploading them “to the cloud,” the officer said.
In other cases, the hackers posed as former and current IDF soldiers and tried to join different army units’ Facebook groups.
There are approximately 3,000 Facebook groups set up by IDF soldiers and veterans to stay in touch with their platoons and companies, the official said, and hundreds of them were infiltrated in this fashion.
In addition, Hamas gathered intelligence by following soldiers on social media and collecting the sensitive information they posted publicly.
Despite army regulations forbidding the practice, soldiers regularly post pictures from their bases on social media.
“In this day and age, that’s legitimate, that’s fine. But there are some times when a line is crossed,” the official said.
Using examples from Instagram, the officer showed soldiers who posted the code names for military exercises, included GPS data or had classified equipment in the background of the picture.
According to the officer, Hamas hoped to use the soldiers’ phones, these military Facebook groups and the public social media posts in order to gather “intelligence, information about operations, about exercises, about our preparedness for war.”
The covert Hamas efforts did not appear to be similar to a 2001 case in which Ofir Rahum, a 16-year-old Israeli, was murdered outside Ramallah by members of the Tanzim faction of Fatah, having been lured there by a PLO member who, pretending to be a Jewish girl, had chatted with Rahum on the ICQ messaging application.
Hamas specifically tried to target people who were serving near the Gaza Strip, where the terrorist group is deeply entrenched, the officer said, but the hacked soldiers came from all over the military.
According to the official, “most of the people affected were conscripts; a few were career soldiers. And most were combat soldiers, while a few were noncombat staff soldiers.”
The highest-ranking person hacked was a major, but the vast majority were low-level soldiers, he said.
The army said it became aware of the Hamas plot after receiving reports from female soldiers that someone had set up a Facebook profile with their picture or from soldiers who said they were contacted by “suspicious characters” on the internet.
Once the army uncovered the hacking effort, the information security branch of Military Intelligence, along with the Shin Bet security service and the IDF Teleprocessing Corps, launched “Operation Hunters Battle” to locate and identify the people responsible, the official said.
The army found “dozens of Hamas profiles” on social media and was able to “track their efforts in order to understand what tactics they were using,” he said.
As part of “Operation Hunters Battle,” the IDF also made its social media policies for soldiers more stringent, increased the amount of education on the topic for both conscripts and reservists and opened a call center for soldiers concerned they have been hacked.
“We revealed this plot in order to raise awareness about the issue,” the officer said.
As part of the army’s more strict social media policy, soldiers with top secret clearance, as well as officers from the rank of major, cannot post pictures of themselves in uniform or identify as soldiers on the internet.
“We’re teaching soldiers only to accept as friends people that they know, to download applications only from official stores,” he added.