The Israeli military uncovered a new effort by the Hamas terror group to trick soldiers into downloading spyware applications onto their phones by befriending them on Instagram with accounts purporting to belong to attractive women, the army said Wednesday.
The Israel Defense Forces’ information security branch revealed a similar attempt last month by the Gaza-based Hamas that used the Facebook social media site to lure soldiers into installing software onto their phones that would allow the terror group to remotely control it, turning on the device’s cameras and audio recorders.
“We can say definitively that Hamas failed in its mission and did not succeed in getting classified information leaked,” said the officer in charge of policy for Military Intelligence’s information security branch, in an interview with the IDF’s website.
Last week, a civilian cybersecurity firm also found an attempt by Hamas to hack Israeli civilians’ phones using an app called IsraelAlert, a fake version of the “Code Red” app, which is used to warn people of impending rocket attacks.
According to ClearSky Cyber Security, IsraelAlert would have also given Hamas control over the user’s phone, allowing the terror group to take pictures, make calls or transmit location data.
However, the firm said that it appeared the malicious app had been discovered at an early stage and had not infected many phones.
Operation Broken Heart
The military credited a new campaign, dubbed “Operation Broken Heart,” with foiling Hamas’s new Instagram-based plot. The program consists of a series of informational posters displayed on army bases throughout the country, as well as active efforts to root out attempts by Hamas and other groups to gain access to sensitive military information.
“Hamas tried, unsuccessfully, by preserving the connections [with soldiers] it had made in the past or starting new ones with fake identities we hadn’t uncovered yet. Thanks to the heightened awareness that we developed, these efforts were also exposed by soldiers, and that way we thwarted additional false identities,” said the officer, Lt. Col. “Aleph,” who could only be identified by his rank and the first Hebrew letter of his name for security reasons.
After discovering the fact that the terror group was attempting to use fake online identities to contact soldiers, the military then worked to find and expose those profiles.
According to Aleph, part of the challenge in his unit’s fight against attempts by Hamas to trick soldiers into befriending them is the strong desire by Instagram users to gain more followers, which can lead them to abandon common sense.
“This is a network that has a sharing culture that is getting more intense, all around pictures and sharing and ‘look at me,'” he said.
“The popularity and the need for followers increases the risk, and therefore we need to follow the rules — not allowing people we don’t know to follow us, being wary of links sent to your private mailbox,” he said.
In January 2017, the IDF revealed that it had discovered some of the first efforts by Hamas to “catfish” soldiers — to pretend to be attractive women in order to get soldiers to reveal classified information and download spyware software, in a project known as “Operation Hunters’ Battle.”
According to the military, the terror group had adopted new, more sophisticated tactics in the intervening year and a half.
For instance, the custom-built spyware software was uploaded to the Google Store, to make it seem legitimate, whereas in the past it was only available as a downloadable link, which would be more likely to raise suspicions.
Once one of the apps was on the recipient’s phone, the phone could be taken over to covertly take and send photographs, eavesdrop on conversations, copy stored files and pictures, and transmit location details — all of which would greatly contribute to an enemy’s knowledge of IDF operations.
In most cases, the IDF said, soldiers did not download the apps and they often informed their superiors of their suspicions.
Google has since deleted the apps that are known to have contained spyware from its store.
Though the military had long warned soldiers that their social media accounts could be exploited by terror groups and enemy states, last year’s discovery spurred the IDF’s information security branch to step up its efforts and to specifically alert troops to the dangers of downloading strange applications to their phones.
“I want to make it clear to soldiers that even if Hamas adds more applications and tries different platforms, the moment that they recognize there is a problem, they won’t be affected by it,” Aleph said.
“Soldiers need to ask themselves a number of questions: Why did they contact me? Why is someone who appears to have romantic or friendly feelings toward me asking me questions about the military or if I want to download an app? And most of all, why should I give permission to a stranger who asked me to install something?” he added.
In the Facebook-based plot uncovered last month, some 100 soldiers were duped into doing downloading spyware via a World Cup app and two online dating sites, the IDF said at the time, though then too the army insisted no damage had been done to Israeli security.
“No damage was done, as we stopped it in time,” an officer involved in Operation Broken Heart said.
Attackers used stolen identities to create convincing fake Facebook profiles of young Israelis, written in fluent Hebrew studded with current slang. They then initiated flirtatious exchanges with their targets from Israeli mobile numbers — the military said those operating the accounts were not necessarily based in Gaza — before encouraging them to download the apps.
“What Hamas is bringing to the table is a very good knowledge of our young people and their state of mind,” another IDF officer said.
Asked how he could be sure Hamas was behind the online offensive, he declined to say but insisted there was no doubt.