The Hamas terror group again attempted to spy on the Israeli military by taking control of hundreds of soldiers’ cellphones over the past few months, using spyware they’d convinced the service-members to download by posing as young Israeli women on social media, the Israel Defense Forces said Sunday.
The military said it thwarted this cyber attack in a joint effort with the Shin Bet security service, dubbed Operation Rebound, over the weekend, taking down the servers Hamas used in its effort.
The IDF said it did not believe Hamas had obtained any significant intelligence in its operation, but would soon know more precisely as it would be checking the phones of all the troops involved. The IDF refused to say precisely how many soldiers were affected, but said it was in the “low hundreds” and that only the phones of conscripted soldiers and low-ranking officers were infected with Hamas’s spyware.
This was at least the third attempt by Hamas in recent years to “catfish” Israeli soldiers — pretending to be someone else on the internet in order to defraud the victim — in order to install software on their phones that the terror group could use to gather intelligence on the IDF.
The head of the IDF’s operational security department — who can only be identified by her rank and first Hebrew letter of her name, Col. “Resh” — said the military expected this would not be the last time that Hamas tries this type of cyber operation, as there are several members of the terror organization specifically tasked with such efforts, though she refused to identify them by name.
Similar efforts were uncovered and blocked by the military in January 2017 and July 2018. Hamas’s cyber operations department in Gaza City was bombed by the IDF in May 2019 during a two-day battle with the terror group in the Strip.
Resh said in this case Hamas used more sophisticated methods and technologies in its catfishing effort.
She said this latest effort by Hamas took place several months ago and that the military quickly became aware of it, but allowed it to continue in order to better track the network that was being used.
The terror group’s operatives posed as new female immigrants with hearing or vision problems in order to both preemptively explain away any grammatical or linguistic errors and to prevent the soldiers from asking to speak by phone or video calls, Resh said.
The Hamas operatives also created profiles for the fictitious women with names including Rebeca [sic] Abuksis, Eden Ben Ezra, Sarah Orlova, Noa Danon and others, across multiple social media platforms — Facebook, Instagram, WhatsApp and Telegram — in order to make them appear more realistic.
Once a connection was made, the fictitious, flirtatious women, using the latest Israeli slang, would offer to send nude photographs of themselves, but only if the soldier downloaded one of three applications — Catch and See, ZatuApp or Grixy App — which they would say were similar to the popular application SnapChat, but were in fact spyware.
“Once the application was downloaded onto the phone, they’d get a fictitious notification that the application wasn’t supported by the phone and it would disappear. But the phone would be infected,” Resh said.
Once infected, the phone would be connected directly to Hamas’s servers and the terror group could activate its camera to take pictures, download files from the device and see the soldiers’ contacts and GPS data.
At that point, the Hamas operatives would stop communicating with the soldiers.
Resh said the IDF used a new method to take down Hamas’s servers and thwart the catfishing effort, but refused to elaborate on it.
She said new warnings were being sent out to soldiers, telling them not to talk to people they don’t know on social media, to avoid sharing classified information and to immediately alert an operational security officer or their commander if their phones begin behaving strangely.
The IDF said the photographs used by Hamas had been edited and altered in order to make it difficult to find their original source. The military said it did not know to whom the photographs used by Hamas actually belonged. As a result, the IDF said it did not contact these women before using their images in its media campaign about the Hamas cyber operation.