Hamas Turns To Instagram To Lure IDF Soldiers

The Israeli military uncovered a new effort by the Hamas terror group to trick soldiers into downloading spyware applications onto their phones by befriending them on Instagram with accounts purporting to belong to attractive women, the army said recently.

The Israel Defense Forces’, IDFs, information security branch revealed a similar attempt in July 2018 by the Gaza-based Hamas that used the Facebook social media site to lure soldiers into installing software onto their phones that would allow the terror group to remotely control it, turning on the device’s cameras and audio recorders.

“We can say definitively that Hamas failed in its mission and did not succeed in getting classified information leaked,” said the officer in charge of policy for Military Intelligence’s information security branch, in an interview with the IDF’s website.

Recently, a civilian cybersecurity firm also found an attempt by Hamas to hack Israeli civilian phones using an app called IsraelAlert, a fake version of the “Code Red” app, which is used to warn people of impending rocket attacks.

According to ClearSky Cyber Security, IsraelAlert would have also given Hamas control over the user’s phone, allowing the terror group to take pictures, make calls or transmit location data.

However, the firm said that it appeared the malicious app had been discovered at an early stage and had not infected many phones.
Operation Broken Heart

The military credited a new campaign, dubbed “Operation Broken Heart,” with foiling Hamas’s new Instagram-based plot. The program consists of a series of informational posters displayed on army bases throughout the country, as well as active efforts to root out attempts by Hamas and other groups to gain access to sensitive military information.

“Hamas tried, unsuccessfully, by preserving the connections [with soldiers] it had made in the past or starting new ones with fake identities we hadn’t uncovered yet. 

“Thanks to the heightened awareness that we developed, these efforts were also exposed by soldiers, and that way we thwarted additional false identities,” said the officer, Lt. Col. “Aleph,” who could only be identified by his rank and the first Hebrew letter of his name for security reasons.

After discovering the fact that the terror group was attempting to use fake online identities to contact soldiers, the military then worked to find and expose those profiles.

According to Aleph, part of the challenge in his unit’s fight against attempts by Hamas to trick soldiers into befriending them is the strong desire by Instagram users to gain more followers, which can lead them to abandon common sense.

“This is a network that has a sharing culture that is getting more intense, all around pictures and sharing and ‘look at me,'” he said.

“The popularity and the need for followers increases the risk, and therefore we need to follow the rules, not allowing people we don’t know to follow us, being wary of links sent to your private mailbox,” he said.

In January 2017, the IDF revealed that it had discovered some of the first efforts by Hamas to “catfish” soldiers, to pretend to be attractive women in order to get soldiers to reveal classified information and download spyware software, in a project known as “Operation Hunters’ Battle.”

According to the military, the terror group had adopted new, more sophisticated tactics in the intervening year and a half.

For instance, the custom-built spyware software was uploaded to the Google Store, to make it seem legitimate, whereas in the past it was only available as a downloadable link, which would be more likely to raise suspicions.

Once one of the apps was on the recipient’s phone, the phone could be taken over to covertly take and send photographs, eavesdrop on conversations, copy stored files and pictures, and transmit location details, all of which would greatly contribute to an enemy’s knowledge of IDF operations.

In most cases, the IDF said, soldiers did not download the apps and they often informed their superiors of their suspicions.

Google has since deleted the apps that are known to have contained spyware from its store.

Though the military had long warned soldiers that their social media accounts could be exploited by terror groups and enemy states, last year’s discovery spurred the IDF’s information security branch to step up its efforts and to specifically alert troops to the dangers of downloading strange applications to their phones.

“I want to make it clear to soldiers that even if Hamas adds more applications and tries different platforms, the moment that they recognize there is a problem, they won’t be affected by it,” Aleph said.

“Soldiers need to ask themselves a number of questions: Why did they contact me? Why is someone who appears to have romantic or friendly feelings toward me asking me questions about the military or if I want to download an app? And most of all, why should I give permission to a stranger who asked me to install something?” he added.

In the Facebook-based plot uncovered last month, some 100 soldiers were duped into doing downloading spyware via a World Cup app and two online dating sites, the IDF said at the time, though then too the army insisted no damage had been done to Israeli security.

“No damage was done, as we stopped it in time,” an officer involved in Operation Broken Heart said.

Attackers used stolen identities to create convincing fake Facebook profiles of young Israelis, written in fluent Hebrew studded with current slang. They then initiated flirtatious exchanges with their targets from Israeli mobile numbers, the military said those operating the accounts were not necessarily based in Gaza, before encouraging them to download the apps.

“What Hamas is bringing to the table is a very good knowledge of our young people and their state of mind,” another IDF officer said.

Asked how he could be sure Hamas was behind the online offensive, he declined to say but insisted there was no doubt.

Times of Israel:

You Might Also Read:

Hamas Upgrades Cyber Espionage Capability

« Trump Relaxes US Cyber Attack Rules
Blockchain, Chatbots, AI Could Reinvent Corporate Finance »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.

Consortium

Consortium

Consortium goes beyond products and promises by working with enterprises to identify, acquire, and deploy cybersecurity solutions that matter.