Hamas Turns To Instagram To Lure IDF Soldiers

The Israeli military uncovered a new effort by the Hamas terror group to trick soldiers into downloading spyware applications onto their phones by befriending them on Instagram with accounts purporting to belong to attractive women, the army said recently.

The Israel Defense Forces’, IDFs, information security branch revealed a similar attempt in July 2018 by the Gaza-based Hamas that used the Facebook social media site to lure soldiers into installing software onto their phones that would allow the terror group to remotely control it, turning on the device’s cameras and audio recorders.

“We can say definitively that Hamas failed in its mission and did not succeed in getting classified information leaked,” said the officer in charge of policy for Military Intelligence’s information security branch, in an interview with the IDF’s website.

Recently, a civilian cybersecurity firm also found an attempt by Hamas to hack Israeli civilian phones using an app called IsraelAlert, a fake version of the “Code Red” app, which is used to warn people of impending rocket attacks.

According to ClearSky Cyber Security, IsraelAlert would have also given Hamas control over the user’s phone, allowing the terror group to take pictures, make calls or transmit location data.

However, the firm said that it appeared the malicious app had been discovered at an early stage and had not infected many phones.
Operation Broken Heart

The military credited a new campaign, dubbed “Operation Broken Heart,” with foiling Hamas’s new Instagram-based plot. The program consists of a series of informational posters displayed on army bases throughout the country, as well as active efforts to root out attempts by Hamas and other groups to gain access to sensitive military information.

“Hamas tried, unsuccessfully, by preserving the connections [with soldiers] it had made in the past or starting new ones with fake identities we hadn’t uncovered yet. 

“Thanks to the heightened awareness that we developed, these efforts were also exposed by soldiers, and that way we thwarted additional false identities,” said the officer, Lt. Col. “Aleph,” who could only be identified by his rank and the first Hebrew letter of his name for security reasons.

After discovering the fact that the terror group was attempting to use fake online identities to contact soldiers, the military then worked to find and expose those profiles.

According to Aleph, part of the challenge in his unit’s fight against attempts by Hamas to trick soldiers into befriending them is the strong desire by Instagram users to gain more followers, which can lead them to abandon common sense.

“This is a network that has a sharing culture that is getting more intense, all around pictures and sharing and ‘look at me,'” he said.

“The popularity and the need for followers increases the risk, and therefore we need to follow the rules, not allowing people we don’t know to follow us, being wary of links sent to your private mailbox,” he said.

In January 2017, the IDF revealed that it had discovered some of the first efforts by Hamas to “catfish” soldiers, to pretend to be attractive women in order to get soldiers to reveal classified information and download spyware software, in a project known as “Operation Hunters’ Battle.”

According to the military, the terror group had adopted new, more sophisticated tactics in the intervening year and a half.

For instance, the custom-built spyware software was uploaded to the Google Store, to make it seem legitimate, whereas in the past it was only available as a downloadable link, which would be more likely to raise suspicions.

Once one of the apps was on the recipient’s phone, the phone could be taken over to covertly take and send photographs, eavesdrop on conversations, copy stored files and pictures, and transmit location details, all of which would greatly contribute to an enemy’s knowledge of IDF operations.

In most cases, the IDF said, soldiers did not download the apps and they often informed their superiors of their suspicions.

Google has since deleted the apps that are known to have contained spyware from its store.

Though the military had long warned soldiers that their social media accounts could be exploited by terror groups and enemy states, last year’s discovery spurred the IDF’s information security branch to step up its efforts and to specifically alert troops to the dangers of downloading strange applications to their phones.

“I want to make it clear to soldiers that even if Hamas adds more applications and tries different platforms, the moment that they recognize there is a problem, they won’t be affected by it,” Aleph said.

“Soldiers need to ask themselves a number of questions: Why did they contact me? Why is someone who appears to have romantic or friendly feelings toward me asking me questions about the military or if I want to download an app? And most of all, why should I give permission to a stranger who asked me to install something?” he added.

In the Facebook-based plot uncovered last month, some 100 soldiers were duped into doing downloading spyware via a World Cup app and two online dating sites, the IDF said at the time, though then too the army insisted no damage had been done to Israeli security.

“No damage was done, as we stopped it in time,” an officer involved in Operation Broken Heart said.

Attackers used stolen identities to create convincing fake Facebook profiles of young Israelis, written in fluent Hebrew studded with current slang. They then initiated flirtatious exchanges with their targets from Israeli mobile numbers, the military said those operating the accounts were not necessarily based in Gaza, before encouraging them to download the apps.

“What Hamas is bringing to the table is a very good knowledge of our young people and their state of mind,” another IDF officer said.

Asked how he could be sure Hamas was behind the online offensive, he declined to say but insisted there was no doubt.

Times of Israel:

You Might Also Read:

Hamas Upgrades Cyber Espionage Capability

« Trump Relaxes US Cyber Attack Rules
Blockchain, Chatbots, AI Could Reinvent Corporate Finance »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

e-Lock

e-Lock

e-Lock services include IT security consulting and training, security systems integration, managed security and technical support.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

SynSaber

SynSaber

SynSaber is a data collection, detection, and visibility solution that forms the foundation of industrial cybersecurity.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Acronis

Acronis

At Acronis, we protect the data, applications, systems and productivity of every organization – safeguarding them against cyberattacks, hardware failures, natural disasters and human errors.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

Redcoat AI

Redcoat AI

Redcoat AI provide a comprehensive security platform that continuously evolves with the threats and opportunities presented by AI.