Hamas using virtual 'honeypots' to lure IDF soldiers into hack

Dozens of IDF soldiers compromised after downloading applications from unknown links.

Hamas honeypots in cellphone scheme  (photo credit: IDF)
Hamas honeypots in cellphone scheme
(photo credit: IDF)
The IDF has uncovered a Hamas network that posted seductive comeons on social networks to lure IDF soldiers online and steal information.
Following reports by several soldiers of suspicious online activities, a joint IDF and Shin Bet (Israel Security Agency) operation was conducted in order to identify accounts run by Hamas operatives.
Hamas's cyber tactics exposed
Lasting several months, “Operation Hunter’s Network” identified dozens of accounts on social networks, such as Facebook, which operated with false or stolen identities with the intent to extract classified information from both regular and reservist soldiers.
According to senior Military Intelligence officials, these enemy accounts would reach out to IDF soldiers online, sometimes in romantic ways, and ask them to download applications that would infect them with Trojan horse viruses.
The applications used by Hamas included Wowo Messenger, SR Chat, and YeeCall Pro.
Once the virus was inserted on the phone, it would give Hamas operatives access to all photos, the soldier’s location, text messages and contacts. It would also have access to the phone’s camera and microphone, enabling it to take pictures and record conversations without the soldier knowing. It also had the ability to download hidden applications, such that if the application with the virus were deleted, the phone would remain compromised.
Suspicions were raised after the virtual seducers broke off contact with their soldier correspondents, who raised the alarm with their commanders.
“Wherever the phone was, so was the enemy,” a senior IDF official said, adding that, while male soldiers were the main target, some female soldiers were also targeted. Overall, some “dozens” of soldiers, including a major, were compromised, but the threat posed by plot was considered minimal and the plot foiled.
“There is, of course, a potential of serious harm to national security, but the damage that was actually done was minor,” he said, adding that “anyone who was infected is not infected anymore.”
According to the senior officer, none of the soldiers who were affected by the virus has been arrested, because “they fell into a trap.” All the compromised phones were re-formatted in order to prevent any further hacking.
Operation Combat Hunter was then launched to raise public awareness of the risk of social networks and to adopt stricter guidelines in order to thwart any new plans by Hamas to hack into the IDF.
Among the steps the military has taken is broadening restrictions on the use of social media by soldiers.
For example, soldiers with the rank of major and above will be prohibited from uploading any pictures showing themselves in uniform or publishing that they serve in the IDF.
Currently this restriction applies only to the rank of lieutenant-colonel or above.
The IDF will also train soldiers to appreciate the sensitivity and threat posed by posts or pictures uploaded to social networks and will also create a body that will operate 24/7 to investigate all reports of suspicious online activity.
According to the IDF, there are more than 3,000 Facebook groups related to the IDF, including dozens of closed groups (where soldiers sometimes talk openly about operational issues) that were infiltrated by Hamas after they gained the trust of the administrators. They have since been alerted to the threat and warned to add only people known to their groups.
Military Intelligence also released new, more cautious, guidelines for the use of social networks by soldiers: confirming friendship requests only from people one knows personally, to not upload any classified information, and to download applications only from the original App Store.
The IDF urges all soldiers, including reservists, to adhere to the new guidelines and to report to their commanders if they feel that their phone may have been compromised.