IDF team to pose as Hezbollah ‘honeypots’ during Northern drill

The point of the exercise is to raise security awareness among army officers.

By ANNA AHRONHEIM
Updated: SEPTEMBER 7, 2017 12:44
Israeli soldiers rest during a training session in Ben Shemen forest, near the city of Modi'in May 23, 2016. (photo credit: REUTERS)
Israeli soldiers rest during a training session in Ben Shemen forest, near the city of Modi'in May 23, 2016.
(photo credit: REUTERS)
While the IDF holds its largest exercise in nearly 20 years, its Information Security Department will be simulating Hezbollah terrorists trying to compromise soldiers online during wartime.
Dubbed “Social Network Vaccine,” the operation’s purpose is to raise the security awareness among IDF officers, especially during operational activities and wartime.
“In recent years we have witnessed an increase in enemy activity on social networks,” a senior intelligence officer familiar with the campaign said. The officer explained the effort is similar to the sophisticated Hamas virtual “honeypot” operation the army revealed in January.
Information Security Unit members started in August targeting 350 soldiers and commanders online, attempting to lure them into accepting friend requests on social networks and downloading applications that compromised their cellular phones.
Unit members interacted with their targets before sending them links to download files to their computer or cellphones. If a soldier clicked on the link, he or she would be redirected to an IDF information security page that warned soldiers not to click on unfamiliar links “which could serve the enemy in taking control” of their devices.
According to the senior officer, the goal of the operation was to “burn the severity of the threat into the victim’s consciousness.”
Most of those who were targeted informed their commanders and military intelligence of the suspicious contact. Of the 350 soldiers targeted during Social Network Vaccine, only 6% accepted friend requests. Of those, only 3% clicked on the links to download the files.
Following Operation Combat Hunter, which identified dozens of Hamas accounts, the IDF began a campaign to raise awareness of soldiers – especially in combat – to the risk of social networks. Soldiers were instructed to adopt stricter guidelines in order to thwart enemy groups, including Hamas and Hezbollah, from gaining access to classified information through them.
As part of the guidelines, soldiers were told to only confirm friend requests from people they know personally and not to download any file from strangers. But according to the senior officer, the majority of soldiers who accepted the friend requests and clicked on the links during the operation were combat soldiers.
Steps the military took to combat virtual threats included broadening restrictions on the use of social media by enlisted soldiers. For example, soldiers with the rank of major and above will now be prohibited from uploading any pictures showing themselves in uniform or publishing that they are part of the IDF.
The senior officer stated that soldiers have since posted less pictures of themselves in uniform.
“In general, IDF soldiers are aware of information security threats,” he said, but the few who clicked the links “shows that there is still work to be done as there is still the potential to leak information from social networks to enemy elements.”
In January, the IDF revealed a sophisticated Hamas operation which used false or stolen identities.
Operatives would reach out to soldiers online, sometimes in romantic ways, asking them to accept friend requests on Facebook and then to download applications which led them to compromise their cellphones.
Once on the phone, the virus would give Hamas operatives access to all pictures, the soldier’s location, text messages – including the history of sent messages – and contacts. The virus also gave access the phone’s camera and microphone, taking pictures and recording conversations without the soldier’s knowledge. It also had the ability to download hidden applications so if the application with the virus would be deleted, the phone would remain compromised.
While the threat posed by that plot was minimal and considered to be foiled, a similar campaign three years earlier targeted Syrian rebels, stealing not only personal information but intelligence and battlefield plans against President Bashar Assad’s troops.
According to a 2015 report by cybersecurity firm FireEye, group members posed as Muslim women on social networks such as Facebook and Skype. Operatives would send a file claiming it is a picture of “her,” when in reality the file would compromise the victim’s device once it was opened.
While the report said it was unclear if the hackers were Hezbollah members, it did say they stole details on military hardware and the position of rebel fighters, hundreds of documents and thousands of logged Skype chat sessions, which included detailed discussions of plans and logistics of the Syrian opposition’s attacks on Assad’s forces.