IDF stops Hamas 'honeypots' from trapping soldiers

As part of "Operation Rebound," the IDF has foiled the third such Hamas network foiled in three years.

Photo of a Hamas honeypot photo, identified as Noa D. (photo credit: IDF SPOKESPERSON'S UNIT)
Photo of a Hamas honeypot photo, identified as Noa D.
(photo credit: IDF SPOKESPERSON'S UNIT)
The IDF has foiled a third Hamas network posing as attractive young women on social networks that lures in IDF soldiers in order to access as much information and intelligence on the army as it can.
The phones of hundreds of soldiers, including combat soldiers, were compromised in the third such Hamas honeypot operation foiled by the Israeli military and the Shin Bet (Israel Security Service) since 2017.
According to the military, there have been a number of improvements by Hamas, including the use of new platforms like Telegram alongside Instagram, Facebook and WhatsApp.
Hamas, the military said, improved its ability to start a dialogue with soldiers, using hashtags and slang. The group also started sending voice messages in an attempt to make the enemy account sound more believable.
The IDF identified six main characters used by Hamas, many of whom presented themselves as new immigrants to Israel with hearing or vision problems to explain for their less-than fluent Hebrew.
The characters were: Sara Orlova, Maria Jacobova, Eden Ben Ezra, Noa Danon, Yael Azoulay and Rebecca Abuksis. In addition to using the same characters on various platforms to boost its credibility, Hamas is said to have edited the pictures of the characters, making it more difficult to find the original source of the picture.

An example of a Hamas honeypot profile (Credit: IDF Spokesperson's Unit)An example of a Hamas honeypot profile (Credit: IDF Spokesperson's Unit)

The new applications used by Hamas included three social networking applications: GrixyApp, ZatuApp and Catch&See. According to the military, unlike the previous honeypot attempts by Hamas, these applications were not accessible through app stores, but could only be downloaded from links sent to soldiers by the Hamas operative.
Prior to being downloaded, the application would ask for permission to several applications on the user’s phone, including those used by other applications for legitimate reasons like access to location, camera, microphone, etc.
Immediately after downloading the application, it appeared as an icon, but once clicked on it would open with an error message that the device doesn’t support the version of the application and would then seem to delete itself from the user’s phone.
But while the application seemed to have disappeared from the phone, the virus remained and gave direct access to Hamas, which would be able to take control of the device.
Once on the phone, the virus would give Hamas operatives control over all aspects of the phone, including pictures, the soldier’s location, text messages and the soldier’s contact list. The virus would also have access to the phone’s camera and microphone, taking pictures and recording conversations remotely without the soldier knowing.
Unlike in previous attempts by Hamas, the group also was able to download and transfer files and have access to the phone’s GPS, allowing them to know the infected device’s location. At that point, the Hamas operatives would stop communicating with the soldiers.
While the military knew about Hamas’s operation for the past several months, it was decided to let them continue, to enable the IDF to have more effective technological means to stop the terror group.
The head of the IDF’s operational security department, Col. “R,” said the military was not surprised that Hamas has kept trying to lure Israeli soldiers, and expects that it would not be the last time that such cyber plots would be attempted by the terror group.
The IDF said there was no damage to national security and that the soldiers who have had their phones hacked – mainly conscripted soldiers and low-ranking officers – would be called in to have the virus disabled on their phones.
The army has reiterated to soldiers to follow its cautious guidelines for the use of social networks: only confirming friendship requests from people one knows personally; to not upload any classified information to any social network; and to only download applications from the original App Store (rather than downloading applications from links).
The military has also recommended that if a soldier is approached by a stranger online, to be aware that it might be an attempt to lure them, especially if the suspicious individual is unable to meet in person.
The IDF has urged all soldiers to report to their commander and security officials if the suspicious individual asks them to download applications and if they feel that their phone may have been compromised.