The Israeli military said it had foiled a Hamas-attributed cyber attack on Sunday that lured soldiers into social media with profiles of young women in an effort to gain access to military intelligence.
The phones of hundreds of Israeli soldiers, some of whom are deployed on active fronts, were compromised in the third such operation by the Palestinian Islamist movement since 2017, says the IDF. According to the IDF, Hamas has perfected its "honey pot" technique, in particular by using new platforms like Telegram alongside the more classic Instagram, Facebook and WhatsApp. Another progress, specify the Israeli soldiers, a better capacity to engage in the dialogue with the soldiers by using hashtags and slang, but also with voice messages always in order to reinforce the credibility of the false accounts.
»READ ALSO: The Israeli army, at the heart of the research and innovation ecosystem
Characters created from scratch
The "Israel Defense Army" has identified six profiles used by Hamas, at first sight belonging to young women who present themselves as new immigrants to Israel and who have hearing or vision problems. A technique allowing them to justify the approximate Hebrew spoken by hackers. Among the fake accounts, we can find “Noa Danon” or “Yael Azoulay” , characters created from scratch, in particular using profiles on several platforms to strengthen their credibility as well as edited photos making the search for much more difficult original source.
The technique attributed to Hamas is based on three messaging and photo exchange applications: GrixyApp, ZatuApp and Catch & See. According to the Israeli army, unlike previous attempts at Hamas "honey pots", these applications are not accessible via application stores and can only be downloaded from links sent to soldiers by a movement agent Palestinian.
Direct access
Before being downloaded, the application requests authorization to access the user's phone, as is often the case (access to location, camera, microphone, etc.) Immediately after downloading , an icon appears which, when clicked, opens with an error message indicating that the device does not support the current version of the application and then appears to be deleted from the user's phone. It is an illusion: the virus has indeed remained and gives direct access to the hacker, who can take control of the device. Army spokesman Jonathan Conricus said, however, that there had been "no significant loss of information".
The IDF admitted it had been aware of Hamas operations for several months, but decided to let them continue, so that it could have more effective technological means to stop the terrorist group. The IDF said national security was not threatened and that soldiers whose phones had been hacked - mainly reservists and junior officers - would be called to have the virus deactivated on their phones.
The Israeli command reiterated its warnings to the soldiers on the use of social networks: to confirm only the friendship requests of people whom we know personally, to not put online any classified information on a social network and to only download apps from the original App Store (rather than downloading apps from links).