Israel warns soldiers of fake friends on social media

PAULA SLIER

Israeli soldiers were again this week warned to be careful when using social networking sites. This came after Hamas operatives were found to be posing as Israeli soldiers on the WhatsApp messaging service. They texted messages to soldiers stationed along the Gaza border, asking them confidential questions about troop movements, and brigade exercises.

The IDF says it’s “aware of the enemy’s activity, and is following its efforts on social media”. It has launched an investigation.

According to experts, the good news is that Hamas’ current cyber capabilities don’t constitute a major threat to Israeli security. The bad news is that this can change overnight.

In the past, Hamas has used online dating platforms to pose as attractive women in an attempt to “honeypot” male soldiers. The photos and personal details they use are stolen from real Facebook profiles. In some they are scantily clad, and in others, there are women kissing each other. Accompanied by a convincing fake Facebook profile and written in fluent Hebrew, they initiate flirtatious exchanges with Israeli soldiers, mostly stationed along the Gaza border, before encouraging them to download online messaging applications.

Already as far back as two years ago, the IDF uncovered dozens of accounts on Facebook and other social networks that were being operated with false identities. Once a connection was made with a soldier or officer, he was asked to download a specific application to take part in a video chat. It seemed innocent enough, but the application in question would, without the solider knowing, infect his phone. Hamas operatives then had access to the soldier’s photos, location, text messages, and contacts. Unbelievably, they could also use the phone’s camera and microphone, and secretly record the soldier’s conversations.

Though some targets’ phones were infected with the virus before it was uncovered, the official word from the IDF is that the attack was foiled, and its impact was minimal.

In a separate case, the IDF uncovered a cell behind suspicious online actions in which soldiers were contacted from an Israeli number, and instead of being encouraged to download a virus through an illegitimate source, they were asked to download an application from Google’s official store. It then worked much the same as previous efforts, compromising the soldier’s phone. Google has since deleted the apps from its store.

Sometimes soldiers became suspicious because of poor Hebrew spelling and grammatical errors. But Hamas operatives covered their mistakes by writing in their online profiles that they were new immigrants.

Attempts by Hamas to infiltrate cyberspace to gather intelligence on the Israeli army is nothing new. Over the past decade, it has been investing significant resources to create and upgrade its online capabilities.

During Operation Cast Lead in Gaza in 2012, the group took responsibility for an attack on Israeli sites, including the Homefront Command site and the IDF spokesperson’s site. Hamas declared at the time that the cyber-attacks were an integral part of its war against Israel.

Israeli civilians have also been targeted.

In the most recent round of fighting, Hamas sent fake WhatsApp messages to ordinary Israelis warning them not to answer calls from specific numbers, and claiming that doing so would allow Hamas to track them and fire a missile directly at their location. The fake messages were designed to spread panic among Israelis.

Previously the group used an app that mimicked the much-accessed and relied upon “red alert” app that provides real-time alerts every time a rocket is fired at Israel. Israelis rely on this app to give them accurate information about when to rush to a bomb shelter. In this instance, Hamas apparently timed its cyber-attack with the launch of hundreds of rockets against Israel. The compromised app then took control of the target’s phone.

Alongside the 2018 FIFA World Cup, Hamas went so far as to open a Facebook group inviting soccer fans to join and receive updates, watch live broadcasts, and bet on games. Those who did so and clicked on the accompanying links exposed themselves to cyber penetration, and the takeover of their computers.

Foreign journalists working in Israel have also been on the receiving end of threatening SMS messages. I was one such journalist, and was immediately advised by the Foreign Press Association in the country to ignore the texts.

Israel has responded to the movement’s increased hacking proficiency with force. In May this year, it struck a building in Gaza that the army claimed was the workplace of Hamas cyber operatives. The assault is the first known attack on a physical target in response to a cyber-attack. Israeli army spokesperson, Brigadier General Ronen Manlis, claimed at the time that “after dealing with the cyber dimension, the [Israeli] Air Force dealt with it [Hamas] in the physical dimension”, saying that “at this point in time, Hamas has no cyber operational capabilities”.

The official word today is that the group’s technological capabilities have not developed to a level that can cause serious damage to Israel, and it’s doubtful that they will constitute a genuine threat to the country’s security in coming years. Hamas’ cyber activity – at least at the moment – is primarily focused on gathering information and intelligence for the purposes of spying. Experts insist that Hamas’ cyber ability does not exceed that of unsophisticated hackers, and is a long way off from Israel’s cyber offensive and defensive capabilities, and those of other players in the global cyber domain.

The IDF has now once again warned all its soldiers – including reservists – to be aware that if they are approached by a stranger online, it might be an attempt to “honeypot” them, especially if the suspicious individual is unable to meet in person.

It’s advice that all of us can heed.