Geopolitical and sectarian strife across the Middle East region has become an incubator for innovative, sophisticated, and damaging cyber attacks and information campaigns by all sides. Obviously, state actors are highly active and skilled in these kinds of operations, but increasingly so too are non-state actors, such as terrorist organisations.
One example of this increasing sophistication is reported by both The New York Times and The Washington Post who reveal that young soldiers from the Israeli Defence Force (IDF) have fallen victim to an elaborate and sophisticated information operation thought to be conducted by Hamas that utilises Facebook and a fake messaging app for the purposes of espionage.
Senior IDF officers revealed the operation to the press on 10 January 2017 in a news conference, where they provided details of the remarkably effective and sophisticated operation that has been attributed to Hamas, the militant Islamist Palestinian group that governs the Gaza Strip.
According to these IDF officers, the Hamas operation involved creating plausible profiles on Facebook of beautiful young Israeli women that were then used to contact young male IDF soldiers. The fake profiles were so believable that moderators of IDF Facebook groups accepted their requests to join what should have been private social media groups. Once in, the controllers of these profiles would flirt online with young soldiers, sending them alluring pictures of themselves – pictures that in some cases have been stolen from the Facebook accounts of young Israeli women.
Once engaged in an online conversation, the controllers of the fake Facebook profiles would ask the soldiers to download a specially developed app on their Android or iOS mobile phone so that they could chat in private. Soldiers who actually downloaded the app in question would then find that their new beautiful friend would disappear, but the app had infected their phone with malware that would siphon off all of their contacts and personal information, and even allow Hamas to remotely access the camera on their phone.
One IDF soldier who fell victim to this information operation is quoted by The Washington Post as saying, “She sent me a message on Facebook. We spoke a lot over a few days. She said she was a prison guard, and I told her I was in the army. Then she asked me to download this chat app so that we could talk more. I downloaded it, but it did not work. I tried to reach her again on Facebook, but she didn’t answer.”
What is considered remarkable by IDF officers is that the initial seduction of IDF soldiers was conducted in flawlessly fluent Hebrew, even including the use of popular slang terms favoured by young Israeli people.
IDF commanders are convinced that Hamas are behind the operation, but would not comment on how they know this citing security concerns and national security imperatives. These same IDF commanders were also quick to say that this particular threat has been contained and dealt with, and that new training on social media use and operational security is underway for all IDF personnel.