Hamas using honeypots to target Israeli soldiers on Instagram

The IDF has uncovered another Hamas network posing as an attractive young women on social networks in order to honeypot soldiers, this time on Instagram, in order to access as much information and intelligence on the army that they can.

“This is a network in which the culture of sharing is paramount and where everything revolves around pictures and ‘see me,’” said Lt.-Col.A, the Head of information Security Policies in the IDF’s Information Security Department.

According to him “popularity and the need to follow back increases the risk” to soldiers who he cautioned to follow military guidelines and not click on suspicious messages in their Instagram inbox.

“We want to make it clear to the soldiers that even if Hamas adds additional applications and infiltrates additional platforms, once we identify them, they will not catch up with us,” said Lt. Col. A.

The IDF launched two operations in the past year uncovering networks of Hamas operatives trying to lure in soldiers through smartphone applications.

“The reports we received after the publication (of Operation Heartbreaker) dealt a great deal with the fact that soldiers thought that an application from an official app store was not necessarily dangerous,” Lt.-Col. A. was quoted by the army as saying.

“After we thwarted and blocked the applications, Hamas tried unsuccessfully to preserve connections that had been initiated in the past, or new relationships with identities that have not yet been exposed. Thanks to the high reporting by soldiers, these attempts were also revealed and we were able to thwart other fake profiles,” he said.

The IDF first uncovered Hamas’s attempt to honeypot male soldiers online in January of last year in an operation dubbed “Hunter’s Network” where dozens of accounts on social networks, such as on Facebook, were identified as being operated with false or stolen identities with the intent to extract classified information from both regular and reservist soldiers.

In March, the IDF’s Military Intelligence Directorate launched “Operation Heartbreaker” and uncovered another cell behind suspicious online actions targeting IDF soldiers on social networks as well as on messaging applications such as Whatsapp using Israeli numbers to get soldiers to download applications from Google’s official store.

An investigation by the IDF’s Military Intelligence found 11 suspicious individuals (three who approached soldiers on WhatsApp, another eight approached soldiers on Facebook) were an intelligence network of the Hamas terrorist organization.

In both instances the soldiers were asked to download applications which compromised their cell phones with Trojan horse viruses.

Once on the phone, the virus would give Hamas operatives access to all pictures, the soldier’s location, text messages (including the history of sent messages), and the soldier’s contact list. The virus would also be able to download files, have access to the phone’s camera and microphone, take pictures and record conversations remotely without the soldier knowing. 

The military urged troops to only confirm friendship requests from people one knows personally, to not upload any classified information to any social network, and to only download applications from the original App Store (rather than downloading applications from links).

Troops were also instructed that if they were approached by a stranger online to be aware that it might be an attempt to honeypot them, especially if the suspicious individual is unable to meet in person.

The IDF has urged all soldiers, including reserve soldiers, to report to their commander and security officials if the suspicious individual asks them to download applications and if they feel that their phone may have been compromised.