Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps

The militant group managed to successfully plant malicious software and gather sensitive information about army bases near Gaza

Israeli military forces on the Gaza border, April, 2018.
Eliyahu Hershkowitz

Hamas managed to hack into the phones of hundreds of Israeli soldiers using dating and World Cup apps and managed to gather sensitive information about the military and some of its bases around the Gaza strip.

The apps allowed malicious software controlled by Hamas to be planted into Android smartphones, enabling militants in the Strip to access pictures, phone numbers and email addresses of soldiers posted close to the border, and even allowed Hamas to control the phones' cameras and microphones remotely.

>> Israeli soldiers may still be vulnerable to Hamas hacking, intel officer says

In a number of cases, Hamas has been able to film what was happening on Israel Defense Forces bases without the soldiers being aware their phones had been hacked. Beginning in January 2018, the military's information security department has received complaints from soldiers and commanders about attempts by suspicious people on social networks recommending soldiers to download apps from the official Google Play Store. Soldiers who downloaded the app immediately gave Hamas access to all the information on their phone.

One of the apps used by Hamas was a dating app and the other is called “Golden Cup,” which provides real time information on this year’s World Cup. 

One of the apps used by Hamas.
IDF Spokesperson's Unit

The military began examining these apps and swiftly discovered that Hamas was behind them, and that it was operating fake Facebook profiles to build trust with soldiers since 2017 to get the soldiers to download the apps.

The operation by the unit responsible for information security was dubbed "operation broken heart."

Hamas also used a fitness app to identify the phone numbers of soldiers who went jogging near the Gaza border. The minute Hamas had these numbers, it began sending the soldiers, and others, requests to download their "Trojan Horse" apps.  

Even though the damage was discovered relatively quickly, only a few weeks after the militants started to hack into the soldiers' phones, Hamas still succeeded in gathering information on a number of Israeli bases and the armored vehicles on those bases.

In recent years, Hamas has been making great efforts in the area of cyber hacking and information gathering and in attempting to acquire information from Israeli soldiers, sources in the cyber security sector say.

Yehiyeh Sinwar, the Hamas militant group's leader in the Gaza Strip, speaks to foreign correspondents, in his office in Gaza City, Thursday, May 10, 2018
Khalil Hamra/AP

The latest attacks on smartphones, using the official apps on the Google Play Store, social media profiles testifies to Hamas’ ability to improve its tactics. Some in the industry describe Hamas as the most developed non-state organization in cyber security. 

“Today, for a few tens of thousands of dollars, it is possible to get hackers from Eastern European and Asian countries who can carry out cyber attacks on a very high level,” says Nitzan Ziv, vice president for cyber security at Check Point. “An organization that wants to attack Israel and has the relevant information on soldiers can do so independently and can turn to people in those same countries. We know how to say with certainty today that this is something that happens,” Ziv added.