Israeli Soldiers May Still Be Vulnerable to Hamas Cyberattacks, Senior Intel Officer Says

Sources in the cybersecurity industry see Hamas as the most advanced non-state organization in the field. Recent hack potentially exposes hundreds of Israeli soldiers to extortion

One of the apps used by Hamas.
IDF Spokesperson's Unit

Sources in Israel's cybersecurity industry criticized on Tuesday the military's handling of threats by cyberattacks after it was made public that Hamas managed to spy on Israeli soldiers using World Cup and dating apps.

Using face social media profiles, Hamas managed to get Israeli soldiers to download the apps. The apps allowed malicious software controlled by Hamas to be planted into Android smartphones and gain access to pictures, phone numbers and email addresses of soldiers posted near the Gaza border and even allowed Hamas to control the phones' cameras and microphones remotely.

>> Hamas spied on hundreds of Israeli soldiers using fake World Cup, dating apps

Some in the industry describe Hamas as the most advanced non-state organization when it comes to cyberattacks. The fact it used Google's official Play Store, social media profiles that seemed reliable and relevant information in Hebrew, attests to Hamas' ability to improve tactics, they say.

Hamas was able to successfully download data from the phones, including messages, emails, pictures and videos that could embarrass some of them. When it comes to high-ranking officials, some of the data could potentially be used for extortion.

One senior source said that in the field of cybersecurity, this is considered a sophisticated attack and Israel would be wrong to underestimate it.

The apps were removed by Google from its Play Store, but this happened almost a week after the operation was uncovered.

While many soldiers are aware their phones were hacked and their information downloaded, Hamas could still be recording or filming through soldiers' smartphones who were unaware of it, a Military Intelligence source said.

The sources say that Israel is making a critical mistake in focusing only on raising awareness to such attacks, instead of also using existing cybersecurity defenses to counter them. Senior officers may use their encrypted military cellphones, but if Hamas has taken control over the phones of their drivers or radio operators – or someone in their offices – the encryption no longer matters because their entire conversations are recorded and broadcast in real time to Hamas, said a cyber security expert.

“Today, for a few tens of thousands of dollars, it is possible to get hackers from Eastern European and Asian countries who can carry out cyber attacks on a very high level,” says Nitzan Ziv, vice president for cyber security at Check Point. “An organization that wants to attack Israel and has the relevant information on soldiers can do so independently and can turn to people in those same countries. We know how to say with certainty today that this is something that happens,” Ziv added.

A senior Military Intelligence officer said that “Hamas has expanded into other social networks, they are developing applications for the target audience of soldiers, marketing the applications through Google, making use of the civilian telephone numbers."

"They have begun approaching women directly too, women soldiers and these are things that never happened in the past. It seems there are other similar incidents, there is a very high level of likelihood that there are other similar platforms,” said the senior intelligence officer.  

This is the fourth wave of cyber-attacks Hamas has carried out against Israeli soldiers that succeeded in gathering information it wants. In this case, the platform operated for only a relatively short period using only a few hundred soldiers over only a few weeks, but in previous attempts – and possibly in the future too – Hamas may have learned lessons and will operate in different and more sophisticated ways.