Honey trap exposes Army's vulnerability to social media risks
(Bloomberg) -- It was a 21st-century twist on an age-old espionage trick: An attractive woman strikes up a relationship on social media with an Israeli soldier, who doesn’t realize his new sweetheart is a Palestinian militant tapping into his phone.
Hundreds of Israeli soldiers were stung in an operation carried out mostly on Facebook Inc’s Messenger, designed to gather information on military plans and deployments, a senior Israeli intelligence officer told Bloomberg, speaking on condition of anonymity to discuss sensitive matters. Israel says the deception was masterminded by Hamas, the Palestinian militant group that rules the Gaza Strip. Computer security company Kaspersky Lab said the cyberattacks were first detected in July, and as recently as February.
Hamas’s achievement shows how even a military renowned for its cyber prowess is vulnerable to relatively simple technology, and highlights the threat social media can pose to any institution. It’s almost impossible to set up an airtight defense against such cyber incursions, said Aaron Joseph, Cisco Systems’s technology director for southern Europe.
“Today the hacking organizations, and in this specific instance terror organizations, will try to get information any way they can, and all of us have some kind of connection to social media,” Joseph said. “It’s something continuous and happens all the time. You can’t prevent it.”
Enemy intelligence had never before made direct contact with Israeli troops in cyberspace, and the ruse triggered a military campaign to raise troop awareness of how social media can be used as a weapon, the officer said.
Hamas officials and militants declined to comment. Facebook didn’t respond to a request for a reaction.
According to the officer’s account, Hamas created about 40 fake profiles of young women ostensibly born in Europe and the U.S. The profiles presented the women as Israeli military veterans who were currently overseas but planned to return to Israel.
The initial approach was a “friend” request, followed by a photo of an attractive woman. If the soldier suggested they talk on the phone, the spy would claim to have no number and suggest another application instead, which inserted malicious code on the soldier’s phone. Mobile devices were soon sending Hamas the soldiers’ locations, taking photos and recording conversations, and sending the information to a Hamas server.
The operation was uncovered after the same “woman” approached several soldiers in the same unit, who alerted the military’s data security investigation team. In some cases operational plans had to be modified or canceled, the officer said, without elaborating.
The IDF also uses social media to seek information on its enemies, according to the military officer, and Israeli security services also have used comely young women as bait. That’s how the Mossad espionage agency in 1986 trapped former nuclear technician Mordechai Vanunu, who was imprisoned for 18 years for disclosing nuclear secrets.
Still, the current case is unique, said Ido Naor, a senior security researcher at Kaspersky. He called it “a rare case of attackers using such persistence in impersonating and social engineering,” and said he couldn’t remember examples of other armies being similarly targeted.
After the deception was exposed, the army’s data security investigative unit sent people around the country to educate soldiers about the incident and reformat phones that might have been compromised. Advertisements, lectures and an Internet campaign were launched, and photos of the fake paramours were posted at every army base.
Facebook, meanwhile, was asked to remove the fake profiles. The company said in early 2016 that about 2 percent of the profiles on its platform are bogus.
The incident inspired a group of programmers at a military hackathon to design a program that identifies fake profiles and gives real-time warnings, according to an officer cadet who helped organize the event, who couldn’t be identified in accordance with military policy.
But no software can stop Hamas or another militant group from trying again, Cisco’s Joseph said.
“Cyber is another front” of modern warfare, he said. “It’s a given.”