We read regularly about the unrest between Hamas and Israel, most of which is taking place along the border separating Israel from the West Bank and Gaza. What we haven’t read a lot about is the social engineering effort coming out of Hamas targeting Israeli military personnel.
Hamas is the largest of several Palestinian militant Islamist groups. While no one will accuse Hamas of being original in concept, others have created fake personas to entice individuals to engage. The 2010 Robin Sage con comes immediately to mind. And there are a plethora of examples of phony LinkedIn and Facebook personas which have been created to engage various target sets, all with the intent to elicit personal and professional information.
What makes the Hamas effort unique is they went well beyond the creation of fictious personas; they took a page right out of the North Korean online handbook and created applications (apps) specifically targeted at the Israeli soldier. Using the reach of Facebook and WhatsApp, they promoted their apps to “commercially” targeted audiences using the apps’ own tools.
The Israeli Defence Forces (IDF) tell us that the “Gold Cup” app was created by Hamas. It was a fully functional app which provided timely updates of World Cup scores and stats. A senior IDF officer is quoted, “It actually was a very good one.”
The IDF also identified two data apps targeting Israeli military personnel. GlanceLove was advertised as “the best choice for new lovers who care about their privacy and safety.”
WinkChat was billed as an app “that lets you poke everyone at everywhere whom in your friends list and to be at contact with them in a romance feelings… (SIC)”
The reality is that, once downloaded, the apps allowed Hamas to geolocate the individual, access the user’s data on their phone and operate it remotely.
The standard fake profiles, using model photos on various social networks, including Facebook, continue to be used to engage Israeli military personnel. Once engaged, the elicitation begins, followed by the provision of a payload via a link to compromise the user’s device.
The Israeli government advises that fewer than 100 soldiers fell for the dating apps; no number was given for the number associated with the World Cup app.
The apps were available via Google Play, and have now been removed.
Going forward, apps associated with reality television programs, global and local events will all be suspect – are they real, or are they Hamas?
We see with great regularity the unscrupulous competitor targeting the intellectual property of their competition or attempting to elicit information from a well-placed insider.
We also see criminals engage both physically and via the cyber domain – given the talent available, creating apps designed to steal and/or provide the creator a window into a competitor’s personnel is not a stretch for them.
While the Hamas effort was clearly geopolitically inspired, it is easy to see how these techniques can transfer to the competitive trenches of commerce. The public perception that the security checks provided by Google and Apple prior to allowing apps into their stores is comprehensive, is now cast into question.
Users and companies alike need to stay on top of what they are downloading onto their devices and giving access to sensitive information, and to wherever possible do a deep dive into the mechanics of allowed apps, which probably should exclude dating apps.