Operation “HeartBreaker” was launched to uncover the cell behind the suspicious online actions targeting IDF soldiers.
The IDF has uncovered another Hamas network posing as attractive young women and men on social networks in order to lure in IDF soldiers to access as much information and intelligence on the army that they can.
In January, a year after the Israeli Army first uncovered Hamas’s attempt to honeypot male soldiers, online military intelligence began receiving new reports from soldiers of suspicious online activities.
A new Military Intelligence operation dubbed “HeartBreaker” was launched in March to uncover the cell behind the suspicious online actions targeting IDF soldiers.
“We know who is behind this,” said one senior military intelligence official who stated that while the damage done was minor “there was, of course, a potential of serious harm to national security.”
The Hamas applications had “wide capabilities,” a senior military intelligence officer said, adding that the Hamas network was more believable than the previous attempt despite still writing in Hebrew with visible spelling and grammatical errors.
According to senior intelligence officials, soldiers had been approached by suspicious figures on social networks as well as on messaging applications such as Whatsapp using Israeli numbers to get soldiers to download applications from Google’s official store.
An investigation by the IDF’s Military Intelligence found that the 11 suspicious individuals (three who approached soldiers on WhatsApp, another eight approached soldiers on Facebook) were an intelligence network of the Hamas terrorist organization which asked the soldiers to download applications which compromised their cell phones with Trojan horse viruses.
The applications used by Hamas included two social networking applications, WinkChat and GlanceLove, and an application for fans of the World Cup – GoldenCup. All applications had between 400-500 downloads before being removed from the Google App store.
But a quick search online show both GlanceLove and WinkChat are still available to download and a Facebook page for GoldenCup remains open.
“WinkChat is an app that lets you to poke everyone at everywhere whom in your friends list and to be at contact with them in a romance feelings, also it used to refresh friends relations and build new relations with any person you like,” reads the description of the application on the APKPure store.
Once on the phone, the virus would give Hamas operatives access to all pictures, the soldier’s location, text messages (including the history of sent messages), and the soldier’s contact list. The virus would also be able to download files, have access to the phone’s camera and microphone, taking pictures and recording conversations remotely without the soldier knowing.
Nevertheless, most of the soldiers who were approached by the Hamas operatives demonstrated a high awareness of the IDF’s information security directives and acted in accordance to the guidelines. The soldiers did not cooperate with the suspicious individuals, instead informed their commanders who reported the attempts to military intelligence.
According to the senior intelligence officer, while both male and female soldiers were approached, sometimes in romantic ways, the female soldiers would cut off communication faster than their male counterparts.
Military Intelligence has reiterated to soldiers to follow the IDF’s cautious guidelines for the use of social networks by soldiers: only confirming friendship requests from people one knows personally, to not upload any classified information to any social network, and to only download applications from the original App Store, rather than downloading applications from links.
The military has also recommended that if a soldier is approached by a stranger online to be aware that it might be an attempt to honeypot them, especially if the suspicious individual is unable to meet in person.
The IDF has urged all soldiers, including reserve soldiers, to report to their commander and security officials if the suspicious individual asks them to download applications and if they feel that their phone may have been compromised.