Dozens of Israeli soldiers were tricked by Hamas into
installing malware on their phones and computers via an old ruse: messages from
young women looking for companionship.
Investing in security solutions is always a good idea,
but what’s the point when users voluntarily install malware on their phones and
PCs? As usual, when given the opportunity, it looks like some people will make
the wrong choice, underlining the fact that humans remain the weakest link in
most attack cycles.
Soldiers were contacted online and offered photos of
young women trying to pass as immigrants, with a limited understanding of
Hebrew. The end goal was to persuade soldiers to install an app that would supposedly
allow them to share photos.
According to a BBC report, it was
actually an app that allowed Hamas to spy on Israeli soldiers. If the victim
installed the app, attackers would get access to their location, pictures and
contacts. It would also be possible to take photos and make recordings without
the victim’s knowledge.
The Israel Defense Forces (IDF) found about Hamas’
attempt early on but decided to let it continue to determine the extent of the
breach. The purported surveillance was eventually shut down, and the IDF said there
was no significant breach of information.
Not surprisingly, this is just the latest development in
a continuous cyberwar. Last year, Israeli forces bombed a building
that was presumably housing a hacking group working for Hamas.