After IDF soldiers’ phones are hacked by Hamas, how strong is Israel on data security?

ELECTION
COUNTDOWN
More JC coverage here

While proving itself adept at beating Hamas at military cyber warfare, Israel has shown comparatively less competence at protecting its citizens’ personal data on the home front.

The Israeli army this week said it foiled a “catfishing” operation designed to plant malware on its soldiers’ smartphones and extract details on their operational routines and private lives.

The IDF said that while a few dozen soldiers had downloaded the spying app sent by Hamas operatives, who were masquerading as young women on Facebook and Instagram, no damage was caused and they were summoned to have the malware removed from their phones.

It also claims to have carried out a retaliatory cyber attack on computer servers being used by Hamas but have not disclosed any details of how this was done.

The operation was published on Sunday after it became clear Hamas was aware that it had been exposed and the servers involved were sabotaged from afar by Israeli military hackers.

The soldiers were usually contacted after they had already identified themselves on social media as serving in the military, particularly in units often operating on the Gaza borders.

When they started communicating on social media, the “women” would invariably tell the soldiers that they are either hard of hearing or new immigrants, and therefore preferred to chat rather than speak.

They also suggested they download apps for exchanging photographs and videos. Once the app was downloaded, an error message would display on the soldier’s phone and, unknown to them, the phone would become “transparent”, allowing Hamas operatives to access its data and locations.

The IDF has not explained how it tracked the malware and located all the soldiers who had downloaded it. However, it appears that it hacked into the Hamas operation and tracked the downloads, then transferred back a form of virus that sabotaged the Hamas servers.

Another app in the news in recent days in Israel is “Elector”, which is used extensively by Likud and its ally Shas to organise their voter motivation programme on election days.

In at least two instances over the last 10 days, the entire voter register including private information of all Israeli citizens was uploaded to the app’s users.

Likud blamed the software company that developed the app, which claimed that the error had been fixed, but two lawyers petitioned the Central Election Committee to demand the party stopped using the software in this campaign.

They were refused by Supreme Court Justice Neel Hendel, the CEC chair, who ruled that privacy issues are not under his jurisdiction but under the government’s Privacy Protection Authority, which is already looking in to the matter.

Justice Hendel did say, however, that he is considering forming a public commission after the election to examine issues of technology and privacy during election campaigns.

To get more Israel news, click here to sign up for our free Israel Briefing newsletter.

Editor’s picks

Likud’s leak exposed data belonging to every Israeli voter — so why the muted reaction?

Cabinet approves plan to bring 400 Ethiopian Jews to Israel

Benjamin Netanyahu trial set to begin two weeks after Israel's election