Information Warfare: Killer Girlfriends


July 21, 2018: In early 2018 Israeli intelligence became aware of another online effort to entice Israeli soldiers to reveal military information via a smartphone based honey trap (using sex to get intel). This has become an increasingly popular, and successful, espionage technique, particularly in South and East Asia. Not so much in the Middle East, at least when used against Israelis. Security experts nicknamed this latest effort Heartbreaker, apparently because it was an epic fail. Hamas was apparently behind Heartbreaker and on paper it no doubt looked far more promising than it turned out to be in practice.

The Hamas Heartbreaker team set up fake profiles of Israeli women on social networks (Whatsapp and Facebook) used by Israeli men and women to meet each other. Hamas made a basic error in using operatives who may have spoken Hebrew but were less skilled in the written form, especially the dialect (every language has one) used on social media and smartphones in general. This was a serious mistake because while most single (and a few married) Israeli soldiers use these Hebrew language sites many noted that some of these Hebrew messages they received from “Jewish” women were immediately seen as not-quite-right. Not only were there grammar and syntax errors but the messages sent the wrong message. The “girls” tried to get soldiers to download Android apps called WinkChat, GlanceLove and, for football (soccer) fans; GoldenCup. The first two made it easier to flirt online while the football app capitalized on the World Cup fervor. All three were available on the Google App store (for Android phones) and only had a few (less than 500 each) downloads when Israeli intelligence went to investigate. On closer examination, these apps were spyware which enabled the Heartbreaker hackers to collect data from the infected phone and even turn on the phone camera remotely. Once informed Google removed the apps from the app store but some were still available at Facebook pages and other unmonitored sources.

Heartbreaker became news in Israel only because some soldiers thought it was hilariously inept and discussed it with other soldiers before reporting it to Israeli intelligence (which advised troops to keep quiet). There have been no reports of how Israeli intelligence might have turned the Heartbreaker campaign against Hamas (as it has done in the past) but letting basic information go public warned Israeli troops once more that they were still targets for these online attacks and the next effort might be more competent, and more dangerous to Israeli troops who fall for it.

When it comes to smartphones Israeli soldiers are warned regularly about new espionage risks. Israeli troops know about the success Israeli intelligence has had using smartphones as intelligence collecting tools. There are a lot of Arab speaking Israelis who learned the language from parents or grandparents who once lived in Arab countries and grew up using Arabic regularly were usually literate in it as well. Israeli intelligence pays attention to the small details like grammar and slang. Hamas did not do likewise because they have not got as many Hebrew speakers in their ranks and few who can converse convincingly on social media using Hebrew. The Israelis discovered eleven Hamas operatives who were sending these messages and trying, with very little (if any) success to get soldiers to download the apps and be secretly spied on.

Another example of Moslem hackers becoming more effective was revealed about the same time Heartbreaker showed up. The successful hack involved a group of Pakistani hackers, who specialized in creating and maintaining surveillance software for parents to track their children (or a spouse). This group was apparently hired by the Pakistani CIA(ISI, or Inter Service Intelligence agency) to create spyware (Stealth Mango for Android and Tangelo for IOS) versions of the surveillance software and then help distribute it to some key government officials and civilians in Afghanistan, India, Iraq, Iran, the United Arab Emirates and Pakistan using Facebook Messenger. This approach uses a lot of “social engineering” as the hackers must contact the target individuals and persuade these potential victims to download an app that pretends to be something other than spyware. Most targeted individuals were either not interested or didn’t trust the offer. The most secure (resistant to this spyware) cell phone was the iPhone and the spyware would only work on the small number of iPhones that that had been modified (“jailbroken”) to run apps that did not come from the Apple App Store. As usual, the Android phones were much more vulnerable. In any event, it appears that only about a dozen people were persuaded to install the app. That, it turned out, was enough key people to collect a lot of important data.

The Stealth Mango/Tangelo effort was another intelligence-gathering operation that, in this case, collected a lot of sensitive data about American and Australian military and diplomatic activities. Collecting and transmitting the data (without the phone owner being aware) was how Stealth Mango/Tangelo was discovered (by an Australian Internet security company) in early 2018. Stealth Mango/Tangelo needed a lot of permissions on the infected phone in order to work and mostly went after data (documents and photos) as well as messages, location and contact lists. At least 40 GB of material was stolen from the infected phones by the hackers before Google and Apple were informed and victims were notified and the spyware was disabled. But it will be back. Actually, this sort of spyware has been around for quite a while and the latest ISI use of it was just another example.

Moreover, this sort of thing is not unusual for the ISI as Pakistan and India have been using the Internet to spy on each other for decades. Even before the Internet became widely available in the late 1990s there was an ongoing "war" between Indian and Pakistani hackers. Most of this has been little more than vandalism (defacing web pages and the like), but there have been some more serious hacks. It was these nationalistic hackers

Another fun fact is that Pakistan has always had the largest software developer and hacker community of any Moslem country. That’s because early on Pakistan developed a large, and growing, software development industry of its own. In fact, the first known computer virus, the "Brain Virus" was written by Pakistani programmers in the late 1980s. "Brain" was created to help protect software a Pakistani firm had created and was selling. But the losses from pirating (illegal copies) were making the software unprofitable. Instead of fixing the problem the Brain virus got out of control, and the rest is history. Pakistan has a lot of homegrown talent for their computer crime operations, and the ISI, to recruit from. ISI is the kind intel agency that when they ask fellow Pakistanis for help, it is best to consider it an offer you can’t refuse.

Most Pakistani programmers want to make an honest living with their skills and some have left Pakistan to avoid getting dragged into something unsavory. Despite that, the hacking got so bad in Pakistan that in 2008 the government enacted the "Prevention of Electronic Crimes" law. In addition to explicitly describing various Internet-based crimes, and declaring them criminal acts, it also defined cyberterrorism and the penalties for Internet terrorists. If someone causes the death of another because of cyberterrorism, the maximum punishment is execution. But the law only applies to those hacking Pakistanis. While ISI saw this hacking as a problem, it was also an opportunity when used to go after real or imagined enemies.

As more Internet users moved to smartphones so did the hackers. Smartphone users were even more valuable and vulnerable than users of desktop and laptop computers. In that respect, Stealth Mango/Tangelo is not unique, just the latest.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close