• 

A team of Israeli cyber-espionage contractors based in "Modi'in", a new settlement established between "Tel Aviv" and occupied Al-Quds, are responsible for virtual extortion and blackmail campaigns and operations worldwide, targeting presidential-level elections in countries, manipulating lawsuits, influencing nuclear energy deals, and meddling in cryptocurrency prices.

The team was exposed following an investigation by a consortium of journalists who work for 30 news outlets, including Le Monde, Der Spiegel, and El País, and is part of a broader investigation into the disinformation industry coordinated with French NGO Forbidden Stories.

The report, published in The Guardian and Israeli media outlet Haaretz, reveals that the cyber unit was run by 50-year-old former Israeli special forces operative, Tal Hanan, working under the name of "Jorge".

Team Jorge, as dubbed by the reports, claims to have carried out disinformation and manipulation campaigns for over a decade (or Foreign Information Manipulation and Intervention -FIMI), and that were sometimes attributed to China and Russia, meddling in 33 presidential-level elections, 27 of which were successful.

The team of journalists has been able to expose the unit through direct zoom meetings with Jorge and several physical visits to his office in "Israel" where the delegated reporters for the mission introduced themsevles as potential clients.

The secretly filmed meetings took place between July and December 2022 and included in-face meetings with Jorge and his team in his underground basement office in "Madiine"

Conspiracy vs Truth

At the beginning of one of the meetings, Jorge shared his thoughts regarding the speculations on what could be potentially found on Hunter Biden's laptop.

“[Do you know] the difference between conspiracy and truth?” he asked the undercover reporters. “Eighteen months,” he said.

Hanan, or Jorge", defined in one of the meetings how the disinformation and hacking indsutry approaches the targeted audience.

“What is fake news?” He asked rhetorically. “Fake news is when people do believe it. Not because it’s reality or not reality. The question is credibility.”

"I tell my clients: Under 80 percent credibility, it’s fake. But between 80 and 100 percent, there’s … a game we can play,” he added.

Meet the Israeli team

According to the report, the main team consists of three Israelis.

The boss is Tal Hanan, 51, also known as Jorge. he is a skilled Hacker specialized in political and corporate intelligence, and disinformation and comes from security and defense consulting backgroun.

• 

Zohar Hanan - Tal's brother- is the CEO of the company and goes by the name Nick. He is 55 and his skill set includes intellignce and influce operations, is a polygraph expert comes from an intellegince background.

The third individual is 66 year-old Mashy Meidan, aka Max, and is an expert on psychological warfare and influence operations and holds the consultancy and strategy position in the cyber-espionage company and comes from an intelligence background.

Disiformation campaign through company approved by "Israel's" Minstry of Security

Some of the sabotage campaigns run by Hanan were carried out through his Israeli company found in 1999, Demoman International, which, according to the report, is registered on a website specialized in "defense exports" and is run by the Israeli ministry of security.

“I have no idea how Hanan landed in this position. He has no intelligence background, he served in some unknown unit in the air force. But I know he has ties with senior and very serious people among the intelligence agencies in Israel and the U.S.,” a former senior Israeli intelligence official told the journalists.

Hacking, disinformation and public manipulation services

Hanan told the journalists that his hacking and disinformation services are offered to a broad list of clients, including intelligence agencies, political figures, and campaigns, in addition to private corporations that want to manipulate the public.

Hanan noted that he has been contracted to operate on behalf of clients in Africa, South and Central America, the US, and Europe.

• 

How the Israeli team penetrated Gmail and Telegram

The Israeli team disclosed to the reporters that their services include hacking into media accounts that rank amongst the safest worldwide, including Gmail and Telegram.

“Today if someone has a Gmail, it means they have much more than just email,” Hanan said as he shared on his screen the Gmail account of what he described as an “assistant of an important guy” in the Kenya elections, which was days away.

Hanan next went through the Gmail account, including the draft folders, contacts, and drives, the report said.

During his presentation, he also revealed his ability to crack into Telegram accounts, which according to many is considered to be safe due to its encrypted system.

“I know in some countries they believe Telegram is safe. I will show you how safe it is,” he said, then shared on the screen the Telegram contacts of one Kenyan strategist who was working for [then runner] Kenya's President William Ruto.

According to Hanan, he can plant a small device, in cooperation with a local cell provider [in the targeted country] that enables him to reroute phone messages that are sent by communication companies such as Google and Telegram to authenticate users [authentication code] to his computer, which he then uses the "Hijacked" text message to either hack into accounts, or use phone numbers of unsuspecting victims to create fake online accounts.

• 

Hacking the accounts used to sow mischief

The Israeli cyber-criminal revealed to the journalists that he also uses his ability to infiltrate accounts to cause chaos among political rivals.

He typed “hello how are you dear”, using the account of the Kenyan official to one of their contacts. “I’m not just watching,” Hanan noted, adding that such a procedure can be carried out to create conflict among targeted public officials.

“One of the biggest things is to put sticks between the right people, you understand,” he boasted. “And I can write him what I think about his wife, or what I think about his last speech, or I can tell him that I promised him to be my next chief of staff, OK?”

Once the message was sent, Hanan would delete it to remove his trace.

According to the report, they managed to verify Hanan's claim.

An army of 'Humanized' cyborgs

One of the services offered by the Israeli team is a software called Advanced Impact Media Solutions (Aims), which is able to create and control a large virtual army of thousands of fake media accounts on LinkedIn, Twitter, Facebook, Telegram, Instagram, and Facebook.

According to the report, in order to give credibility and authenticity to some of the accounts, Hanan would provide them with Amazon accounts connected to credit cards, bitcoin wallets, and even Airbnb accounts.

Hanan told the undercover team of journalists that if there is a need for a verification text message, the system knows how to deal with it.

However, one of the most important features that the Israeli unit provided was the ability to instantly create credible bots who have different backgrounds, speak different languages, and each with their own tailored profile picture and their own background story.

AIMS does not use AI to generate the account's photos as social media sites like Facebook and Twitter could easily spot them, Hanan said.

However, the software gives its avatars real pictures belonging to real people - without their knowledge.

In addition to Aims, Hanan told reporters about his “blogger machine” – an automated system for creating websites that the Aims-controlled social media profiles could then use to spread fake news stories across the internet. “After you’ve created credibility, what do you do? Then you can manipulate,” he said.

In a demonstration provided by Hanan, he revealed that each avatar is given a multifaceted digital backstory, noting that the accounts mimic human behavior.

Each account holds a unique digital footprint, including a unique email address and real phone number.

Hanan also showed undercover journalists how a large number of fake profiles could be created in an instant, using tabs to choose nationality and gender and then matching profile pictures to names.

“This is Spanish, Russian, you see Asians, Muslims. Let’s make a candidate together,” he said, before choosing an image of a white woman. “Sophia Wilde, I like the name. British. Already she has email, date birth, everything.”

The mentioned details would be used to create an account on different websites and social networks.

The software, according to Hanan, that helped clients deploy up to 5,000 accounts to push needed "propaganda" and promote "mass messages", has been used to meddle in 17 elections.

“It’s our own developed Semi-Auto Avatar creation and network deployment system,” he stated, noting that it could be used in any language and was being sold to clients as a service but could be sold fully “if the price is right”.

The software currently operates over 30,000 fake accounts He said it controlled a multinational army of more than 30,000 avatars, complete with digital backgrounds stretching back years.

The reporting media outlets said that investigations into Hanan's bot army found that the Aims program was behind many cyber propaganda campaigns, mostly involving business disputes, in around 20 countries including the United States, the UK, Canada, Germany, Switzerland, Mexico, Senegal, India, and the UAE.

Within Hanan's espionage arsenal is a tool called "Blogger".

The disinformation tool provides the links that the face accounts are supposed to push out during the disinformation operation.

The links take you to what appears to be a real website that hosts leaked material or videos.

The tool can create “600 links for the same news” story. That way, Hanan said, “I don’t care” if the links get shut down. “We can create as many links [for] content [as] we want. The blogs themselves are not important, even though they help with SEO [Search Engine Optimization] – but we don't go there. We don't need it for that. We needed it to put them on social media.”

She is not real, she is not fake

The fake accounts were not just used to promote or amplify a narrative, it was also used to create a real-world staged incident that would ultimately influence the outcome of a political rivalry by targeting one of the officials of the intended campaign.

According to the report, one of the fake accounts that were "humanized" depicting a 39-year-old Washington woman named Shannon Aiken was used to purchase an intimate gift off Amazon to be shipped to the house of a married politician that was in the middle of an election campaign.

Hanan told the undercover journalists that the wife received the gift signed by Aiken and addressed to the politician. The politician slept in his office the next two days while a crew was sent to secretly film him there and then released the footage online, he added.

There is no reason to believe that Aiken is not real.

She is active on Facebook and Twitter and owns a real Gmail account and an active WhatsApp, both linked to a real phone number. Her Amazon account is linked to a credit card, and she paid for the package using real funds located in her digital wallet.

This week Meta, the owner of Facebook, took down Aims-linked bots on its platform after reporters shared a sample of the fake accounts with the company. On Tuesday, a Meta spokesperson connected the Aims bots to others that were linked in 2019 to another, now-defunct Israeli firm which it banned from the platform.

“This latest activity is an attempt by some of the same individuals to come back and we removed them for violating our policies,” the spokesperson said. “The group’s latest activity appears to have centered around running fake petitions on the internet or seeding fabricated stories in mainstream media outlets.”

Are there immune elections?

One of the many items Hanan showed us during the Modi’in meeting was a photocopy of a check that he says was located in a hacked email. He told us what could be done with such a find. “I take the check … fake a donation to a candidate,” he said.

“Are there, like, any elections without this sh** anymore?” we asked, trying to draw Hanan into a discussion apropos the talk about the fake donation.

“No,” he replied drily.

“Okay. So what’s the point in elections?” he was asked.

Hanan ignored that, but Meidan started to offer a response. “Look,” he said, but before he could continue, we asked him, “Do you vote?”

“Sure,” he replied.

“But you know this is how it works.”

“Look, you’re talking about other places. It’s not that here [in "Israel"] we don’t have that. Here there are other mechanisms.” He paused for a second. “But listen, someone once told me something: ‘Where there is faith, there is no logic.’ I say that in sorrow,” he said, shooting us a slightly emotional look.

Mossad, Iran, Hezbollah, and the Polisario Front

One of Hanan's business partners and friends, Martin Rodil, was a Venezuelan citizen who used to work at the International Monetary Fund (IMF).

According to a Bloomberg report, Rodil became later a Mossad agent upon Hanan's recommendation and was assigned to monitor Hezbollah and Iran's alleged funding in Latin America.

However, the report notes, Rodil is currently under investigation in Spain for extorting a number of wealthy businessmen in Venezuela, to whom he previously was reporting to the Spanish authorities.

The investigation also mentioned that a Hanan sold "Israel" almost 15 years ago a financial report on Hezbollah and Iran for hundreds of thousands of dollars, however, the report "turned out to be bogus", according to the report citing a person informed on the matter.

In 2022, Aims' network carried out an online propaganda campaign under the hashtag #PolisarioCrime that claimed that the Polisario Front in Western Sahara has ties to Hezbollah and Iran.

Targeted 33 presidential elections worldwide

At the beginning of the meeting, in an attempt to impress the potential clients [undercover journalists], Hanan that, “We are now involved in one election in Africa … We have a team in Greece and a team in [the] Emirates … You follow the leads. [We have completed] 33 presidential-level campaigns, 27 of which were successful.” Later, he revealed that he was also working on two “major projects” in the United States but claimed he does not engage directly in US politics.

He described his Israeli team as “graduates of government agencies”, that have experience in finance and social media.

They are also experts in “psychological warfare” he added, noting that they [the team] operate from six offices around the world.

Real-time hacking, Internet web systems infiltrated

Hanan showed the undercover reporters conversations being conducted between ministers in Kenya and Mozambique in Gmail accounts and Telegram, explaining that he hacked into the accounts as a part of a service he is providing to a paying client.

Regarding Kenya, he revealed to them real-time hacking into the account of Dennis Itumbi, a political advisor to one of Kenya's leading figures in the presidential campaign of President William Ruto, in addition to four other senior advisors.

“As you know, elections were last Wednesday [actually the Tuesday] in a certain country in East Africa,” he told the reporters during a zoom call on August 15. “And this is – you can later run [Google] this name that you see on the upper left side,” he said, referring to Itumbi.

 “This is live,” Hanan said pointing at Itumbi’s hacked Telegram account. “So you see who [he is] talking to. … This is today’s plan. … They are discussing the counting of the votes, which is still ongoing. They say 3 P.M. there might be final results – I doubt it, but let’s see.”

Hanan further revealed that the Israeli team was able to obtain the username and password of the internal website of President Ruto's party, the United Democratic Alliance.

“They have their own system,” he said. “We found their own internal website. They have created their own platform. … That’s the level of ‘live intelligence’ you can get, and this is just an example.”

Ruto went on to win the elections and became president, while two of his campaign staffers whose accounts were hacked are now being investigated under accusations of hacking the election committee to “steal” the votes.

Worked against Chavez in 2012

During an online meeting with the Israeli team, it was revealed to the undercover journalists that Hanan participated in a defamation campaign against former Venezuelan President Hugo Chavez during the 2012 elections.

According to the report, the Israeli team attained documents from Chavez's close circle, added false information to them, and then leaked them. The documents then were later used by ABC News Network.

Despite Hanan's attempts, Chavez won the elections that year.

Attempted to sabotage 2014 referundum for Catalonia independance from Spain

Hanan also claimed responsibility in a recording for the 2014 DDOS cyberattack that targeted the referendum on Catalan's independence in Spain in an attempt to sabotage it.

According to then-Catalan president Artur Mas, the cyberattack damaged the internet in Catalonia on the morning of the vote, however, the event was not canceled.

Until today, the authorities in Spain could not locate the parties that were responsible for the attack.

Further during that period, Hanan claimed responsibility for pushing reports, that were circulated by Spanish media, suggesting ties between the Catalan party calling for independence and the Islamic States.

Explaining how the news was manufactured, Hanan hinted that the Israeli team planted some "leaflets connecting the party and the radical [Islamists], and the intelligence [services] start investigating,” which was then picked up by the Spanish media.

“You never know how things happen. Crazy,” he said.

Worked with Cambridge Analytica, wanted in on the Trump operation

The investigation of the consortium of journalists revealed that the Israeli team worked with the UK-based data firm Cambridge Analytica, which according to its [CA] records used "Israeli hackers" that were later identified as Team Jorge.

Emails leaked to The Guardian by the journalists revealed that Hanan sent an offer to Cambridge Analytica for a cyber-espionage operation targeting a Latin American country in 2015, and another to take part in Donald Trump's campaign for the 2016 US Presidential elections, however, there is no concrete evidence that a deal was reached between the two parties.

However, other documents showed that the Israeli team teamed up with the CA to meddle in Nigeria's 2015 presidential elections.

China-Russia gate in Indonesia

In one of his demonstrations, Hanan claimed responsibility for a cyberattack on Indonesia's elections committee (KPU) back in 2019, where the Israeli team planned the offensive, upon their client's request, to appear as if it was launched from China in order to stain one of the nominees as being an affiliate to Beijing.

We launched the attack, he said, “and we showed that all the traffic – everything came from China.”

Media outlets reported later in March 2019 that a “Chinese-Russian” offensive targeted the computer network system of Indonesia's elections committee.

From manipulating elections to inflating cryptocurrency and accessing the world banking system

The Israeli team revealed to the potential clients that they managed to steal the bank information of Turkish shipping magnate Mehmet Ali Umar.

One of Hanan's team members explained that the information was obtained through a human source with access to the world banking system.

However, the media report notes that upon further investigations, two clients of the Israeli team said that the financial reports they bought from Hanan turned out to be unreliable.

A separate company was also established in "Herzliya" called Deep Impact that used AIMS to manipulate the value of cryptocurrency, Hanan claimed.

Planting reports on French TV

Another service Hanan offered to his clients was planting false reports in French Media.

He showed the undercover reporters a clip of a report that had been published on French media outlet BFMTV a few days earlier [from the time of the meeting] and claimed that his team planted that news.

In the report, French television presenter Rachid M’Barki said that the US sanctions on Russian businessmen would result in the unemployment of tens of thousands working at the shipyards that handle the businessmen's yachts in Monaco.

After the journalists contacted the French media outlet to verify the report, the tv's management launched an internal investigation into the matter and later suspended the presenter after the claim appeared to be true.