An Israel-based global disinformation operation, which is accused of interfering in elections throughout the world, has been exposed following an eight-month investigation by a group of international journalists. A group of journalists working together with the assistance of Forbidden Stories, a non-profit organization based in Paris, conducted the probe.
The team alleges that it used automated disinformation, hacking, and sabotage to influence more than 30 elections globally.
Tal Hanan, a 50-year-old former Israeli special forces agent, who now works privately under the alias ‘Jorge,’ appears to have been operating covertly, from the central city of Modi’in, in elections for more than 20 years in a number of different nations. Videos and documents, by undercover reporters, have exposed Hanan and his group, known by the moniker ‘Team Jorge.’
“I deny any wrongdoing,” Hanan responded to questions concerning Team Jorge’s tactics and operations without answering detailed questions about the team.
The investigation exposes astounding details about how Team Jorge, which operates as a private firm offering to discreetly interfere in elections without leaving a trace, weaponizes disinformation. Furthermore, the team also serves corporate clients.
Hanan informed the undercover journalists that intelligence services, political campaigns, and private businesses seeking to surreptitiously sway public opinion may use his services, which some refer to as ‘black ops.’ He said that they had been employed in South and Central America, the US, and Europe in addition to Africa.
Advanced Impact Media Solutions, sometimes known as Aims, is a complex software program that is one of Team Jorge’s core offerings. It is in charge of a sizable army of thousands of fictitious accounts on Twitter, LinkedIn, Facebook, Telegram, Gmail, Instagram, and YouTube. Some avatars even have credit card-enabled Amazon accounts, bitcoin wallets, and Airbnb accounts.
A group of journalists from 30 publications, including Le Monde, Der Spiegel, and El Pas, conducted the investigation on Team Jorge. The study, a component of a larger inquiry into the fake news industry, has the goal to support the reporting of the slain, intimidated, or imprisoned journalists.
Three reporters who contacted Team Jorge while masquerading as potential customers captured the secret videos.
Hanan and his crew discussed how they can obtain information on rivals in more than six hours of discreetly recorded talks, including by employing hacking tactics to access Gmail and Telegram accounts. They boasted of inserting content into reliable news sources, which the Aims bot-management program amplified.
The crew even claimed to have sent a sex toy via Amazon to the residence of a politician in an effort to give his wife the idea that he was involved in an affair. Much of their approach seems to revolve around disrupting or destroying rival campaigns.
The Israeli company Demoman International, which is listed on a website sponsored by the Israeli Ministry of Defense to promote defense exports, seems to have been used by Hanan to conduct at least some of his disinformation operations.
Content in the footage
Radio France, Haaretz, and TheMarker journalists approached Team Jorge while posing as advisors for an African nation that was politically unstable and in need of assistance postponing an election.
Video calls and a face-to-face meeting were held with Hanan and his coworkers at Team Jorge’s base, an unmarked office in an industrial park in Modi’in, 20 miles from Tel Aviv.
Hanan described his team as ‘graduates of government agencies,’ working out of six offices globally, and having competence in financing social media campaigns, and ‘psychological warfare’. Four of Hanan’s coworkers, including his brother Zohar Hanan, who was referred to be the organization’s CEO, were present at the meetings.
Hanan asserted in his opening sales presentation to the prospective customers, “We are now involved in one election in Africa. We have a team in Greece and a team in [the] Emirates. You follow the leads. [We have completed] 33 presidential level campaigns, 27 of which were successful.” Later, he professed not to be actively involved in US politics but disclosed that he was working on two ‘big projects’ in the country.
In the covert meetings, it was impossible to confirm all of Team Jorge’s assertions, and Hanan might have embellished them in order to strike a lucrative agreement with potential clients. He, for instance, might have exaggerated his rates while describing the price of his services.
Team Jorge informed the journalists that they would accept payments in a number of different currencies, including cash or digital ones like bitcoin. For electoral meddling, he said he would demand between €6 million and €15 million.
Hanan, though, appears to have quoted lower prices in emails that were sent to the Guardian. According to one email, he requested $160,000 from the now-defunct British consulting firm Cambridge Analytica in 2015 to take part in an eight-week campaign in a Latin American country.
Hanan tried again, this time in Kenya, to land a contract with Cambridge Analytica in 2017, but the firm turned him down, stating that was more than its clients would be willing to pay.
There is no proof that either of those campaigns actually took place. However, other stolen documents show that Team Jorge collaborated with Cambridge Analytica when it secretly worked on the 2015 Nigerian presidential election.
The former CEO of Cambridge Analytica, Alexander Nix, declined to speak further but added, “Your purported understanding is challenged.”
Additionally, Team Jorge emailed Nix’s political consulting firm a video displaying an early version of the Aims branded social media misinformation program. Hanan alleged in an email that 17 elections had utilized the program, which allowed users to build up to 5,000 bots to distribute ‘mass messages’ and ‘propaganda’.
Hanan demonstrated the Aims interface by scrolling through a variety of avatars and demonstrating how phony accounts could be quickly made by selecting a nationality and gender from tabs, then matching profile photos to names.
There are Muslims, Asians, Spanish, and Russian people here, he said to the undercover reporters and added, “Let’s make a candidate together,” before deciding on a picture of a white woman, “Sophia Wilde, I like the name. British. Already she has email, date birth, everything.”
When questioned about the source of the images for his avatars, Hanan was evasive. However, the Guardian and its partners have found a number of cases where photos have been taken from actual people’s social media accounts. For instance, the image of ‘Sophia Wilde’ appears to have been taken from a Leeds-based woman’s Russian social media account.
Online activity by Aims-related bots was monitored by The Guardian and its reporting associates. About 20 countries, including the UK, US, Canada, Germany, Switzerland, Mexico, Senegal, India, and the United Arab Emirates, were affected by its bogus social media campaigns, the majority of which involved business conflicts.
This week, Meta, the corporation that owns Facebook, removed Aims-related bots from its network after journalists sent them a sample of the fraudulent accounts. The Aims bots were related to others that were linked in 2019 to another now-defunct Israeli firm, which Meta booted from the platform, stated a spokesperson for the company, on Tuesday.
“This latest activity is an attempt by some of the same individuals to come back and we removed them for violating our policies,” the spokesperson said, “The group’s latest activity appears to be centered around running fake petitions on the internet or seeding fabricated stories in mainstream media outlets.”
Hanan also has his ‘blogger machine,’ a program that generates webpages automatically, which Aims controlled social media accounts can use to circulate false information online. “After you’ve created credibility, what do you do? Then you can manipulate,” he said.
Hanan’s hacking abilities
Hanan displayed the hacking prowess of his team to the reporters by breaking into Gmail and Telegram accounts. In one instance, he displayed the Gmail account of a man identified as the ‘assistant of an important guy’ in the next general election in Kenya.
Hanan remarked as he scrolled through the target’s emails, draft folders, and contacts, “Today, if someone has a Gmail, it means they have much more than just email.” Then he showcased how he apparently could access accounts on the encrypted messaging software Telegram.
One of the Telegram accounts he claimed to have accessed belonged to a user in Indonesia, while the other two appeared to be linked to Kenyans who were active in the general election and familiar with William Ruto, the candidate who ultimately won the presidency.
“I know in some countries they believe Telegram is safe. I will show you how safe it is,” he promised before flashing a screen on which it appeared that he was scrolling through the Telegram connections of a Kenyan strategist who was then working for Ruto.
Hanan then exhibited how Telegram access could be used to cause trouble.
He said, “One of the biggest things is to put sticks between the right people, you understand. And I can write him what I think about his wife, or what I think about his last speech, or I can tell him that I promised him to be my next chief of staff, OK?”
Hanan then showed how he could ‘delete’ the message after it had been read in order to hide his footprints.
Hanan made a mistake when he tried that same approach again and gained access to the Telegram account of Ruto’s second close adviser. He failed to properly remove a trivial Telegram message containing simply the number ’11’ that he had sent to one of the contacts of the hacking victim.
Later, a reporter from the group was able to locate the person who received that message and was given permission to look through their phone. On their Telegram account, the ’11’ message was still legible, confirming the validity of Team Jorge’s account takeover.
The global signaling telecoms system, SS7, has long been viewed by specialists as a weak point in the telecoms network. Hanan revealed to the undercover journalists that some of his hacking techniques targeted flaws in SS7.
The SS7 vulnerabilities issue, according to Telegram, is a well-known issue and ‘not exclusive to Telegram.’ “Accounts on any massively popular social media network or messaging app can be vulnerable to hacking or impersonation unless users follow security recommendations and take proper precautions to keep their accounts secure,” Telegram said. Google declined to comment on the vulnerabilities with Gmail.
For huge tech platforms, which have for years fought to prevent malevolent entities from disseminating misleading information or jeopardizing the security of their platforms, the approaches and techniques detailed by Team Jorge pose new hurdles. The evidence of private worldwide industry in disinformation directed at elections could end up alarming democracies all across the world.
