SCOOP: We went undercover & discovered a secret disinformation-for-hire group called Team Jorge selling election interference, hack-and-leak & influence as a service. They claim to have meddled in 33 elections THREAD
#TeamJorge
@FredMetzo
@GurMegiddo
SCOOP We got our hands on screen shots of an early prototype of Pegasus, called Syaphan and intended for use by the Israeli police
These photos are the closest weโve gotten to seeing real working Pegasus system THREAD
@JoshBreiner
@haaretzcom
๐จSCOOP: My new
@Haaretzcom
investigation reveals new Israeli cyber companies developed technology that exploits the heart of the online economy - ads - not just for mass surveillance, but also to hack phones ๐
SCOOP Meet Toka, an Israeli camera hacking firm set up by former PM Ehud Barak and the IDFโs ex-cyber chief. It sells only to intel bodies and law enforcement and allows them to โaccessโ and โalterโ camera feeds
tldr; Team Jorge are a 1-stop-shop of influence & psyops
Their business model: disinformation-as-a-service, or DaaS.
Their software: AIMS, an advanced system for creating and deploying fake accounts without detection
#TeamJorge
@FredMetzo
@GurMegiddo
I've spent that last two weeks combing over the amazing work done by
@amnesty
's Security Lab &
@citizenlab
to put together this list of all the confirmed victims of the Pegasus. Did I miss anyone? DM me and we'll update the list
@haaretzcom
โMake the deal, itโs for Israelโs securityโ
Investigation reveals: Where Netanyahu traveled, NSO soon followed.
This is how Israel became the cyber industryโs patron and pushed spyware sales across the world -
@amitaiz
for
#PegasusProject
@haaretzcom
BOOM: Former Israeli prime minister Ehud Olmert was involved with cyber firm Intellexa and was even supposed to help pitch its cyber tools to Germany
Massive scoop by
@danieldolev
at
@HashomrimOrg
as part of the
#PredatorFiles
published by
@EICnetwork
A year ago I boarded a plan to Greece and began working on what would be the main focus of my spyware investigations since: A firm called Intellexa which offers the same type of spyware as NSO, but unlike NSO does not operate under Israeli oversight
SCOOP: Together with
@FakeReporter
, researchers have uncovered, for the first time since the start of the war, an Israeli influence operation in English.
The targets: U.S. lawmakers & Hamas-UNRWA
Here's what we found: ๐
#InfluenceOps
@haaretzcom
This early prototype of a Pegasus-like system also allows remote recording - not just live interception of calls but actually turning the phone into a recording device
@JoshBreiner
@haaretzcom
SCOOP PART 2: After discovering
#TeamJorge
, we (
@GurMegiddo
@FredMetzo
) went undercover AGAIN and had a series of meetings with a firm that likes to pretend that its the quote/unquote ""legitimate"" side of the disinformation-for-hire market
Meet Percepto
The spyware also allows operators - in this case, potentially Israeli police officers - to remotely turn on a phoneโs camera
@JoshBreiner
@haaretzcom
As one source told me: โIsrael is the ONLY country in the world that export regulations donโt apply to. Offensive cyber firms can sell Israel anything and everything, not just tech but also servicesโ
@JoshBreiner
@haaretzcom
They bear all the hallmarks of what weโd expect from a mobile tactical interception system: for example access to call logs and messages - including those from encrypted apps like WhatsApp
@JoshBreiner
@haaretzcom
These are screen shots of the program and the police planned to present them to the government. They showcase the spyware programโs capabilities
@JoshBreiner
@haaretzcom
The spyware also traces its targets movements and all these different pieces of information are brought together in this simple to use program
@JoshBreiner
@haaretzcom
Sources I spoke to me say the current version of Pegasus does not look EXACTLY like this but is extremely similar in terms of its menus, functions and interface style (though the colors are different now)
@JoshBreiner
@haaretzcom
We always hear about Pegasus in OTHER countries - be it Spain or the UAE - but one thing people forget is that Israel is also a client
@JoshBreiner
@haaretzcom
In first, Israeli citizen found to have been infected by Pegasus twice in the past two years. Unclear why the man, who is active in the protests against Netanyhu, was targeted and by who. Forensics by
@JamfSoftware
@ZecOps
@citizenlab
๐จThis is surveillance capitalism at its finest! The world of "digital arms" has evolved, moving into the realm of ad-based intelligence (AdInt). This is how this next-gen digital weapon leaked into the private cyber arms sector >>
The long story:
@FbdnStories
follows up on the work of journalists that are threatened or killed. They decided to bring together reporters from across the world to investigate the shady disinformation-for-hire industry
Report says Israeli spyware was used in Trinidad and Tobago to spy on lawmakers, journalists and judges.
However, it may not be NSO but a different Israeli spyware โ one recently found on the phone of a Greek journalist >> THREAD
SCOOP with
@DrWhax
- Israel killed Morocco's access to Pegasus - but also failed to okay its deal with QuaDream
- Leaked code reveals their spyware and show it may have abused WhatsApp
- Sources: Firm also developed โterrifyingโ new spyware
Over the course of Zoom meetings, Team Jorge pitched their bundle of services. First, you collect โactive intelligence on your targetsโ - this includes hacking into email and messaging accounts. These can later be leaked.
#TeamJorge
@FredMetzo
@GurMegiddo
After meeting in Paris,
@GurMegiddo
had an idea: We should pose as potential clients & try to get a meeting w these firms. Get them to pitch themselves
@FredMetzo
#teamjorge
No morals, no qualms, no borders: From a small office building , a group of Israelis is spreading global disruption, boasting of election intereference, hacking and manipulation
investigation by
@GurMegiddo
@omerbenj
@FredMetzo
Haaretz/RadioFrance
1/n
Some were playing out in front of our very eyes. We were shown the live Telegram account of a senior Kenyan official, now a serving minister. Jorge showed us how he could send messages from his targetโs phone.
#TeamJorge
@FredMetzo
@GurMegiddo
The project, if anyone was crazy enough to take it on: Postpone an election in an African country without any reason.
And the disinfo industry said: HOLD MY BEER
#TeamJorge
@FredMetzo
@GurMegiddo
Mysterious hacker groups are knocking out critical infrastructure in Iran, leaking secret info about the IRGC, hijacking TV broadcasts and trying to foment uprising against Tehran.
Cyber revenge for October 7 seems to have begun >>
This is one of the most concerning disinformation narratives to emerge this past 12 days.
My last report, based on
@FakeReporter
โs amazing work, explains its origin and how itโs getting help from the far right and conspiracy theorist across the globe
The conspiracy alleging that Israel or someone inside Israel has helped Hamas massacre citizens continues to circulate.
This bogus allegations for example has gained 5.4M Views(!). It is based on a Rabbi that "knows confidential sources" and is utterly nonsense.
After a week of shock, I finally managed to do some reporting: as Hamas commandos were crossing the boarder into Israel, a digital offensive was also launched
Alongside Hamas propaganda bots, disinfo about the war being an โinside jobโ or an โIDF betrayalโ were rampant
CLEARED FOR PUBLICATION:
#ProjectPegasus
reveals massive list of potential targets of Israeli spyware NSO, including Modiโs biggest rival Rahul Gandhi and even (an old number belonging to) Pakistani leader Imran Khan >>
@FbdnStories
@amitaiz
@haaretzcom
What happens in Cyprus does not stay in Cyprus.. Israeli cyber firm attempting to avoid oversight sets up shop in Cyprus, then Athens and now the Greece spy chief & top aide to PM quit after journalist โฆ
@nasoskook
โฉ and head of Greek opposition hacked
Cybersecurity industry sources tell me that the cyber attack on Israeli .gov websites was a big distributed denial of service (
#DDos
) attack and that it *may* be a state op, **maybe** even an Iranian one, but not Ukraine related .
Sources linked us to middlemen, mediators put us in touch with door openers. None seem bothered by the fact we wanted to have a democratic election called of for no reason
#TeamJorge
@FredMetzo
@GurMegiddo
.
@FredMetzo
played a mild-mannered French consultant
I played the neurotic American
@GurMegiddo
the ex-Israeli
More calls were made. After one key introduction, we were told to call Jorge.
You might be wondering: Who are they?
#StoryKillers
reveals the identity of Jorge, whose real name is Tal Hanan, a former Israeli special forces officer who surrounds himself with former Israeli intelligence officers and spin doctors.
He denied "any wrong doing".
Israel is collecting evidence digital & physical for a war crimes case against Hamas
OSINT/SOCMINT firms helped set up "The Library" based on video from Hamas terrorists' GoPro cams, social media accounts & other online sources
@ran_shimoni
@chenmaanit7
Now itโs personal: US slaps personal sanctions on rouge Israeli intel spyware firm and its founder. News shows that though initially concerned with Israeli firms like NSO and Candiru, the WH is now more concerned by unregulated Israelis operating abroad .
How Israeli spy tech, specifically NSO's Pegasus, is used across the world to hunt journalists, activists and even leading politicians from India to Saudi Arabia
THREAD on the
#PegasusProject
#ProjectPegasus
investigation by
@FbdnStories
&
@amnesty
๐ Who's behind Insanet? A group of seasoned cyber entrepreneurs with strong Israeli intelligence ties and young innovators with a dual background in military cyber units and the ad industry >>
๐จ The age of AI-driven disinfo and information warfare is upon us ๐จ
Kremlin-run Doppelganger campaign is back,
@antibot4navalny
& others find: 20k+ of AI-written posts pushed out by 6k+ automatic accounts, alongside fake websites & deep fake video >>
NSO also tried to get into the game and developed a yet-reported product called Truman to try to take the lead in developing an offensive AdInt market. But the twist? They never got to launch it >>
Jorge and his team - aka
#TeamJorge
- we would soon learn have a lot of experience in election interference - and no lack of ideas
@FredMetzo
@GurMegiddo
๐ฅ๏ธTheir product - "Sherlock." This tool exploited ads to infiltrate devices - peak of surveillance capitalism. It has the power to breach Windows, iPhones, AND Androids. A universal hacking tool >>
Sources say the
#BlastDoor
exploit identified by
@citizenlab
was developed by NSO hackers, but the infection chain or at least parts of it are also used by other Israeli spyware firm that will now struggle to continue to provide coverage for clients
โIf NSO could be said to be an actor with problematic ethics, at least everything it did was legal and cleared with the Israeli state. This is something different and much more severe" - my investigation into
#Intellexa
an Israeli owned cyber intel firm
๐ Enter Insanet: Not just a catchy name, but a nod to the insanity of their tech. Founded in 2019, they're the only firm to every legally sell an offensive AdInt technology >>
๐ It's new era of digital warfare and the lines between ads, tech, and espionage blur. As technology continues to advance, the need for well-governed ethical use and strict regulations becomes paramount
Wikipedia is dealing masterfully with the
#coronavirus
infodemic. The crisis has led the community & even the
@Wikimedia
Foundation to acknowledge
@Wikipedia
's role as the publicโs main source of medical & health information today
๐ฐThe price tag for such a vector? An eye-watering 6 million euros for a single infection. If Pegasus is considered the nuclear bomb of digital arms, Sherlock is the warhead >>
As a teen who just moved to Israel and knew no Hebrew, I read him fanatically
As an adult, I had the honor of working with him
Today,
@bradleyburston
writes his last column for
@haaretzcom
His wise words, unique style & boundless optimism will be missed
The Israeli phone-hacking firm Cellebrite claimed it can break into Signal - the worldโs most encrypted app.
Yesterday Signalโs founder
@moxie
got his revenge and revealed he hacked the hackers and found some serious flaw
#THREAD
Bombshell new report today from Haaretz (
@omerbenj
) about the spyware industryโs continued efforts to subvert our collective cyber-security, now by turning already invasive ad networks into spyware infection vectors.
Though there is no case or claim or any wrongdoing or misuse, Tokaโs tech - once the stuff of science fiction or movies - raises important political, legal and ethical questions โThese are unimaginable capabilities. This is a dystopian technology from a human rights perspectiveโ
The head of Greeceโs socialist party was targeted by the
#predator
spyware, made by
#cytrox
, which is owned by
#Intellexa
. Heโs the second EU national targeted by the spyware; the first being journalist โฆ
@nasoskook
โฉ .
A short thread on Pegasus, the Israeli occupation and how we define terror in wake of this AMAZING Guardian scoop about the CIA calling BS on Israel's claim that Palestinian rights orgs are terror groups- a claim based on intel collected by hacking phones
Watching a
#Qanon
supporter on the Senate dais, with no plan, no shirt & a bewildered look on his face, reminded me of what Prof.
@YBenkler
said ahead of the elex: Russian propaganda aims โto create a world where nothing is true and everything is possibleโ
๐ The global implications? Israeli firms developed tech that was meant to counter terrorism, but as they are sold to nations with questionable track records, they are frequently abused and turned on journalists and human rights defenders >>
SCOOP Previously unknown Israeli cyberoffense firm that sold tech to Gulf states - NFV Systems - is under investigation by secretive defense body for skirting arms exports - in a case that may โdamage national securityโ
@avischarf
@JoshBreiner
๐ฅ๏ธ A leaked 2019 Candiru sales document shows how Sherlock was billed alongside their PC spyware. As a vector, it can breach Windows, iPhones, AND Androids. At the time, no one knew Insanet existed & the tool was (mis)attributed to Candiru
Toka is under Israeli ministry of defense oversight - its clients are mostly US and itโs allies in the west, but also includes Israel and likely Singapore Revealed: The Israeli Firm Selling โDystopianโ Hacking Capabilities - National Security & Cyber
INSANE SCOOP by
@hagar_shezaf
,
@yanivkub
&
@avischarf
: During the last Gaza war, the IDF opened fake accounts online as part of an influence operation (aka psychological warfare) aimed at ISRAELI CITIZENS!
According to a company pitch deck obtained by
@Haaretz
@haaretzcom
, Toka offers โpreviously out-of-reach capabilitiesโ that โtransform untapped IoT sensors into intelligence sources,โ and can be used โfor intelligence and operational needs.โ
๐ซInsanet's journey wasn't smooth sailing. Although they could initially legally sell Sherlock, the Israeli Defense Ministry soon reigned in their permit. They did manage to sell Sherlock to one (nondemocratic) country >>
Ultra-Orthodox media are loving our investigation into an Iranian influence op that (also) stole the identity of seven super important rabbis, opened fake accounts and pages under their names and even created deep fake audio sermons in their voice (!)
@FakeReporter
@haaretzcom