Desinfo Black Ops
- The unit “Team Jorge” was exposed by undercover operations
- Group sells hacking services and access to massive army of fake social media profiles
- Evidence unit behind disinformation campaigns around the world
- Mastermind Tal Hanan claims to have been covertly involved in 33 presidential elections
Wednesday 15 February 2023 at 04:00 GMT
A team of Israeli contractors who claim to have rigged more than 30 elections around the world through hacking, sabotage and automated disinformation on social media have been uncovered in a new investigation.
The unit is headed by Tal Hanan, a 50-year-old former Israeli special forces agent who now works privately under the alias “Jorge” and has apparently worked under the radar in elections in various countries for more than two decades.
He is exposed by an international consortium of journalists. Hanan and his unit, codenamed “Team Jorge,” were exposed through undercover footage and documents leaked to the Guardian.
Hanan did not respond to detailed questions about Team Jorge’s activities and methods, but said, “I deny any wrongdoing.”
“Team Jorge” Debunked: The Secret Disinformation Team Distorting Reality – video
The investigation uncovers extraordinary details about how disinformation is being weaponized by Team Jorge, who run a private service offering to covertly meddle in elections. The group also works for corporate clients.
Hanan told Undercover reporters that his services, which others refer to as “black ops,” are available to intelligence agencies, political campaigns, and private companies looking to covertly manipulate public opinion. He said they have been deployed across Africa, South and Central America, the US and Europe.
“Aims”: The rental software that can control 30,000 fake online profiles
One of Team Jorge’s key services is a sophisticated software package, Advanced Impact Media Solutions or Aims. It controls huge army of thousands of fake social media profiles on Twitter, LinkedIn, Facebook, Telegram, Gmail, Instagram and YouTube. Some avatars even have Amazon accounts with credit cards, bitcoin wallets, and Airbnb accounts.
The consortium of journalists that investigated Team Jorge includes reporters from 30 media outlets, including Le Monde, Der Spiegel and El País. The project, part of a broader investigation into the disinformation industry, was coordinated by Forbidden Stories, a French non-profit organization tasked with tracking the work of reporters who have been murdered, threatened or imprisoned.
quick start Guide
About this investigative series
The Guardian and Observer have teamed up with an international consortium of reporters to investigate global disinformation. Our project, Disinfo Black Ops, exposes how false information is deliberately spread by powerful states and private agents who sell their covert services to political campaigns, corporations and wealthy individuals. It also shows how inconvenient truths can be erased from the internet by those rich enough to pay. The investigation is part of Story Killers, a collaboration led by Forbidden Stories, a French non-profit organization whose mission is to track the work of reporters who have been murdered, threatened or imprisoned.
The eight-month investigation was inspired by the work of Gauri Lankesh, a 55-year-old journalist who was shot dead outside her home in Bengaluru in 2017. Hours before her assassination, Lankesh had put the finishing touches to an article titled In the Age of Fake News, which examined how so-called lie factories were spreading disinformation online in India. In the last line of the article published after her death, Lankesh wrote: “I want to salute everyone exposing fake news. I wish there were more of them.”
The Storykillers consortium includes more than 100 journalists from 30 media outlets, including Haaretz, Le Monde, Radio France, Der Spiegel, Paper Trail Media, Die Zeit, TheMarker and the OCCRP. Read more about this project.
Show Hide
The undercover footage was filmed by three reporters who approached Team Jorge as potential clients.
In more than six hours of secretly recorded meetings, Hanan and his team discussed how they could gather information about rivals, including using hacking techniques to access Gmail and Telegram accounts. They boasted about placing material on reputable news outlets, which is then amplified by Aims bot management software.
Much of their strategy appeared to focus on disrupting or sabotaging competing campaigns: the team even claimed to have shipped a sex toy delivered through Amazon to a politician’s home to give his wife the false impression he was having an affair .
The methods and techniques described by Team Jorge pose new challenges for major tech platforms that have been struggling for years to stop nefarious actors from spreading falsehoods or breaching security on their platforms. Evidence of a global private market for disinformation targeting elections will also raise alarms among democracies around the world.
Tal Hanan and his colleagues met reporters at an office in Modi’in, about 20 miles outside of Tel Aviv. Photo: Haaretz/TheMarker/Radio France
Team Jorge’s revelations could embarrass Israel, which has come under increasing diplomatic pressure in recent years over its export of cyberweapons that undermine democracy and human rights.
Hanan appears to have conducted at least some of his disinformation operations through an Israeli company, Demoman International, which is registered on an Israel Defense Ministry website promoting arms exports. The Israeli Defense Ministry did not respond to requests for comment.
The undercover recordings
Given their experience in subterfuge, it’s perhaps surprising that Hanan and his colleagues allowed themselves to be exposed by undercover reporters. Journalists using traditional methods struggle to shed light on the disinformation industry struggling to avoid detection.
The secretly filmed meetings, which took place between July and December 2022, therefore offer a rare glimpse into the mechanics of rent disinformation.
Three journalists – from Radio France, Haaretz and TheMarker – approached Team Jorge, pretending to be consultants working on behalf of a politically unstable African country that wanted help delaying an election.
The encounters with Hanan and his colleagues took place via video calls and a face-to-face meeting at Team Jorge’s base, an unmarked office in an industrial area in Modi’in, 20 miles outside of Tel Aviv.
Hanan described his team as “government agency graduates” with expertise in finance, social media and campaigning, and “psychological warfare,” operating out of six offices around the world. Four of Hanan’s colleagues attended the meetings, including his brother Zohar Hanan, who has been described as the group’s chief executive.
In his first pitch to the prospects, Hanan claimed, “We’re now involved in an election in Africa… We have a team in Greece and a team in Greece [the] Emirates… you follow the tracks. [We have completed] 33 presidential-level campaigns, 27 of which were successful.” He later said he was involved in two “major projects” in the US, but claimed he was not directly involved in US politics.
It hasn’t been possible to verify all of Team Jorge’s claims in the undercover meetings, and Hanan may have embellished them to strike a lucrative deal with potential clients. For example, Hanan appears to have inflated his fees when discussing the cost of his services.
Team Jorge told reporters that they would accept payments in a variety of currencies, including cryptocurrencies like bitcoin or cash. He said he would ask between 6 and 15 million euros for interference in elections.
quick start Guide
The undercover recordings
What is this for undercover recordings?
Disinformation activists work under the radar. Three journalists went undercover to find out more about “Team Jorge,” an Israel-based entity that sells social media hacking and manipulation services. Posing as consultants, they were working on behalf of a client in a politically unstable African country who wanted to delay an upcoming election. The reporters secretly filmed several meetings with the group’s leader, Tal Hanan, who uses the alias “Jorge”, and his associates between July 2022 and December 2022.
Who is in the recordings?
The footage shows Hanan as well as his brother Zohar Hanan and other members of Team Jorge. Reporters’ faces blurred. The meetings took place via video calls, during which Hanan and his colleagues gave slideshow demonstrations of their services, and in person at Team Jorge’s office in an industrial area 20 miles outside of Tel Aviv.
Who did the secret filming?
It was secretly filmed by three reporters from media outlets working in a consortium investigating disinformation: Gur Megiddo (TheMarker), Frédéric Métézeau (Radio France) and Omer Benjakob (Haaretz). The video was then shared with more than 25 other consortium media outlets, including the Guardian and Observer. While the Guardian and Observer were not involved in the undercover filming, they are releasing the material on the strong public interest justification for it.
What is Team Jorge’s answer?
Tal Hanan did not provide a detailed response to questions from the Guardian. He said: “To be clear, I deny any wrongdoing.”
Show Hide
However, emails leaked to the Guardian show Hanan citing more modest charges. One says that in 2015 he asked the now-defunct British consultancy Cambridge Analytica for $160,000 to take part in an eight-week campaign in a Latin American country.
In 2017, Hanan applied again for Cambridge Analytica, this time in Kenya, but was turned down by the consultancy, which said that “$400,000 to $600,000 a month and significantly more for crisis response” was more than his clients were paying .
There is no evidence that any of these campaigns were carried out. However, other leaked documents reveal that when Team Jorge worked covertly on the Nigerian presidential campaign in 2015, it did so alongside Cambridge Analytica.
Alexander Nix, the managing director of Cambridge Analytica, declined to comment on the details, but added: “Your alleged understanding is disputed.”
Team Jorge also sent Nix’s policy consultancy a video showing an early iteration of the social media disinformation software they now market as Aims. Hanan said in an email that the tool, which allowed users to create up to 5,000 bots to deliver “mass messages” and “propaganda,” was used in 17 elections.
“It’s our own semi-automated avatar creation and network delivery system,” he said, adding that it can be used in any language and is sold as a service, although the software can be purchased “if the price is right.”
According to what Hanan told Undercover reporters, Team Jorge’s bot management software appears to have grown significantly by 2022. He said it controls a multinational army of more than 30,000 avatars, complete with digital backstories going back years.
According to Hanan, Aims allows users to create thousands of fake social media accounts. Photo: Haaretz/TheMarker/Radio France
Hanan demonstrated the Aims interface, scrolled through dozens of avatars, and showed how to create fake profiles on the fly by using tabs to select nationality and gender, then matching profile pictures to names.
“It’s Spanish, Russian, you see Asians, Muslims. Let’s find a candidate together,” he told Undercover reporters before settling on an image of a white woman. “Sophia Wilde, I like the name. British. She already has email, date of birth, everything.”
Hanan was shy when asked where the photos for his avatars came from. However, the Guardian and its partners have uncovered several instances of images being harvested from real people’s social media accounts. The photo of “Sophia Wilde”, for example, appears to have been stolen from a Russian social media account owned by a woman living in Leeds.
The Guardian and its reporting partners tracked bot activity associated with Aims across the web. It was behind fake social media campaigns mostly involving trade disputes in about 20 countries including UK, US, Canada, Germany, Switzerland, Mexico, Senegal, India and UAE.
This week, Facebook owner Meta shut down Aims-linked bots on its platform after reporters told the company a sample of the fake accounts. On Tuesday, a meta spokesman linked the Aims bots to others linked in 2019 to another, now defunct, Israeli company that was banned from the platform.
“This latest activity is an attempt by some of the same people to come back and we removed it for violating our policy,” the spokesperson said. “The group’s recent activity appears to have focused on launching fake petitions on the internet or spreading made-up stories in mainstream media.”
In addition to Aims, Hanan told reporters about his “blogger machine” — an automated system for creating websites that Aims-controlled social media profiles could then use to spread fake news across the internet. “What do you do after you establish credibility? Then you can manipulate,” he said.
“I will show you how secure Telegram is”
No less alarming were Hanan’s demonstrations of his team’s hacking skills, showing reporters how he could break into Telegram and Gmail accounts. In one instance, he brought to the screen the Gmail account of a man described as “an important man’s assistant” in Kenya’s general election, just days away.
“Today, if someone has Gmail, it means they have a lot more than just email,” Hanan said while clicking through the target person’s emails, draft folders, contacts, and drives. He then showed how he claimed to be able to access accounts on Telegram, an encrypted messaging app.
Valley of Hanan. Photo: Source: Haaretz/TheMarker/Radio France
One of the Telegram accounts he allegedly penetrated belonged to an individual in Indonesia, while the other two appeared to belong to Kenyans involved in the ongoing general election and were close to then-candidate William Ruto, who eventually won the presidency.
“I know Telegram is safe in some countries. I’ll show you how safe it is,” he said, before showing a screen of what appears to be him scrolling through the Telegram contacts of a Kenyan strategist who was working for Ruto at the time.
Hanan then demonstrated how access to Telegram could be manipulated to sow mischief.
Hanan typed the words “Hello, how are you dear” and appeared to send a message from the Kenyan strategist’s account to one of her contacts. “I’m not just watching,” Hanan boasted, before explaining how manipulating the messaging app to send messages could be used to wreak havoc on a rival’s campaign.
“One of the greatest things is putting sticks between the right people, you know,” he said. “And I can text him what I think of his wife, or what I think of his last speech, or I can tell him I promised him I’d be my next chief of staff, okay?”
Hanan then showed how – after reading the message – he could “erase” it to cover his tracks. But when Hanan repeated this trick and hacked into the Telegram account of Ruto’s second close advisor, he made a mistake.
After sending a harmless Telegram message consisting only of the number “11” to one of the hacked victim’s contacts, he was unable to properly delete it.
Hanan sent a telegram message consisting only of the number 11 to one of the hacker victim’s contacts. Photo: Haaretz/TheMarker/Radio France
A reporter from the consortium was later able to locate the recipient of this message and was given permission to check the person’s phone. The “11” message was still visible on her Telegram account, providing proof that Team Jorge’s infiltration of the account was genuine.
Hanan suggested to the undercover reporters that some of his hacking methods exploit vulnerabilities in the SS7 global signaling telecommunications system, which experts have considered a vulnerability in the telecommunications network for decades.
Google, which operates the Gmail service, declined to comment. Telegram said “the problem of SS7 vulnerabilities” is widely known and “not unique to Telegram”. They added, “Accounts on a hugely popular social media network or messaging app can be vulnerable to hacking or identity theft unless users follow security recommendations and take the right precautions to protect their accounts.”
Hanan did not respond to detailed requests for comment, claiming that he previously required “approval” from an unspecified agency. However, he added: “To be clear, I deny any wrongdoing.”
Zohar Hanan, his brother and business partner, added: “I’ve worked by the law my whole life!”
{{#Ticker}}
{{top left}}
{{bottom left}}
{{top right}}
{{bottom right}}
{{#goalExceededMarkerPercentage}}{{/goalExceededMarkerPercentage}}{{/ticker}}
{{Headline}}
{{#paragraphs}}
{{.}}
{{/paragraphs}}{{highlightedText}}
{{#choiceCards}}{{/choiceCards}}We will contact you to remind you to contribute. Look for a message in your inbox in . If you have any questions about the post, please contact us.