A look at one of the most secretive units of the Israeli intelligence community— the Shin Bet’s counter-espionage division, which was responsible for the arrest of former minister Gonen Segev—one of many cases of Tehran’s infiltration attempts. However, it turns out that the Iranians are actually the least of Israel’s problems.
A few months ago, “Ophir,” a senior official with a rich intelligence background turned private cyber security expert, was called back to duty.
The mission: Ophir and a team of experts were asked to examine the security of some of Israel’s main computer systems. A few systems were defined as “strategic,” others of lesser importance. But since less time and energy is spent on protecting these secondary systems, it can make them even more vulnerable to infiltration. The investigation team was put together by one of Israel’s governmental intelligence and information protection agencies.
The idea was to have someone from the outside—a fresh pair of eyes—look at these systems and identify “holes” and problems that may have gone unnoticed by the regular cyber security team.
“The Shin Bet’s counter-espionage unit has never been busier,” Ophir was told.
“We believe Israel is under a multi-frontal attack, a significant threat to our national security. Some of the spying is classic, like it used to be: living agents recruited for personal gain or ideology. We know how to deal with those. But some attacks are being carried out by other means, less visible and clear.”
The immediate suspect in the attack, according to Ophir, was Iran. The international boycott against the Islamic Republic forced Iran to build its own communications and encryption systems. To that end, Iran set up an impressive network of cyber institutions and engineers, and greatly improved its capabilities of stealing technology, hacking into data bases and planting viruses.
For years now that Israel’s intelligence community has been seeing many attacks by Iranian intelligence on Israeli computers. The question is, of course, what it doesn’t see, where the breaches in the walls are, and what roles do Hamas and Hezbollah play.
Ophir’s team went to work and began to examine computer infrastructures and servers of some of the main administration bodies in Israel, a large proportion of which—as previously mentioned—are civilian.
When the results came, says a person familiar with the subject, Ophir was dumbfounded; he could not believe his eyes. “He said there must have been a mistake…that something was wrong with the data, so they went and checked again, and it turned out that everything was correct.” Other experts who examined the report reached similar conclusions.
“I’ve been in cyber defense for many years and I’ve never seen such a thing,” Ophir said during a meeting to present the report’s conclusions. “Many computers are infected, including computers in schools, hospitals, the Ministry of Interior, national infrastructures, and more—all infected with malwares (malicious software), including sub-families of malwares—which are the most sophisticated in their operation and form of infection.”
Researchers were surprised to discover that some of the malicious software was found deep inside central computer systems, not just on personal desktops used by the government as expected. The mainframe systems are much more difficult for hackers to penetrate.
“The person behind this activity turned it into a form of art,” says the source. “This entity has no problem investing tremendous resources and manpower. It’s not someone’s hobby, and it’s not two, three or four units that are responsible for these attacks. It is a country investing whatever it has in these attacks. ”
Ophir’s team estimated that the manpower required for these cyber attacks against Israel is in the hundreds of people. It’s a lot even for a country.
“To write good malware code, you can use Darknet, where you can find 60-70 percent of what you need,” Ophir explained in his report. “But the rest must be tailored to the computer you want to hack. Writing that 30 percent is a tremendous effort, not to mention the need to receive the vast amounts of information gathered in this effort … Whoever did this wanted to know everything about us, to strip us bare.”
At the end of the discussion, another bomb was dropped: according to Ophir’s team, all these malicious programs were not from Iran, or Hezbollah, or Hamas.
Whoever is responsible for what is defined as “the disease that spreads everywhere—to all organs of the Israeli cyberspace” is a completely different, much more powerful player and, according to an Israeli intelligence source, far more dangerous than anything we’ve ever known.
Two months ago, when the arrest of former minister Gonen Segev on suspicion of spying for Iran came to light—an espionage case that preoccupied Israeli intelligence for years and that only few were privy to—it was revealed that one of the most secretive units of the Israeli intelligence community, the Shin Bet’s department for counter-espionage, worked the case.
Shooting in all directions
Segev, who was accused of espionage and assisting the enemy in its war against Israel, is only the tip of the iceberg in the Iranian efforts to establish secret intelligence infrastructure in Israel.
Tehran sees Israel’s intelligence successes against it and other members of the “radical front” (which includes Syria, Hezbollah, Hamas and Islamic Jihad) and tries to produce its own intelligence collection effort against Israeli targets. In the meantime, in this secret war between Tehran and Jerusalem, the Iranians have mainly managed to recruit people whose access to secrets is limited, including—if indeed the allegations against him are true—Gonen Segev.Segev was an Israeli minister in the early 1990s, and was later convicted of attempting to smuggle 32,000 ecstasy pills into Israel, and was sent to five years in prison. After his release, 3.5 years later, he left Israel and moved to Nigeria.
However, the golden rule of intelligence work is “you only know what you know.” Therefore, the working assumption of the counter-espionage unit is that the Iranians may have succeeded in recruiting and operating assets with high access to sensitive Israeli secrets.
The Iranians operate two major intelligence organizations against Israel: the first is the Quds Force, the special unit of the Revolutionary Guards commanded by Qasem Soleimani, which aims to “export” the Islamic revolution to other countries and harm those who try to thwart the Islamic revolution.
The second organization is the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), which bears a resemblance, to a certain degree, to the Mossad. Similar to the Mossad, the MOIS has branches all over the world, and it is this organization that recruited some of the agents operating in Israel.
“The Iranians are shooting in all directions,” says an intelligence source who is familiar with the details of the Segev affair as well as other published and unpublished Iranian attempts to recruit Israeli assets.
In other words, according to the source, the Iranians are recruiting as many assets as they can, high quality targets like Segev, and minor targets, like Palestinian agents who have little to contribute to the Iranian organization.
About a decade ago, an unusual incident took place known in the intelligence community as a “walk-in”—a person who willingly walks into a foreign country’s embassy or intelligence agency, without prior contact or recruitment, and offers his services as a spy—when a man, whose identity is still confidential, walked into the Iranian intelligence office in Istanbul and divulged information about those he claimed were officials in the Israeli defense establishment.
However, it seems that the heads of the Iranian intelligence branch in Istanbul thought correctly that they had nothing to lose and listened to what this man had to say. In the end, the damage the walk-in caused Israel was minimal.
In 2013, the Shin Bet issued a severe warning to Jews visiting relatives in Iran, against the Iranian Intelligence Ministry’s activities at the Islamic Republic’s consulate in Istanbul. The Israeli agency found out that the Iranians used the Persian Jews’ dependence on visas to Iran in order to recruit them as agents.
The damage in this case was also minimal, and the few cases that the Shin Bet exposed did not justify an indictment, so the suspects walked away with just a warning.
Although the information gathered by Iran in these cases was scant, these attempts and others demonstrate the Iranian efforts to infiltrate Israeli intelligence. Most of the effort is focused on gathering ”positive intelligence”—i.e., obtaining information about potential targets, order of battle, location of important individuals, etc. This was the case with Ali Mansouri.
According to the Shin Bet investigation, Mansouri lived in Iran until 1980. He later moved to Turkey and tried his luck as a businessman until 1997, when he was granted a Belgian visa. In 2007, he returned to Iran and resumed his business endeavors. Five years later, he was recruited by the Quds Force as an operative agent against Israel.
Mansouri changed his name to Alex Manes and in 2013 set out with his Belgian passport to Israel on a mission to gather information on embassies and top secret Israeli facilities. He was tasked with establishing a business infrastructure that would serve as a front for Iranian intelligence activities. Therefore, part of his mission was to establish business connections in Israel and take on long-term projects that would warrant a long-term say in Israel.
Mansouri received generous funding, used his windows and roofing business as a front, and tried to establish contacts with Tel Aviv business owners. To help establish his cover story, he even posted a Facebook profile picture of himself with Tel Aviv as a backdrop. When the Shin Bet arrested him in 2013, they found photos of various sensitive sites in Israel, including the American Embassy building.
In January 2018, the Shin Bet uncovered a cell operated by the Quds Force out of South Africa under the command of Muhammad Maharmeh, a computer engineering student from Hebron. Maharmeh, according to a Shin Bet investigation, was recruited by a relative living in South Africa. Among his missions were the recruitment of an Israeli-Arab citizen responsible for photographing Israeli territory and the collection of Israeli money and SIM cards—to be used in future Iranian intelligence operations.
Africa, an area where Iranians feel comfortable to operate in, is also featured in Segev’s story. This time it’s Nigeria. According to one version, it was the Iranian Intelligence Ministry that approached Segev and asked for a meeting under the guise of an official meeting concerning agriculture and water. According to another version, Segev was the one who initiated contact.
A Shin Bet investigation revealed that Segev visited Iran twice, making it difficult for him to argue that these were mere business trips. His defense team is arguing that Segev updated the Israeli intelligence community and even offered his services as a double agent, but Shin Bet officials flatly reject these claims.
What really happened? The court will decide, but what is certain is that Segev did not inflict serious damage upon Israeli intelligence, for he hasn’t been in touch with the circle of decision-makers in two decades.
All of this, of course, does not diminish the severity of his alleged acts—if he is found to have indeed committed them. But these and other cases do point to two important facts: one, the Iranians are indeed trying to infiltrate Israeli intelligence. And two, according only to the cases that have seen the light of day, Iran’s success in these endeavors has not been great.
The bigger threat: Russia and China
“Today, the Shin Bet is facing more significant challenges,” says a former division commander. These challenges are called China and Russia. In recent years, these world powers countries have been trying to attack Israel in a variety of ways, in a manner similar to those carried out against other Western countries.
The Russian hacking into the servers of the US Democratic Party and the publication of US data stolen by WikiLeaks are regarded as some of the events that paved the way for Donald Trump’s victory, and it is now at the center of an FBI investigation led by special investigator Robert Mueller, which is dealing with alleged ties between the Trump campaign and Russian intelligence in the time leading up to the 2016 presidential elections.
Russia to deploy military police on Golan Heights
Denis Pinchuk
MOSCOW (Reuters) – Russia will deploy its military police on the Golan Heights frontier between Syria and Israel, its defense ministry said on Thursday, after weeks of mounting volatility in the area.
Chief of the Main Operational Directorate of the General Staff of the Russian Armed Forces Lieutenant General Sergei Rudskoi speaks during a news briefing, with a map showing the territory of Israel, Jordan, Lebanon and Syria seen in the background, in Moscow, Russia August 2, 2018. Alexander Zemlianichenko/Pool via REUTERS
Syrian President Bashar al-Assad’s sweeping away of rebels in southwestern Syria has worried Israel, which believes it could allow his Iranian backers to entrench their troops close to the frontier.
Underlining the tensions, Israel killed seven militants in an overnight air strike on the Syrian-held part of the Golan Heights, Israeli radio said on Thursday.
Sergei Rudskoi, a senior Russian defense ministry official, said that Russian military police had on Thursday begun patrolling in the Golan Heights and planned to set up eight observation posts in the area.
He said the Russian presence there was in support of United Nations peacekeepers on the Golan Heights who, he said, had suspended their activities in the area in 2012 because their safety was endangered.
“Today, UN peacekeepers accompanied by Russian military police conducted their first patrols in six years in the separation zone,” Rudskoi told a briefing for journalists in Moscow.
“With the aim of preventing possible provocations against UN posts along the ‘Bravo’ line, the deployment is planned of eight observation posts of Russia’s armed forces’ military police,” Rudskoi said.
He said the Russian presence there was temporary, and that the observation posts would be handed over to Syrian government forces once the situation stabilized.
The deployment of the Russian military police highlights the degree to which the Kremlin has become an influential actor in Middle East conflicts since its military intervention in Syria which turned the tide of the war in Assad’s favor.
Israel has been lobbying the Kremlin to use its influence with Assad, and with Tehran, to try to get the Iranian military presence in Syria scaled back.
Israel sees Iran, and Iran’s allies in the Hezbollah Shi’ite military, as a direct threat to its national security.
That message was conveyed by Israeli Prime Minister Benjamin Netanyahu to Russian President Vladimir Putin when they met in Moscow last month, a senior Israeli official said.
Iranian forces have withdrawn their heavy weapons in Syria to a distance of 85 km (53 miles) from the Israeli-occupied Golan Heights, TASS quoted a Russian envoy as saying on Wednesday, but Israel deemed the pullback inadequate.
Writing by Tom Balmforth; Editing by Christian Lowe, Richard Balmforth
Mr. Bergman has given us an insight into the cyper- and human- intelligence world we all seem to be integrated into: I’m a link to you, you’re a link to a software consulting firm, the firm is a link to Israeli defense industry, etc. More revealingly, it isn’t even defense industry that is a target of espionage work — a work which is involved not just with collecting and analyzing data, but with leading social movements, directing terrorists and influencing elections.
All of this should make one realize that though we are individuals, with our own individual pea-brains, we are interconnected through various media networks, including ordinary speech, into one giant mind, one giant computer, one giant ant hill, beehive or fungus network.
Where is Israel in this network? Consider this: Everything we know and are, is influenced by two sources: (1) the world around us and (2) our individual and collective memories. Since much of the information we get from the world around us ultimately also comes from our collective memories, the latter is the primary source of who we “are”. In this, mind builds upon mind, generation upon generation, going back in time through the web of history.
Now, consider this map
http://www.worldhistorymaps.info/images/East-Hem_1000bc.jpg
This is one of Thomas Lessinger’s fine collection of historical maps. The focus is on 1000 BCE., the time of the “Golden Age” of Israel. Israel is, of course, centrally located on the map, next to 21st Dynasty Egypt, and highly civilized kingdoms in Aram, Assyria, Babylon, Urartu, Saba and among the Neo-Hittites of Syria and Turkey. The Phoenicians are also shown, the great seafaring peoples known in the Bible as “Tyre and Sidon”.
The rest of the world, is of a far lower state of civilization: mainly the Vedic Civilization of India, and the Wu and Zhou Dynasty of China. Even the Greeks were in something of a “Dark Age”.
I point this out, because the civilizations shown on the map, which center on Israel, are the root of the complex web of ideas we know today as “civilization” — which one might fairly call “Western” Civilization, seeing that the Muslims, Chinese Communists and formerly British Indians, etc. have largely drawn on Western ideas to shape the societies they now have.
There is a great deal of information in the world today; but the information resident in the Jewish people is ROOTED in the most ancient civilization on earth, and includes the accumulated knowledge of most of surviving history. In this sense, using a “computer” analogy, Israel is in or near the CPU; using a “brain” analogy, it is in the brain stem, the individual’s center of life.
Ultimately, this is the explanation of why Israel is such a focus of international espionage. Is it because Mossad is so skilled and widespread? In part, yes; but why is that? It’s because Mossad has at its disposal, a people loyal to it, who are embedded in every corner of the world. And why is this? Because of Jewish history.