There has been a significant rise in the number of Iranian attempts to strike at Israel through cyberattacks in the last year, both via direct attacks on infrastructure and websites and by online recruitment of spies and agents of influence. The announcement on Monday by the Shin Bet security service revealed an incident that came out in Israel’s favor – a thwarted Iranian attempt to use the internet to recruit Israeli citizens for terror attacks and espionage.
Just four months earlier a similar attempt was also foiled with the arrest of a group of immigrants from Iran who had been recruited and received instructions over the internet from Tehran.
What the two incidents have in common is that they caused no harm to Israel’s national security, even if those arrested in the immigrant ring had made far more progress toward causing serious damage. Both incidents also reveal a similar modus operandi by Iranian intelligence: Its operatives deploy a very wide net in the hope that someone useful will eventually fall into it. A bit like the Nigerian sting artists we so often encounter on the internet, Iran is engaged in a kind of state-sponsored “phishing” to identify and operate naive targets as agents: Offers are sent to huge numbers of Israelis, and someone will be tempted to reply. Initially, the target isn’t aware that he or she will be acting against the state in the service of an enemy intelligence agency.
In this last case, the Iranians created an online profile (one time a woman, the previous time a man), and promised that in exchange for payment in cryptocurrency, the targeted Israelis were asked to gather intelligence and even undertake violent acts. If four months ago, the Shin Bet entered the picture only after the agents had been recruited, this time it intervened much earlier. The Iranians didn’t know that their fake profile was communicating with a profile no less fictive, behind which stood the Shin Bet.
Still, it seems that Iranian intelligence has identified a major point of weakness on our side: The Israeli internet is very democratic, and Israelis are happy to chat with almost anybody online. A lot of Israelis quickly realize who their interlocutor is and cut off contact the minute they get a concrete proposal to do something harmful. But the Iranians count on the few who continue to stay in touch either out of stupidity or greed. The continuing dialogue opens the door to manipulation and maybe eventually to their being activated.
That is what happened in the case of the immigrants (most of them female) who were arrested in the previous incident. Most of them were given small tasks, but on the internet everything happens very fast. You don’t even need a face-to-face meeting.
In the current case, according to the Shin Bet, the targets had already been asked to gather intelligence and then to harm various Israeli figures. We can assume that this won’t be the last attempt of this kind and that the Iranians won’t limit themselves to recruiting ordinary citizens but also people who can be of greater direct use to them.
- Bizarre Iranian Spy Ring in Israel Proves Tehran Has Trouble Recruiting Agents
- The Dramatic Moment When Israel Almost Struck Iran
- Disclosing Mossad Op in Iran, Israel Kills Two Birds With One Stone
Most of the blows exchanged by each side happen under the media radar. Nevertheless, only last week the international media reported that Israel had foiled an Iranian plan to assassinate an Israeli diplomat and American general in Europe, that there had been an air raid on an Iranian weapons convoy, and a rocket attack by a pro-Iranian Shi’ite militia on the city of Erbil in Iraqi Kurdistan, where Tehran has claimed in the past that Israel operates an intelligence base. All of this is happening in parallel with cyber warfare.
Given the alarming scale of the cyberwar phenomenon, the defense establishment may have to launch an information campaign warning Israelis of intelligence traps, as is sometimes done with online financial scams.