When you think of a bot, what do you think of? Many times on social medias you can see an account with no photos posting links to an explicit site, or offering free money to the first 5 replies they get. Pretty easy to see that they’re a bot, right? Now what if those bots had real pictures, posts about everything ranging from popular music to a chocolate bar, accounts across several platforms, an account history dating back several years and best of yet, real opinions.
All of these features, which make these bots seem like a real person, are key features of a massive bot network ran by a group named Team Jorge, an Israeli based group headed by a man named Tal Hanan (who operates under the pseudonym Jorge). The bots are used to fuel mass disinformation/propaganda campaigns. Though they operate covertly, their operations were exposed through an investigation involving 30 different journalistic outlets. Across 6 months, 3 journalists from Haaretz, the Marker, and Radio France posed as consultants for a politically unstable nation in Africa, that was seeking to delay its election. The three journalists recorded their meetings with Hanan.
What does ‘Team Jorge’ do..?
Team Jorge’s primary tool is a software called Advanced Impact Media Solutions, or AIMS. Now what AIMS does is operates a network of over 30,000 bots, that are just as I had previously described (some of which come equipped with SMS verified phone numbers and credit cards), in order to use them in disinformation campaigns, as a hireable service. They have primarily seen use in commercial disputes, however perhaps scariest of all is the 33 presidential-level elections they have been deployed in, or so Hanan claimed.
“We are now involved in one election in Africa … We have a team in Greece and a team in the Emirates … You follow the leads. We have completed 33 presidential-level campaigns, 27 of which were successful.”
Though it is mostly unclear which nations elections the team has been involved in, they did claim to be involved in Nigeria’s 2015 election.
But their activities go far beyond just bots. Words can only go so far, what else do they need? Credibility. So that’s just what Team Jorge gives them. It’s not always the case for each operation, but the group has gone and created websites that support the positions they are asked to take. Once these “sources” have been created, the bots begin to spread them to support their positions.
The group has even gone so far as to stage small protests. On Regent Street in London, outside of a corporate HQ, three masked protestors filmed themselves staging a protest. The footage was then circulated by the AIMS bots online.
Unfortunately, the groups abilities do not stop there. In his initial pitch to the journalists, he proceeded to demonstrate the groups hacking abilities.
“Today if someone has a Gmail, it means they have much more than just email.”
A quote from Hanan as he brought up the Gmail account for a Kenyan man said to be the « assistant of an important guy ». Google’s email services allow it to be, as he said, much more than just email. Hanan clicked through the mans drive, folders, document drafts, his contacts, and of course, his emails.
“I know in some countries they believe Telegram is safe. I will show you how safe it is.”
Hanan proceeded to display to the journalists their ability to hack into peoples telegram accounts. He hacked into three accounts, two belonging to Kenyan officials who are close to at the time Presidential Candidate William Ruto, and the third was an Indonesian man. He went on to send messages from the peoples various accounts, saying that he can delete them once they have been read to “cover his tracks”.
One message he sent, simply the number 11 from one of the Kenyans accounts, he failed to properly delete. One of the reporters involved in the entire project was able to track down the recipient of the message, and the 11 was still visible on their end, proving the hacking to be true.
Hanan’s demonstration of being able to hack the Gmails and telegrams of various Kenyans involved in the election took place only days before their election took place. William Ruto won the election.
He further explained that he is able to do these hackings through weaknesses in the global signaling telecoms system SS7. When asked for comment, google did not respond, and telegram said that the weaknesses in the SS7 system are known and not unique to telegram.
Hanan also claimed to have ordered a sex toy through one of the bots amazon accounts to the house of a politician, attempting to convince the mans wife he was having an affair. It is unknown who the politician was, if Hanan’s claim was genuine.
Where does ‘Team Jorge’ operate..?
Team Jorge has been found to operate in around 20 countries throughout the world, including but not limited to: the US, Canada, the UK, Switzerland, Germany, India, France, Nigeria, Greece, Mexico, and much more. Hanan had said that, though the team is involved in two “major projects” in the US, they are not tied directly to politics, further adding no elections in the US have been affected by his team. One of the known operations in the US that had taken place in the past was concerning nuclear power in California, and in Canada was over a #MeToo controversy. In the UK the Information Commissioner’s Office, the ICO, in October of 2020 ruled that the government should reveal which companies it awarded multi-million dollar contracts to supply PPE, which were in a VIP lane for politically connected companies. Two days after the ruling, AIMS bots began voicing their opinion, calling the ruling “politically motivated”, among other things.
A look at one of the bots
A large amount of the bots known were shown to Meta, who removed them from their platforms. However, Twitter has not done this and so we are able to take a look at just what one of these bots looks like.
https://twitter.com/canaelan?s=21&t=2FAYWvqO3idL7kBReKzZow
This is a link to the twitter profile for one such AIMS bot. Though this account has since been restricted, it is still up and so we can see how advanced the AIMS bots truly are. His profile picture is stolen from a Dutch Freelance Journalist Tom Van Rooijen.
Looking through the account you can see it voices various political opinions about ongoing events in the world. Scroll down a little further, and you can see the account retweeting posts about coffee, Kit Kats, and writing it’s own replies to posts about Ireland.
This is not a real person. But looking at them cracking a joke about the Irish weather, what reason would anyone unsuspecting have to believe otherwise..?
What now..?
Tal Hanan was asked for comment once his groups activities were exposed, but said he could not comment in detail until he sought permission from an untold authority. Given he is the head of his organization, it is unclear who exactly this authority could be. He did, however, state “To be clear, I deny any wrongdoing.”
Israel has been coming under fire for awhile to clamp down on it’s cyber-espionage industry, which grows ever larger. Though Hanan’s group is not tied directly to Israel’s government, it did conduct several operations through Demoman International, a company registered on Israel’s Defence Ministry website as a defence exporter.
When reached out to, Israel’s MoD declined to comment on the matter.
