a day ago
Iran using social media to recruit spies ‘at scale'
Social media platforms are being widely used by intelligence services across the Middle East to recruit spies, counter-intelligence specialists have said.
The platforms, which unlike traditional media are not generally liable for the content they publish, are being exploited by the Islamic Revolutionary Guard Corps (IRGC) to ensnare vulnerable Israelis like 'sardines', said a former Israeli spy chief.
Iranian authorities in turn allege that Israeli intelligence services are using Persian-language social media platforms to recruit and gather intelligence from Iranian citizens.
'The b------s have infiltrated everywhere,' an Iranian official told The Telegraph this week.
Israeli police and Shin Bet internal security agents arrested three Israelis suspected of spying on Iran's behalf last week – the latest in a string of espionage incidents linked to the Islamic Republic over the past two years.
The three had no known connection to one another and are said, like dozens of others, to have been recruited via social media.
One of the suspects, Dmitri Cohen, a 28-year-old from Haifa, gathered intelligence on the future daughter-in-law of Benjamin Netanyahu, local media reported last Monday.
The wedding of Avner Netanyahu, the Israeli prime minister's son, and Amit Yardeni, his partner, was supposed to have taken place two weeks ago but was postponed following the outbreak of open conflict with Iran.
Talking to The Telegraph on Friday, Oded Ailam, a former head of the counter-terrorism division of the Mossad, Israel's foreign intelligence agency, said Iran had adopted a 'new concept' in spy recruitment, which targeted tens of thousands of Israelis via social media.
Historically, spymasters of the 'Le Carré mould' would spend months, sometimes years, identifying potential recruits. However, social media platforms have allowed Iran to turn recruitment into a 'numbers game,' said Mr Ailam, who spent 24 years in the Mossad and is now a researcher at the Jerusalem Centre for Security and Foreign Affairs.
'Their concept, their basic concept, is big numbers,' he said. 'They say, 'OK, we are going to approach 10,000 different targets, in Israel or abroad'. Out of the 10,000 targets, maybe 30 per cent will respond to the initial approach, and from that maybe 10 per cent will be willing to move forward, and 2 to 5 per cent will say 'yes'.'
He added: 'It's big numbers; statistics rather than pinpoint. In that sense, you are not a fisherman. You are a hunter … they're not going after sharks. They're going after sardines.'
Mr Ailam, who learnt his trade-craft in the old school, warned that the dragnet concept was 'primitive' but a real threat.
It was 'cheap and cost-effective' and the Iranians did not worry about failure because they were not concerned about diplomatic blowback, he said.
Targets were normally Jewish immigrants to Israel from lower socio-economic groups who did not have an 'ideological affiliation to Israel' and needed money, he added.
Mr Ailam warned that, once ensnared in conversation on social media, the 'ladder was quick' and the chances of being caught 'enormous' because of the digital trail that social media leaves.
'It's instant, it's fast food … the assets are dispensable. The Iranians don't care if [the] asset is caught. They don't even care if he double crossed them … it's just numbers,' he said.
There was an element of grooming, he said, adding: 'They start with soft assignments, just to see, to feel the guy, to see whether he's willing to cross online. It usually starts with graffiti, against Netanyahu or against whatever. Then it starts with small sabotage of puncturing [tyres] and stuff like this.
'They go from the soft one to the harder one, and then it goes to actually providing intelligence on Israeli bases, Israeli strategic places, and even the assassination of Israelis.'
Mr Ailam said he had no doubt that those recruited know what they are getting into but that clever defence lawyers were muddying the water at trials and court sentences were too lenient at seven years on average, reduced by 30 per cent for good behaviour.
'We face an existential crisis … [but] the court is looking on those poor, miserable people who are standing in front of them with their head down and saying, 'I'm sorry. I didn't know' … they buy this bulls---,' he said.
But at least Israel has due process and a transparent legal system. In Iran, the security forces arrested more than 700 people accused of various forms of collaboration with Israeli intelligence services during the recent 12-day conflict alone, and executed at least six people that they alleged were spies.
Three men – Idris Aali, Azad Shojaei and Rasoul Ahmad Rasoul – were executed at dawn at Urmia prison on charges of 'corruption on Earth through cooperation with hostile foreign states in favour of Israel', according to state media.
Iranian officials also reported the execution of Mohammad Amin Mahdavi Shaysteh, described as 'the leader of a cyber network linked to Mossad,' last Monday.
An Iranian official told The Telegraph: 'There's a lot of concern, which is why they had cut off the internet. Many of those who had been working with the enemy were still connected like that [through social media].
'No one even thought they would become as reckless as to come and target everyone in their homes, but in the past day, they've arrested some people from within the IRGC itself. The b------s have infiltrated everywhere.'
According to Iranian security officials, Israeli intelligence services are using Persian-language social media platforms to recruit spies and gather intelligence from Iranian citizens.
Iranian authorities say Israel's military Unit 8200, known for its cyber warfare capabilities, has intensified operations across Persian-language social media channels and messaging apps since the war between the two countries began.
The unit creates fake accounts to pose as ordinary Iranians while seeking to collect sensitive information about military installations and government activities, according to Iranian media.
'These individuals establish fake accounts and present themselves as ordinary people while seeking to gather information,' an Iranian security official told the state-run Mehr news agency.
The sophistication of Israel's social media espionage extends beyond simple intelligence gathering, they added.
Iranian officials describe a methodical approach where Israeli operatives spend months or even years building authentic-looking online personas before activating them for intelligence purposes.
'Some of these fake accounts have been established for a long time and have undergone what we call identity building,' one security official said. 'They have had normal activity on Persian-language social networks for months to create a track record of activity so they can be recognised and trusted as ordinary citizens.'
This patient approach allows Israeli intelligence to embed deeply within Iranian social media circles, gaining access to information that might be shared casually among trusted community members, it is claimed.
The accounts often share cultural content, participate in discussions about daily life, and slowly build networks of followers who view them as legitimate Iranian citizens.
Iranian authorities say they have documented cases where the operatives engage in seemingly normal conversations about local events, gradually steering discussions toward topics of intelligence value such as military movements, government facilities, or economic conditions.
Beyond creating fake personas, Iranian officials say Mossad operatives hack accounts to directly message individual Iranian users on social networks, particularly Telegram.
Iranian security services have warned citizens to 'never open links received from unknown accounts' and to immediately block any accounts that send unsolicited messages or links.
Threatening text messages
Iran's response has been swift and severe. Citizens reported receiving threatening text messages from the judiciary on the first day of a US-brokered ceasefire, warning they could face prosecution for 'following or joining pages affiliated with Israel'.
The authorities have warned about espionage risks from Meta applications, including WhatsApp and Facebook, urging citizens to be aware that 'the results of information gathering by the Zionist regime could lead to assassination, bombing, or new crimes against Iran.'
Others suspect the Iranian crackdown has more to do with stifling internal descent than genuine fears over spying. Legal experts have criticised the threats to Iranian citizens as having 'no judicial or legal value' and designed primarily to 'create fear and terror and suppression' among the population.
During the peak of the recent Israeli strikes, only 3 per cent of Iranians had access to the global internet, as some opposition groups outside Iran were calling for people to 'rise against the regime.'
Iran has repeatedly cut internet access during major protests, using digital blackouts to hide the scale of violence against demonstrators and prevent documentation of human rights violations. The pattern emerged during fuel price protests in November 2019, when Iranian authorities implemented a near-total internet shutdown that lasted for days.
During that blackout, security forces killed at least 304 protesters, according to Amnesty International, though the real death toll is believed to be much higher – some rights groups say the number is 1,500.
The government used the same tactic during the 2022 Woman, Life, Freedom protests that erupted after 22-year-old Mahsa Amini died while being held in custody by the morality police.
In a post on its Persian-language X account on Thursday, the Mossad offered medical assistance to ordinary Iranian citizens hurt in the recent conflict, encouraging them to reach out via WhatsApp, Telegram, or Signal for assistance.
'At this moment, the regime is focused on its senior percentages, not on caring for its citizens,' read the message. 'We stand with you and have formed a team of specialized doctors, including experts in cardiology, diabetes, pulmonary diseases, infectious diseases, oncology, as well as support for pregnant women and psychological support.
'All doctors speak Persian, and you can communicate with them in Persian or English. However, we suggest that you reach out to us via VPN [an online technology that masks the user's location]'.
