Iran hackers ‘phished’ researcher by posing as Israel’s ex-intel chief — report

Member of think tank sent email from private address ostensibly connected to former IDF intelligence head Amos Yadlin, is then sent an unpublished report and asked to give analysis

Amos Yadlin speaks at an IsraPresse event for the French-speaking community at the Menachem Begin Heritage Center, Jerusalem, February 22, 2015. (Hadas Parush/Flash90)
Amos Yadlin speaks at an IsraPresse event for the French-speaking community at the Menachem Begin Heritage Center, Jerusalem, February 22, 2015. (Hadas Parush/Flash90)

Iranian hackers impersonated the former head of Israeli military intelligence and his assistant to fish for analysis from a researcher at a think tank, Channel 13 news reported on Friday.

According to the report, an email was sent on November 1, ostensibly from a Gmail account belonging to Deborah Oppenheimer, Director of External Relations and secretary to Amos Yadlin, head of the Institute for National Security Studies (INSS), to the Alma Research and Education Center.

Lt. Col. (Ret.) Sarit Zehavi, founder of the Alma Center, said the email informed them that Yadlin wished to speak with one of their researchers.

“We didn’t know what it was about, but when someone of this magnitude approaches us, we answer straight away, and send them the phone number,” Zehavi said.

Lt. Col. (Ret.) Sarit Zehavi, founder of the Alma Center speaks with Channel 13 news in report broadcast November 20, 2020 (Screen grab)

The next day, the researcher received a string of WhatsApp messages from an account that appeared to be Yadlin’s, using a profile picture of the former head of the Israel Defense Forces Military Intelligence Unit.

“Before we talk, I want you to read this document and to hear your opinion,” one message read, including a link to a report authored by four researchers at INSS which had not yet been published. The report, on the situation in Lebanon, could only have been obtained through theft, Channel 13 said.

The researcher wrote a detailed response to the report on Lebanon and sent it to the phone number. Subsequently, suspicions were raised and a cybersecurity investigation determined that the exchange had been with Iranian hackers.

“This is a great way to understand what the community of military-academic researchers thinks about all kinds of developments in the Middle East,” said Ram Levy, founder of Konfidas cybersecurity research company. “That way they can get their opinion, what they don’t really write in the academic papers, in an informal way.”

The email sent, reportedly by Iranian hackers, ostensibly on behalf of Amos Yadlin (Screen grab/Channel 13 news)

Cyber researcher Ohad Zeidenberg said there were “almost weekly” attacks on Israeli investigators, and charged that the culprits were an intelligence body funded by the Iranian government.

“There are a lot of methods to psychologically bait,” Zeidenberg said, “to make them believe that it really is the same person from the Institute for National Security Studies or another research institute. Sometimes these are people you know personally, but they impersonate them, they speak Hebrew. Many times we have seen them hack into emails and learn the method of correspondence. That is, they actually copy an email that already existed in the box, and use it as a basis for writing another email.”

The INSS said in a statement that “this is an attempt at impersonation using a fictitious private e-mail and not the organizational e-mail at the institute. The Institute for National Security Studies is a significant factor in the strategic research field and is prepared for such attempts.”

Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)

The report came amid an increase in tensions between Israel and Iran, a week after the New York Times reported Israeli operatives gunned down al-Qaeda’s second-in-command on a Tehran street in August at the behest of the United States.

Prior to that, a major cyberattack in May at Iran’s Bandar Abbas port was blamed on Israel, which has long accused Iran of using the port for military purposes to aid terrorists elsewhere in the Middle East, including Hamas and Hezbollah, with the IDF intercepting some of the shipments.

The May attack attributed to Israel was apparently in response to an alleged Iranian attempt to hack into Israel’s water infrastructure system. According to a New York Times report in May, the port was specifically chosen as a non-central target with the goal of sending a message more than to inflict actual damage.

Israel’s security firms and agencies have reportedly been preparing for a potential Iranian or Iran-linked cyberattack in response to the attack on the port.

There was a series of mysterious blasts at Iranian strategic sites over the summer which were largely attributed to either Washington or Jerusalem, or both.

On Monday, the New York Times reported US President Donald Trump convened top advisers to ask if he had options to strike Iranian nuclear sites during his last weeks in office, but was dissuaded with warnings it could lead to a wider conflict.

Trump convened top officials a day after the UN nuclear watchdog said Iran had stockpiled more than 12 times more enriched uranium than the 2015 nuclear deal allows, the Times reported, citing four current and former US officials.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed