What CISOs Can Learn About Insider Threats From Iran’s Human Espionage Tactics

In recent months, there has been an upsurge in espionage revelations regarding Iran and its interest in collecting information against regional adversaries as well as Iranian expatriates whose views diverge from those of the current regime. It is important for CISOs to understand the human side of Iranian offensive efforts to gather information of interest.

Iran recruits eyes in Israel

In mid-January, Israel’s Shin Bet (Internal Security Service) revealed that four Israeli women had been arrested for spying, after they were successfully recruited by Iranian intelligence services via Facebook. The women, all of Iranian descent, were contacted by an individual who identified himself as Rambod Namdar, who claimed to be a Jewish man living in Iran. The modus operandi is one that has been seen many times before: making contact through a social network, then serially connecting the contact to a seemingly more secure means of communication, in this case, WhatsApp.

The Shin Bet revealed that this specific operation resulted in the women being paid thousands of dollars over a period of five years.

According to the BBC, one of the women was identified as a 40-year-old woman who lived in the suburbs of Tel Aviv and was responsible for taking photos of the US embassy, ​​interior ministry social affairs and other buildings. . Another was identified as a 57-year-old woman from Beit Shemesh who obtained information and documents from her son, whom she had encouraged to serve in Israeli military intelligence. A third set up a honey trap setup in her home, with a surreptitious video, where she gave “personal massages” to clients in the Iranian community in Israel where she would get information. His efforts included targeting an Israeli member of parliament.

Iran targets military and energy

Along with the above in 2019, a former Israeli cabinet minister (energy and infrastructure), Gonen Segev, was sentenced to 11 years in prison for spying on behalf of Iran. Segev apparently volunteered with the Iranians while in Nigeria in 2012, then made two clandestine trips to Iran where he was trained in a secret communications system that allowed him to communicate with intelligence services. Iranians securely.

Similarly, in late November 2021, Omri Goren Gorochovsky, Israeli Defense Minister Benny Gantz’s personal housekeeper, was arrested for collaborating with Iran to compromise the minister’s electronic devices. Gantz, who had unrestricted access to devices in the minister’s residence, sent photos of home, office, computer, cellphone, tablet, router, IP addresses, etc. The Shin Bet noted that Gorochovsky was “not exposed to classified documents”. Upon examination, it was learned that Gorochovsky was a known criminal, a fact that was not picked up by the background check.

Does Iran sow sources?

Then we have the ongoing case in Sweden of two brothers of Iranian origin who have been arrested. One of the brothers, Peyman Kia, is accused of aggravated espionage, according to the Swedish security service (SÄPO). Kia was an officer in SÄPO, the Special Intelligence Collection Office (KSI) and the Swedish Military Intelligence and Security Service (MUST). Pia became a naturalized Swedish citizen in 1994. His Persian linguistic ability and knowledge of the Middle East made him a valuable and sought-after resource for the Swedish intelligence community.

Insider Threat Takeaways for CISOs

These are the takeaways that come to the fore for CISOs, as one can easily extrapolate government espionage experiments to the commercial world where an unscrupulous insider or competitor would use similar techniques.

  1. The use of social networks to identify, evaluate, develop and then recruit sources of information is a permanent threat. The use of professional networks like LinkedIn where individuals show off their professionalism and current work plans to the world is just one example. The use of Facebook as was the case with the four arrested Israelis serves to emphasize that all espionage is personal. The Iranian officer who took care of the four Israelis took advantage of the virtual personal relationship to achieve his operational goals.
  2. Background checks are important and non-negotiable. Gorochovsky was a known criminal with a criminal record that included a prison term. His access to the minister’s home provided the active criminal mind with plenty of opportunities to figure out how best to monetize his access. Even if it was to give an individual another chance, that chance should have included close and continuous checking. Gorochovsky, the insider, took advantage of this access and chose Iran as the route by which he could get a payday.
  3. Even trusted insiders break trust. Did Iran sow a source in the Swedish secret service? While details on this ongoing case continue to be shared piecemeal, a timeline on when Kia began collaborating with Iranian intelligence services has not been shared. Thus, it is possible that from the outset, the emigration of Kia and his brother to Sweden was part of a long-term plot to gain access to Swedish government entities on behalf of Iran.

Copyright © 2022 IDG Communications, Inc.

Comments are closed.