As revealed by the Shin Bet and reported in Israeli media on January 12th, an Iranian intelligence officer used a profile on Facebook “Rambod Namdar” to pose as an Iranian Jew to cultivate relationships with Israelis and leverage these relationships to gain access to sensitive information. According to the Shin Bet, 5 Israelis befriended Namdar, fell for his trap and shared potentially sensitive information. Here we discuss some of what can be learned based on open-source data. Due to privacy concerns and the sensitivity of the case (there is even a gag order in place), we have chosen not to disclose all that we discovered.

As part of his cover, Namdar befriended over 100 Israelis on Facebook, mostly of Persian descent. He also joined Israeli Facebook groups and took part in initiatives to promote Israeli-Iranian dialogue. These activities stretch back 8 years, as evidenced by comments left on some of his posts from April 2014. His public posts cultivating his image as either an Iranian Jew or an Iranian looking to promote Israeli-Iran relations date back to March 2014. To develop this image, he also shared pro-Israel posts from Israeli pages, and joined Facebook groups, with an emphasis on groups geared towards Persian culture in Israel. Additionally, he shared posts critical of the Iranian regime and the Islamic Revolutionary Guard Corps (IRGC).

Looking at the Israelis who were interacting with his profile, we see that most of them are middle-aged women of Iranian descent, with an emphasis on those in the Tel Aviv, Ashdod, and Holon. According to the media, he targeted married women who were drawn to the young, charismatic man. Politically, many of those interacting with him are supporters of Benjamin Netanyahu. Additionally, he was able to get “niche-influencers” to interact with his posts, boosting credibility amongst his target audience. After building up a relationship with his targets on Facebook, he convinced them to continue their conversations on WhatsApp, and even convinced his targets to meet up with him in Istanbul. Eventually, he requested them to send him pictures of sensitive sites. He even requested from one of his targets to establish a club for Persian Jews and send him information about those who joined — ostensibly to find more targets. This could have been an attempt to establish a cell in Israel, representing the most advanced and complicated HUMINT missions, where the assets do not even know who the controlling intelligence officer is. After each successful “activity,” Namdar paid his targets, further drawing them into his spider web.

Per the Shin Bet’s press release, no critical information was leaked to the Iranian handler, but looking at the profiles which interacted with him, things could have turned out differently. He managed to grab the attention of a police officer, as well as a municipal employee. Such individuals certainly have access to information which could be harmful to Israel’s security.

The operation put together by Iranian intelligence has some impressive qualities. Namdar has been active on Facebook and trying to gain the attention of Persian Israelis for at least 8 years. To maintain an active operation for that long requires substantial investments of time and infrastructure. Additionally, the personal photos used in the profile appear to be legitimate and not doctored. Even so, it could be that someone’s identity was stolen. The ability to convince his targets to engage in passive d covert activity such as sending photos of sensitive sites is admirable. The ability to convince one of his targets to establish a club for Persian Jews is no small feat either, and it is worth noting that the opening of the club had quite a respectable turnout.

One thing is clear — Iran had a target population in mind and was able to choose a medium to reach them. Once contact with the target population was established, they looked for individuals with the potential to obtain information deemed important. They slowly built up the relationship with these individuals, playing on cultural themes. They were able to escalate the relationships and take them off-platform, and even into the real world. A relationship which started out on Facebook moved to WhatsApp, and then evolved to planned face-to-face meetings and the establishment of organizations in Israel.

All the information discussed here is available to anyone with an internet connection, Facebook account, and a thirst for knowledge. When you know how and where to look, information deemed “sensitive” or “classified” is frequently available for all to see. The pictures, comments, likes, and posts are just the surface — but they provide an important starting point when carrying out a (counter)intelligence investigation.