Tal Hanan is 50 years old, goes under the pseudonym of Jorge and has a long career as a technology expert, as well as having been a special forces operative in the Israeli army and being linked to the controversial British consultancy Cambridge Analytica. With all this experience behind them, Hanan and his companies have been working for intelligence services for years, providing disinformation to governments, candidates and companies. Part of the nature of these disinformation businesses has now been revealed thanks to an investigation by several media around the world: El País, The Washington Post, The Guardian, Le Monde, Der Spiegel and Haaretz. Among the information that these journalists have uncovered is that Hanan is credited with the cyberattack that the Catalan government suffered when it went ahead with its first unofficial consultation on independence in 2014, a vote that the Spanish government did not want to take place.
Not only did he acknowledge the authorship of this computer attack during the so-called Consulta of 9-N - on 9th November - but he even boasted of it as a success story that illustrated the good service he was able to provide. According to the journalistic investigation, Hanan exhibited the case study of his cyber-campaign against the Generalitat of Catalonia, the largest that this institution has ever registered, in his meetings with potential clients. The attack took place intermittently over three days against Catalan government websites such as participa2014.cat and the medical emergency service. In addition, the major pro-independence organizations, Catalan National Assembly (ANC) and Òmnium Cultural, also reported attacks.
Last July 25th, Hanan was recorded expounding on his success in Catalonia in front of potential clients at his offices on the outskirts of Tel-Aviv. In the tape he is seen claiming that he has the ability to "kill the internet in a European country during an historic referendum".
Propagating 'fake news'
In the same recording, Hanan brags about having successfully spread fake news. For example, he is credited with having leaked documents about the never-verified links between the Catalan independence movement and the Islamic State. That's part of his job, as he presents himself to potential clients as a disinformation specialist who has been involved in "33 presidential campaigns over two decades". Of the thirty he mentions that 27 were successful.
Hanan once again saw the clients as CEO of security and defence firm DemoMan International Ltd, a company listed in the Israeli defence ministry's directory, registration that is required to allow such companies to export. Investigators tried to contact the Israeli government to discuss this company, but have not heard back. Internal documents of the company mention that it has a presence in Washington, Tel-Aviv and Barcelona.
The 2014 alert: a professional job
In 2014, with support for the Catalan independence movement peaking, president Artur Más had responded to the massive calls for an independence referendum by announcing a poll on November 9th. Due to the opposition of the Spanish state, it was eventually held as an unofficial consultation, but Spain's will for the vote to be halted continued. It was in this context that the Catalan government websites suffered a cyberattack. The Catalan cybersecurity agency, at that time known as Cesicat, described the attack as a "professional" job commissioned to a third party operator. They noted that although the attack was not sophisticated, it was very effective. Specifically, the Denial of Service (DDoS) technique was used, which consists of flooding the server with requests addressed to a website until the demand makes it fail. In the case of the 9-N, this technique was used to try to overthrow the consultation infrastructure.
Cesicat estimated that the number of requests made to Generalitat websites with the DDoS technique reached a level 60,000 times higher than on a normal day. The attack was so powerful that affected other government infrastructures, such as the medical emergency service, which had to postpone some surgical operations. The authorship behind this attack was not known at the time, as those who had perpetrated it hid behind computers in the United States, China and Russia, to safeguard their anonymity.
This Wednesday, Jordi Escalé, director of Catalonia's Centre for Telecommunications and Information Technology (CTTI) at the time, stated in an interview with radio station RAC1 that the attack did not focus only on the consultation, but on the entire structure: "In fact, if I remember correctly, the website of the participatory process did not fall, but the health systems, justice and security areas did," he explained. Escalé was not surprised by the investigation of these media and pointed out: "It is obvious that this is not carried out by two kids in a garage, but is an industry, they are organized companies and you yourself can contract their services and every time this is much more complex and organized."
Training for the Spanish authorities?
Hanan has given courses to Spain's security and police forces, according to sources close to the intelligence services consulted by El País. However, the Spanish interior ministry states in that same newspaper that none of its departments have hired the Israeli entrepreneur or the company. Catalonia's Mossos d'Esquadra and the Basque Ertzaintza police also deny ever having used any of their services. On its workforce, the Israeli company has a former member of the Spanish state's security forces. Specifically, he is a former soldier with a past as an ETA explosives defuser who has also participated in operations in Afghanistan, according to the company's website itself.