Estonian intel officer comes out as Russian spy in TV interview

Uno PuuseppBy JOSEPH FITSANAKIS | intelNews.org
Estonian authorities have charged a retired officer in the country’s internal intelligence service with espionage, after he revealed in a television interview that he spied for Russia for nearly 20 years. Uno Puusepp retired from the Internal Security Service of Estonia, known as KaPo, in 2011. He first joined the Soviet KGB as a wiretapping expert in the 1970s, when Estonia was part of the USSR. Following the dissolution of the USSR, when Estonia became an independent nation, he was hired by KaPo and worked there until his retirement, three years ago, at which time he moved permanently to Russian capital Moscow. Last Sunday, however, Puusepp was the main speaker in a documentary entitled Our Man in Tallinn, aired on Russian television channel NTV. In the documentary, Puusepp revealed that he was a double spy for the Russian Federal Security Service (FSB), which is KGB’s successor, from 1996 until his retirement. He told the network that he was one of several former KGB operatives who had gone on to work for independent Estonia’s intelligence agencies, but that he had quickly decided that his true allegiance was to Russia. He eventually supplied Moscow with information on the activities of Western intelligence agencies in Estonia, including those of the American CIA, Britain’s MI6 and Germany’s BND. One commentator said in the documentary that “for 15 years, practically everything that landed on the desk of the Estonian security service’s director also landed on the desk of the FSB” thanks to Puusepp. The retired double spy said that one of his successes was letting the FSB know about a planned CIA operation that involved setting up a signals intelligence station in a disused bunker in the northern Estonian town of Aegviidu. The station was aimed at collecting communications from Russian diplomats and intelligence officers, but the Russian side terminated those networks once it got word of the CIA’s plans. Puusepp’s FSB recruiter and handler, Nikolai Yermakov, also spoke in the documentary, saying that the Estonian double spy was not motivated by financial profit, but rather by grievances against what he called “the Estonian establishment”. It is unclear why the Russian authorities permitted Puusepp to speak publicly at this particular time.

About these ads

After China, Russia may ban some Apple products, fearing espionage

Russian State DumaBy JOSEPH FITSANAKIS | intelNews.org
Parliamentarians in Russia are preparing a bill that would prevent lawmakers from using several Apple products, including iPhones and iPads, due to fears that they are susceptible to penetration by foreign intelligence agencies. A group of lawmakers in the State Duma, the lower house of the Federal Assembly of Russia, have drafted the bill, which argues that State Duma deputies with access to confidential or classified government information should be banned from using iPhones and iPads, among other Apple products. One deputy, Dmitry Gorovtsov, from the center-left Just Russia party, said parliamentarians should simply “switch to simple mobile phones”, preferably produced by Russian manufacturers, and should use them “only for phone calls”. Last month, the Russian Ministry of Defense stepped in to deny media reports that it was about to ban Apple products. The denial came in response to a leading article in mass circulation daily Izvestia, which cited an unnamed Defense Ministry employee as saying that the Russian armed forces were about to ban the use of iPhones by all servicemen. The article claimed the move was designed to stop “information leaks”. But a Russian Ministry of Defense spokesman, Major General Igor Konashenkov, told a press conference that the Russian armed forces had no plans to ban “the mobile devices of a certain manufacturer”. The news from Russia comes a just months after authorities in China announced the removal of some Apple products from a government procurement list, reportedly because of fears that they were susceptible to electronic espionage by the United States. As intelNews reported at the time, nearly a dozen Apple products were removed from the Chinese government list; they included the iPad and iPad Mini, as well as MacBook Air and MacBook Pro products —though interestingly the inventory of removed items did not include Apple smartphone products. The Russian State Duma initiative to ban some Apple products has already been approved by a security-related committee and has now been forwarded to the Duma Council. The latter will consider the bill for approval, before sending it to a plenary session on the floor of the Duma for discussion. The process is expected to take up to two weeks.

Russia expels Polish, German diplomats in ongoing spy row

Polish embassy in MoscowBy JOSEPH FITSANAKIS | intelNews.org
The Russian government has formally expelled several Polish and German diplomats in what appears to be a tit-for-tat move, following the removal of Russian envoys from Warsaw and Berlin on charges of espionage. The Polish government expelled a number of Russian diplomats last week, after it announced the arrest of two Polish citizens in Warsaw, on charges of spying for a foreign intelligence agency. Polish media reported that a colonel in the Polish Army had been arrested by security personnel for operating as an unregistered agent of an unnamed foreign country. Subsequent media reports said a second man, a lawyer with dual Polish-Russian citizenship, had also been arrested. According to unconfirmed Polish media reports, the two men had been recruited by the GRU, Russia’s military intelligence agency. Last Friday, Polish media reports said that four Polish diplomats stationed in Moscow had been given 48 hours to leave the country. One report suggested that the diplomats included an employee of the political section of the Polish embassy in the Russian capital, as well as three military attachés. The four had reportedly left the country by Sunday night. Authorities in Moscow said they had been forced to take the step of expelling the Polish diplomats following Warsaw’s “unfriendly and unfounded step” of ordering a number of Russian envoys to leave Poland. The four Poles were officially declared “unwanted persons” in Russia for “activities incompatible with their [diplomatic] status”, which is considered code-language for espionage. Also on Monday, the Russian Ministry of Foreign Affairs ordered the expulsion from Moscow of a German diplomat, just hours after a Russian diplomat was asked to leave the German city of Bonn by German authorities. Diplomatic sources said the German diplomat, a female employee at the German embassy in Moscow, was expelled in direct response to the earlier removal of the Russian diplomat, who was exposed as a spy following an extensive surveillance operation that lasted several months. German authorities refused to comment on the case. In Poland, Minister of Foreign Affairs Grzegorz Schetyna said simply that Warsaw “now considered the matter closed”.

News you may have missed #885

Shin BetBy IAN ALLEN | intelNews.org
►►Americans’ cellphones targeted in secret US spy program. The US Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. The US Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.
►►Israel’s usually secretive spy agencies get into public spat. Israel’s domestic intelligence agency, known as the Shin Bet, has been trading barbs with the military over whether faulty army intelligence left Israel unprepared for war with the militant group Hamas in the Gaza Strip. The spat went high-profile this week when Israel’s Channel 2 aired a report featuring Shin Bet officials –-rendered in pixilated, shadowed form-– claiming the military had brushed aside the agency’s assessment, months before fighting erupted in July, that an armed conflict with Hamas was in the making.
►►Poland mulls military intelligence brigade close to Belarus border. Polish Armed Forces will make emphasis on the unfolding of reconnaissance troops and will set up a separate brigade and military command in the north-east of the country, National Defense Minister Tomasz Siemoniak said on Thursday. The region he visited is located along the border with Belarus and close to the border with Russia’s westernmost Kaliningrad region, an exclave on the south-east shore of the Baltic Sea.

Lithuania charges state employee with spying for Belarus, Russia

Belarus and LithuaniaBy IAN ALLEN | intelNews.org
Prosecutors in Lithuania have charged an employee of a state-owned airline navigation services provider with spying for neighboring Belarus, though it is presumed the compromised information may have also been shared with Russia. Lithuanian government prosecutor Darius Raulusaitis told reporters at a news conference on Monday that the man charged was a Lithuanian national living and working in capital Vilnius. He has been identified only with his initials, which are R.L. The alleged spy is being accused of collecting information relating to Lithuania’s military strength with the intention of sharing it with unregistered agents of Belarus. He has also been charged with passing information on what the Lithuanian prosecutor described as “strategically important companies” in the Baltic republic. His alleged targets are said to include Oro Navigacija, Lithuania’s state-owned aviation company, for which he worked. Court documents accuse R.L. of surreptitiously photographing documents in his office at Oro Navigacija’s headquarters, and then transferring them to facilities belonging to the General Staff of the Armed Forces of Belarus. Raulusaitis told reporters that R.L. had been charged with “spying against the Lithuanian Republic on orders of intelligence services of the Belarus Republic”. He added, however, that Lithuania’s State Security Department (VSD) considered it likely that “any information obtained by the Belarus secret service” had been “shared with the Russian [intelligence] services”. At a separate news conference, VSD Director Gediminas Grina said that passing classified information to Belarus “is the same to us as spying for Russia”. Belarus is arguably Russia’s closest European ally; many international observers consider Belarus a supranational part of the post-Soviet Russian Federation. Regular intelNews readers will recall that in 2012 Belarus arrested a military attaché at the Lithuanian embassy in Belorussian capital Minsk, after accusing him of running an espionage ring allegedly incorporating an undisclosed number of Belorussian nationals. Lithuanian authorities said earlier this week that R.L. is one of two Lithuanian citizens arrested in 2013 following a three-year investigation by the VSD. The second suspect, who has not been named, is reportedly under “pre-trial investigation”, which is expected to take “weeks or months’ to complete. The announcement of the charges against R.L. marks the first time Lithuanian authorities have leveled charges of espionage against an individual since 2004, when the former Soviet republic joined the European Union. If found guilty, R.L. faces up to 15 years in jail.

British spy agencies launch recruitment drive for Russian speakers

MI5 HQ Thames HouseBy JOSEPH FITSANAKIS | intelNews.org
Amid mounting tensions between Russia and the West, British spy agencies have announced an ambitious recruitment campaign aimed at hiring a new generation of Russian-language specialists. The Security Service, known as MI5, which is responsible for domestic security and counterintelligence, posted an advertisement on its website this week, alerting potential applicants that the job search for Russian-language speakers will officially launch “in mid-November 2014”. The recruitment campaign, which is described on the spy agency’s website as “an exciting opportunity to match your language skills to a position in MI5”, appears to be jointly administered with the General Communications Headquarters (GCHQ), Britain’s signals intelligence agency, which is tasked with intercepting foreign communications. The move takes place in a wider context of deteriorating relations between Moscow and Western Europe, notably in response to Russia’s ongoing invasion of southeastern Ukraine and annexation of Crimea. Some suggest that there has also been a low-intensity intelligence war taking place between London and Moscow ever since the assassination in the British capital of former KGB officer Alexander Litvinenko. In late 2012, an officer of the Royal Navy was captured during a counterintelligence sting operation while trying to sell top-secret British government documents to people he believed were Russian intelligence operatives. A few months later, the British government let it be known of its increasing annoyance by persistent allegations made in the Russian media that Denis Keefe, the UK’s deputy ambassador to Moscow, was “an undercover spy, with his diplomatic position serving as a smokescreen”. In March of 2013, Oleg Gordievsky, the Soviet KGB’s former station chief in London, who defected to the UK in the 1980s, alleged in an interview that Russia operates as many spies in Britain today as it did during the Cold War. His comments were echoed earlier this year by the former director of MI5, Jonathan Evans, who said that there had been no change in the number of undeclared Russian intelligence officers operating in Britain since the end of the Cold War. Evans said that up to 50 undeclared Russian military and civilian spies were believed to be operating in Britain at any given moment. In June of this year, intelNews reported that the crisis in Crimea had caused the British military to hurriedly reach out to hundreds of retired Russian-language analysts who left the service at the end of the Cold War, most of whom are now in their 60s.

Czechs say number of Russian spies in Prague “extremely high”

PragueBy JOSEPH FITSANAKIS | intelNews.org
The number of active Russian intelligence operatives in the Czech Republic increased notably in the past year, according to an official report by the country’s counterintelligence service. In its annual report released on Monday, the Czech Security Information Service (BIS) said the number of Russian intelligence personnel stationed in the central European country had risen dramatically since the start of the crisis in Ukraine. The crisis, which brought Russian troops in Ukraine and resulted in the annexation of Crimea by Russia, has prompted the most serious crisis in the West’s relations with Russia since the end of the Cold War. The BIS report did not reveal the precise number of alleged Russian intelligence personnel on Czech soil, but it noted that the majority of them posed as diplomats in Russia’s embassy in Czech capital Prague. It stated that “when it comes to Russia’s diplomatic mission, in 2013 the number of intelligence officers working undercover as diplomats was extremely high”. It added that significant numbers of Russian intelligence operatives were in the Czech Republic in a non-official-cover (NOC) capacity, meaning there were not officially connected with the Russian embassy there and had no diplomatic immunity. These officers “travel to the Czech Republic as individuals, posing as tourists, experts, academics and entrepreneurs”, said the report, “or settled down in the country through purchasing property”. Nearly 50,000 Russian citizens live in the Czech Republic as long-term legal residents. Relations between Moscow and Prague have been frosty in the post-communist era, and have deteriorated significantly following the Czech Republic’s entry into the North Atlantic Treaty Organization (NATO). In the summer of 2010, three Czech generals, including the head of the president’s military office and the country’s representative to NATO, resigned following revelations that one of their senior staffers had a romantic relationship with a Russian spy. Read more of this post

More information emerges on Poles who ‘spied for Russia’

Zbigniew J.By JOSEPH FITSANAKIS | intelNews.org
More information has emerged on two Polish citizens who were arrested earlier this month in Warsaw on charges of spying for a foreign intelligence agency. Polish media reported last week that a colonel in the Polish Army had been arrested by security personnel for operating as an unregistered agent of a foreign country. Subsequent media reports said a second man, a lawyer with dual Polish-Russian citizenship, had also been arrested. According to Polish media reports, the two men had been recruited by the GRU, Russia’s military intelligence agency. The organization is believed to have over a dozen officers stationed at the Russian embassy in the Polish capital, posing as diplomats, as well as an unknown number of non-official-cover operatives, who are not officially connected to the Russian diplomatic mission. One of the two arrestees has been identified simply as Zbigniew J., and is said to be a lieutenant colonel serving in Poland’s Ministry of National Defense. Polish newsmagazine Wprost said last weekend that Z.J. worked in the Ministry’s “enlightenment and morale” department, a post that required him to visit military units around the country as part of a team of experts. He would then impart the information gained from his travels to his GRU handler, an officer serving under diplomatic cover in Russia’s Warsaw embassy, during biweekly meetings. Wprost said Z.J. would receive small amounts for cash in exchange for his services, which are believed to have amounted to approximately $30,000 over the course of several years. The newsmagazine suggested that Z.J.’s motivations were primarily financial and were related to unspecified “personal troubles”. The second alleged spy arrested last week has been named as Stanisław Szypowski. He is a lawyer-turned-political-lobbyist who worked for Stopczyk & Mikulski, a prestigious law firm involved in a government-funded project to build facilities able to import liquefied natural gas into Poland. Read more of this post

Sweden closes Stockholm airspace in search for mystery submarine

Swedish search operationBy JOSEPH FITSANAKIS | intelNews.org
Swedish authorities shut down airspace above Stockholm on Monday, as they continued searching for a mystery foreign vessel that was sighted repeatedly off the coast of the Swedish capital last week. Swedish newspaper Svenska Dagbladet reported on Saturday that the search began last Thursday, after Swedish intelligence detected a number of Russian-language emergency radio signals, which were sent from the vicinity of the port of Stockholm to Kaliningrad, a Russian exclave located on the Baltic Sea between Poland and Lithuania. On Sunday, the Swedish Ministry of Defense confirmed the search for the vessel, though it refused to speculate on the national origin of its crew and refrained from calling it a submarine. But a grainy surveillance photograph issued by the Ministry appears to show a submarine of considerable size —said to be Russian— peeking out of the waters of the Baltic Sea, at a location believed to be 30 nautical miles from Stockholm. One English-language Swedish newspaper quoted Johan Wiktorin, a fellow at the Swedish Royal Academy of War Sciences, who suggested three possible reasons for foreign submarine activity in Sweden’s territorial waters near Stockholm. Wiktorin speculated that the vessel could be “mapping the waters” around the Swedish capital, or it could be installing underwater surveillance equipment aimed at collecting a variety of maritime intelligence in the area. Alternatively, the mystery vessel could be testing Sweden’s maritime defense systems, said Wiktorin. On Monday, however, intense speculation appeared in local media about a fourth potential reason for the mystery submarine activity in Swedish territorial waters. A photograph emerged showing a man dressed in black frogman gear on the Swedish island of Korso. The image was purportedly taken by a local man at around the time when the submarine was sighted in the area. Read more of this post

Poles who ‘spied for Russia’ worked on strategic natural gas project

Polish Ministry of National DefenseBy JOSEPH FITSANAKIS | intelNews.org
At least one of the two men arrested in Poland last week for spying for a “foreign entity” was working on a project of strategic significance, aimed at reducing Poland’s dependency on Russian natural gas. Polish media reported last Wednesday that a colonel in the Polish Army had been arrested by security personnel for acting as an unregistered agent of a foreign country. Subsequent media reports said a second man, a lawyer with dual Polish-Russian citizenship, had also been arrested. Later in the day, an official statement from the office of the Senior Military Prosecutor said simply that Poland’s Ministry of National Defense had “detained a Polish Army officer on suspicion of being a member of a foreign intelligence service”. But there was no mention of the country for which the detained men allegedly spied for. This past Saturday, Reuters revealed that the two men were suspected of spying for Russia. The news agency cited Marek Biernacki, a Polish parliamentarian, who is also a member of the Polish Parliament’s Committee on Intelligence and had allegedly been briefed by Polish intelligence officials about last week’s arrests. Biernacki told journalists that the actions relating to the two detainees had been “taken in respect of two agents of the Russian state”. In accordance with Polish law, the public prosecutor named the civilian detainee as Stanislaw Sz., using only his first name and the first two letters of his last name. Reuters said the man had been employed at the well-connected law firm of Stopczyk & Mikulski, whose website listed him until recently as an employee. Stanislaw Sz. was allegedly involved in a project to construct a coastal terminal in Swinoujscie, located on Poland’s Baltic Sea coast, for importing liquefied natural gas. The import terminal, which is scheduled to become operational in 2015, will allow Poland to import gas from the Persian Gulf. That will in turn reduce the country’s heavy dependence on imported Russian natural gas at a time when Warsaw’s relations with Moscow continue to deteriorate. Reuters said that the precise nature and timing of Stanislaw Sz.’s involvement with the Swinoujscie terminal is unclear, but it characterized the project as being of strategic importance for both Poland and Russia. Read more of this post

Senior Polish defense official detained for ‘spying for Russia’

Polish Ministry of National DefenseBy JOSEPH FITSANAKIS | intelNews.org
A high-ranking official in Poland’s Ministry of National Defense has reportedly been arrested on suspicion of spying for Russia. Poland’s Dziennik Gazeta Prawna said early on Wednesday that a man had been detained by Polish security personnel because it was thought he had been acting as an unregistered agent of a foreign country. Another source, Poland’s commercial news Radio Zet, reported that two men had been arrested, a colonel in the Polish Army and a lawyer with dual Polish-Russian citizenship. Later in the day, an official statement from the office of the Senior Military Prosecutor said simply that Poland’s “Ministry of National Defense detained a Polish Army officer on suspicion of being a member of a foreign intelligence service”. But it made no mention of the country for which the detained officer allegedly spied for. A spokesman for the Defense Ministry, Lieut. Col. Janusz Wojcik, said he could not disclose any details at the moment, adding only that the arrests were based on evidence complied by the counterintelligence service of the Polish Army. Another Polish official, Lieut. Col. Paul Durka, said the arrests had been coordinated by Poland’s Military Police and the Polish Army’s Internal Security Agency (ABW). But Polish media alleged that the defense official was apprehended for spying for Russia and suggested that his arrest was carried out in dramatic fashion by ABW forces inside the headquarters of the Ministry of National Defense, centrally located on Polish capital Warsaw’s Independence Avenue. This claim, which was later confirmed by ABW spokesman Lieut. Col. Maciej Karczyński, likely signifies that the spy suspect was captured in the act of espionage, following an extensive surveillance operation. Relations between Poland and Russia have been tense since the end of the Cold War, with several intelligence-related incidents making news headlines. In early 2010, the Polish government announced the arrest of a Russian resident of Warsaw, who was accused of working as a non-official-cover operative for Russia’s Main Intelligence Directory (GRU). Later that year, Polish media claimed that Stefan Zielonka, a senior SIGINT officer with Poland’s Military Intelligence Services (SWW), who disappeared without trace in early May of 2009, had defected to Russia. Read more of this post

Secret Russian spy base in Syria seized by Western-backed rebels

Screenshot from FSA videoBy JOSEPH FITSANAKIS | intelNews.org
Rebel forces aligned to Syria’s Western-backed opposition have announced the seizure of a joint Syrian-Russian spy base, which observers say reveals the extent of Russia’s intelligence cooperation with Syria. The base is located at the base of the Tel Al-Hara Mountain, in southern Syria’s Golan Heights region, just south of the border crossing with Israel in the now largely destroyed Syrian city of Quneitra. The Western-backed Free Syrian Army (FSA) said it took over the spy base on Sunday, following several weeks of fighting against rival groups, including Syrian government soldiers and members of Jabhat al-Nusra, al-Qaeda’s branch in Syria. The FSA said the base, referred to as “Center C” by Russian intelligence, had been under Russian command until it was abandoned at a time and for reasons that remain unknown. In a three-minute video released by the Western-backed rebel group on YouTube, an FSA officer appears to be guiding the cameraman around part of the seized base. He points to several diagrams and captions on the walls, which are both in Arabic and in Russian. At some point in the video, the seal of Syrian intelligence is clearly visible, placed next to the seal of the GRU’s 6th Directorate, the branch of Russian military intelligence that is tasked with collecting signals intelligence (SIGINT). At another point in the video, a series of photographs can be seen that depict Syrian and Russian intelligence officers working together in gathering and analyzing intelligence. Interestingly, one of the walls in the base features a map of northern Israel, an area that is adjacent to the Golan Heights, and appears to show the location of Israeli SIGINT stations and military encampments. It is unclear when exactly the spy base was abandoned by the Russian and Syrian intelligence officers that staffed it, Read more of this post

Estonian intelligence officer ‘abducted’ by Russian spies

EstoniaBy JOSEPH FITSANAKIS | intelNews.org
The Estonian Ministry of Foreign Affairs has summoned the Russian ambassador in Tallinn to complain about the alleged abduction of an Estonian intelligence officer by Russian forces, which it says occurred on Estonian soil. A statement from the Ministry said the Estonian intelligence officer, named Eston Kohver, has worked since 1991 for the Internal Security Service of Estonia, known as KaPo. Speaking to reporters on Friday, KaPo Director Arnold Sinisalu said Kohver had been kidnapped by a team of “unidentified individuals from Russia”. The Estonian side claims that the abduction occurred in the vicinity of Luhamaa, a border-crossing facility in southeastern Estonia, which connects the small Baltic country with its Russian neighbor. Sinisalu said KaPo investigators had detected “signs of a scuffle” at the scene of the abduction, as well as vehicle tracks “leading from Russian to Estonian soil”. Subsequent reports in Estonian media alleged that the Russian abductors had managed to jam radio communications in the area prior to snatching Kohver. They also employed smoke grenades during the operation, which would explain a number of “explosions” heard in the vicinity, according to Estonian police spokesman Harrys Puusepp. But Russian sources dismissed the Estonian government’s claims, saying that Kohver had been detained while on Russian soil. Russian media reported that the Estonian counterintelligence officer had been captured by Russia’s Federal Security Service, known as FSB, while undertaking an “espionage operation” inside Russia. Reports in the Russian press said Kohver was caught in Russia’s Pskov region, carrying a loaded firearm, €5,000 ($6,500) in cash, “covert video recording equipment”, an “eavesdropping device”, as well as “other items relating to the gathering of intelligence”. A statement from the FSB said the Estonian operative had been captured while taking part in “an undercover operation” on behalf of KaPo. Read more of this post

News you may have missed #883

Oleg KaluginBy IAN ALLEN | intelNews.org
►►Indonesia, Australia renew intelligence ties. Australia and Indonesia have signed a pledge not to use intelligence to harm each other, signaling a resumption in cooperation, which had been suspended after last year’s spy scandal. Australian Foreign Minister Julie Bishop and her Indonesian counterpart, Marty Natalegawa, signed the “joint understanding of a code of conduct” in Nusa Dua, Bali, on Thursday.
►►Ex-KGB general says Russia has already won in Ukraine. Russia has already won “the real victory”​ in Ukraine, according to former KGB general Oleg Kalugin, who is now living in the United States. The “southeast of Ukraine, that’s part of the general battle between the Russians and Ukrainians, but it’s not as crucial as the real victory and pride of Russia —the Crimea, I mean”, he said on Thursday. Kalugin reiterated that he does not believe Russian president Vladimir Putin wants annex another region of the country. “It’s not in the interest of Putin”, Kalugin said. “His position as of today is fairly strong in the country, in his own country, so why put it at risk by moving further?”
►►China says Canadian couple were spies disguised as ordinary citizens. Kevin and Julia Garratt have been accused of stealing Chinese military and national defense research secrets. They were detained on August 4, 2014, but not formally arrested, and China has offered little information on what they are accused of doing. The couple ran a coffee shop near the border with North Korea, worked with Christian groups to bring humanitarian aid into North Korea, and worked to train North Korean Christians inside China. Their detention by China’s State Security Bureau has been seen by Canadian authorities as reprisal for the arrest of Su Bin, a Chinese immigrant to Canada suspected of masterminding the electronic theft of US fighter jet secrets.

Malware targeting ex-Soviet states has Russian hallmarks

Turla trojan operational diagramBy IAN ALLEN | intelNews.org
A malicious software that has infiltrated the computer systems of dozens of embassies belonging to former Eastern Bloc nations “has all the hallmarks of a nation-state” cyberespionage operation, according to researchers. Security firm Symantec said last week that the malware appears to be specifically targeting embassies of former communist nations located in China, Jordan, as well as in locations across Western Europe. In a report published on its website, Symantec said “only a nation state” was likely to have the funds and technical resources to create a malware of such complexity. Additionally, the malware seems to be designed “to go after explicit government networks that are not easy to find”, according to Symantec senior security researcher Vikram Thakur. The infiltration appears to occur in two stages. In the first stage, a computer is infected with a reconnaissance program, known as Wipbot. The initial infection usually occurs through a directed phishing attack or via a compromised website. The Wipbot then conducts an initial exploration of the infected system, collecting vital information about its identity, structure and contents. It then proceeds to compromise it only if it matches a specific Internet address that it is looking for. If a match is confirmed, the Wipbot then invites a second program into the compromised system, whose task is to expropriate data and exfiltrate it in batches that are camouflaged as Internet browser requests. Symantec researchers say that the technical similarities between the two programs are sufficient to justify the view that they were designed and developed by programmers working for the same government agency. Thakur said the structure of the malware is particularly creative; it uses Wipbot as an initial reconnaissance tool before delivering the exfiltration program if it judges that the compromised system is of high enough interest. The Symantec report adds that the malware in question is part of a four-year-long series of cyberespionage attacks that have systematically targeted government facilities belonging to former Communist Bloc states. In May of 2012, a similar malware was found to have infiltrated over 60 different computer systems belonging to a former Soviet Republic, including the office of the Prime Minister. A closely linked attack targeted another former communist state’s embassy in Paris, France, as well as its foreign and internal affairs ministries. The Symantec research points out that many of the malicious program’s core components were compiled in the UTC+4 time zone, which includes Russian cities such as Moscow and St. Petersburg.

Follow

Get every new post delivered to your Inbox.

Join 751 other followers