Chinese state-linked cyber actor allegedly behind attack on global airline industry

Air India

A GROUP OF COMPUTER hackers with close links to the Chinese state are allegedly behind a wide-scale attack on the global airline industry, which includes espionage, as well as financial motives, according to a new report. If confirmed, the attack would constitute a global campaign against a single industry that is unprecedented in size, according to experts.

The most recent victim of this series of worldwide attacks is Air India, India’s government-owned flagship air carrier. In May of this year, the company was targeted by what officials described as “a highly sophisticated attack” that had begun over two months earlier. It was indeed in early February that the hackers had begun to collect information about Air India and trying to infiltrate its networks through a combination of methods, including spear-phishing. The resulting compromise affected the data of some 4.5 million of Air India’s passengers. Stolen information included passengers’ credit card details, as well as passport information, such as names and dates of birth.

But in a new report issued on Thursday, the Singapore-based cybersecurity firm Group-IB said that the methodology used by the perpetrators of the Air India attack resembled those used to hack other airline carriers around the world. Other victims have included Singapore Airlines, Malaysia Airlines, Finnair, as well as SITA, a Swiss-based provider of information technology services to airline operators in over 200 countries and territories around the world.

What is more, the Group-IB report claims “with moderate confidence” that the attacks on the global airline industry are being perpetrated by APT41. Also known as BARIUM, APT41 is a highly prolific group of computer hackers that is widely believed to be connected with the Chinese government. Since first appearing on the scene in 2006, APT41 has amassed a list of victims that include firms from almost every imaginable industry, including manufacturing, telecommunications, transportation, healthcare and defense. Some of its strikes are clearly financially motivated and include ransomware attacks. Others are espionage-related and point to the information needs of a nation-state —allegedly China.

In 2020, the United States Federal Bureau of Investigation added five members of APT41 to its “Most Wanted” list. The accompanying press statement accusing the five men of conducting “supply chain attacks to gain unauthorized access to networks throughout the world”, and attacking a host of companies on nearly every continent, including the Americas.

Author: Joseph Fitsanakis | Date: 11 June 2021 | Permalink

France suspends aid to Central African Republic over espionage charges

Juan Remy Quignolot

THE GOVERNMENT OF FRANCE has suspended all civilian and military aid to the Central African Republic (CAR), after authorities there charged a French national with espionage and conspiracy to overthrow the state. The charges were announced approximately a month after the arrest of Juan Remy Quignolot, 55 (pictured), who was arrested in CAR capital Bangui on May 10 of this year. Following Quignolot’s arrest, CAR police said they found more than a dozen cell phones, machine guns, ammunition and foreign banknotes in his hotel room.

Speaking to reporters in Bangui on Wednesday, the CAR’s attorney general, Eric Didier Tambo, said that Quignolot had been charged with espionage, illegal weapons possession, as well as conspiracy against the security of the state. According to CAR authorities, Quignolot has been providing training and material support to anti-government rebel groups for nearly a decade. However, CAR authorities have not specified for which country or group Quignolot performed his alleged activities.

The French Ministry of Foreign Affairs and the French embassy in Bagnui have not commented on Quignolot’s charges. When the French national was arrested in May, French Foreign Affairs Ministry officials said the move was part of “an anti-French campaign” orchestrated by Russia. Paris has been competing with Moscow for influence in this former French colony —a diamond- and gold-producing country of nearly 5 million people— which remains highly volatile following a bloody civil war that ended in 2016.

Earlier this week, France said it would immediately suspend its $12 million-a-year civilian and military aid to the CAR. The reason is that the African nation’s government had allegedly failed to take measures against “massive disinformation campaigns”, purportedly originating from Russia, which have “targeted French officials” in the CAR and the broader central African region. Despite suspending financial aid, France continues to maintain approximately 300 soldiers in the CAR. In recent years, however, France’s military presence in its former colony has been dwarfed by contingents of Russian military instructors, who are now training government forces.

Quignolot’s trial is expected to take place by December. Speaking about the Frenchman’s possible sentence, attorney general Tambo said on Wednesday that, “in cases of harming domestic security, you’re talking about lifetime forced labor”.

Author: Joseph Fitsanakis | Date: 10 June 2021 | Permalink

US Senate report details missed intelligence prior to January 6 attack on US Capitol

US Capitol - IA

A BIPARTISAN REPORT BY two committees of the United States Senate has highlighted crucial intelligence that was missed or disregarded by government agencies prior to the insurrection of January 6, 2021. Five people died during a concerted attempt by thousands of supporters of the then-President Donald Trump to storm the US Capitol Complex and invalidate the election victory of Joe Biden. Over 450 participants in the insurrection are now facing charges for storming the Capitol.

The report (.pdf) was produced jointly by the Senate Committee on Rules and Administration and the Committee on Homeland Security and Governmental Affairs. It took the two committees five months to issue their findings, which are based on thousands of internal documents and closed-door interviews with senior government officials. Officials interviewed include the then-acting Defense Secretary Christopher Miller and General Mark Milley, Chair of the Joint Chiefs of Staff.

The report details failures in the areas of intelligence collection and exploitation, security preparations and emergency response measures both prior to and during the insurrection. It states that the US Capitol Police was in possession of intelligence from a pro-Trump website, in which militants were urging participants in the president’s “March to Save America” rally to “bring guns”. Armed demonstrators were also urged to surround every exit from the US Capitol Complex, in order to trap members of Congress and their staff inside the building.

However, the intelligence gathered from websites and social media platforms was not utilized, not communicated to officers, or simply dismissed by the US Capitol Police, according to the Senate report. Additionally, once the insurrection was underway, the Department of Defense did not authorize the deployment of the Washington DC National Guard until a full three hours after it was requested to do so by the police.

In a statement issued on Tuesday, the US Capitol Police said it welcomed the joint Senate report on the January 6 insurrection. It added, however, that “at no point prior to the 6th [of January did its analysts] receive actionable intelligence about a large-scale attack” on the US Capitol Complex. This is likely to be the last Congressional investigation into the attack on the US Capitol Complex, as Republican Senators have blocked the creation of an independent 9/11-type commission to investigate it.

Author: Ian Allen | Date: 09 June 2021 | Permalink

FBI built fake phone company in global wiretapping operation of historic proportions

Trojan Shield

THE UNITED STATES FEDERAL Bureau of Investigation built a fake telephone service provider for a secret worldwide operation that officials described on Monday as “a watershed moment” in law enforcement history. The operation, known as TROJAN SHIELD, began in 2018 and involved over 9,000 law enforcement officers in 18 countries around the world. When the existence of TROJAN SHIELD was announced in a series of official news conferences yesterday, officials said the operation had “given law enforcement a window into a level of criminality [that has never been] seen before on this scale”.

The operation centered on the creation of an entirely fake telephone service provider, known as ANØM. The fake firm advertised cell phones that were specially engineered to provide peer-to-peer encryption, thus supposedly making it impossible for government authorities to decipher intercepted messages or telephone calls between users. The FBI and law enforcement agencies in Australia and New Zealand used undercover officers to spread news about ANØM in the criminal underworld. The fake company’s modus operandi was to let in new users only after they had been vetted by existing users of the service. Within two years, there were nearly 10,000 users of ANØM around the world, with Australia having the largest number —approximately 1,500.

On Tuesday morning hundreds of raids were conducted in over a dozen countries, beginning with New Zealand and Australia, where over 500 raids were carried out, resulting in the arrests of 224 people. News reports suggest that over $45 million in cash has been seized in the past 24 hours in Australia alone, where law enforcement authorities dubbed the operation IRONSIDE. More raids have been taking place around the world, including in the United States. However, as raids were continuing into the evening, the FBI said it would not discuss the results of Operation TROJAN SHIELD until later today, Tuesday.

Speaking to reporters on Monday, Australian Prime Minister Scott Morrison described the undercover operation as “a watershed moment in Australian law enforcement history”, which would “echo around the world”. An early report on the operation, which was published by the San Diego Union Tribune in the United States, said the purpose of TROJAN SHIELD was two-fold: to dismantle organized criminal syndicates through evidence acquired from wiretaps, and to spread confusion and mistrust of encryption devices in the worldwide criminal underworld.

Author: Joseph Fitsanakis | Date: 08 June 2021 | Permalink

Russian spy activity has reached Cold War levels, say Germany’s intelligence chiefs

Thomas Haldenwang Bruno Kahl

RUSSIAN INTELLIGENCE ACTIVITY in Germany has reached levels not seen since the days of the Cold War, while espionage methods by foreign adversaries are now more brutal and ruthless, according to the country’s spy chiefs. These claims were made by Thomas Haldenwang, who leads Germany’s Agency for the Protection of the Constitution (BfV), and Bruno Kahl, head of the Federal Intelligence Service (BND), which operates externally.

The two men spoke to the Sunday edition of Die Welt, one of Germany’s leading newspapers. Their joint interview was published on June 6. Haldenwang told Die Welt am Sonntag that the presence of Russian spies on German soil reflects Moscow’s “very complex intelligence interest in Germany”. Accordingly, Russia has “increased its [espionage] activities in Germany dramatically” in recent years, said Haldenwang.

The counterintelligence chief added that Russia has a “large number of agents” that are currently active in German soil. Their goal is to try to “establish contacts in the realm of political decision-making”. One of many topics that the Kremlin is intensely interested at the moment is the future of Russia’s energy relationship with Germany, according to Haldenwang.

At the same time, Russia’s espionage methods are becoming “coarser” and the means that it uses to steal secrets “more brutal”, said the spy chief. Kahl, his external-intelligence colleague, agreed and added that Germany’s adversaries are “employing all possible methods […] to stir up dissonance between Western states”. Their ultimate goal is to “secure their own interests”, concluded Kahl.

However, despite Russia’s increased intelligence activity in Germany, the most serious threat to the security and stability of the German state is not Moscow, but domestic rightwing extremism, said Haldenwang. Notably, the German spy chief discussed the unparalleled rise of rightwing rhetoric on social media and websites. Such propaganda is being spread by people that he termed “intellectual arsonists”. Their “hate-filled messages” are essentially anti-democratic, said Haldenwang.

Author: Joseph Fitsanakis | Date: 07 June 2021 | Permalink

US government takes control of Internet domains used by SolarWinds hackers

Computer hacking

THE UNITED STATES GOVERNMENT has taken control of two Internet domains used last month in a large-scale phishing campaign by the same Russian-linked hacker group that was behind SolarWinds. The Department of Justice said on Tuesday it seized the two domains, theyardservice[.]com and worldhomeoutlet[.]com, on May 28, following a decision by a US court that authorized the action.

The large-scale attack was detected on May 25, and was delivered in over 3,000 emails sent from a compromised account belonging to the United States Agency for International Development (USAID). The compromised account was paired with the services of a legitimate email marketing company called Constant Contact. It was subsequently used to deliver phishing emails to the employees of over 150 organizations worldwide, most of them American.

The phishing emails featured an official USAID logo, beneath which was an embedded link to a purported “USAID Special Alert” titled “Donald Trump has published new documents on election fraud”. The link sent users to one of the two illicit subdomains, which infected victim machines with malware. The latter created a back door into infected computers, which allowed the hackers to maintain a constant presence in the compromised systems.

According to Microsoft Corporation, the hackers behind the phishing attack originated from the same group that orchestrated the infamous SolarWinds hack in 2020. The term refers to a large-scale breach of computer systems belonging to the United States federal government and to organizations such as the European Union and the North Atlantic Treaty Organization. The threat actor behind the attack is referred to by cybersecurity experts as APT29 or Nobelium, among other names.

Speaking on behalf of the US Department of Justice’s National Security Division, Assistant Attorney General John C. Demers said on Tuesday that the seizure of the two Internet domains demonstrated the Department’s “commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation”.

Author: Joseph Fitsanakis | Date: 03 June 2021 | Permalink

Turkish spies reportedly kidnapped nephew of dissident cleric Fethullah Gülen in Kenya

Nairobi KenyaTURKISH SPIES ALLEGEDLY KIDNAPPED a nephew of dissident cleric Fethullah Gülen in Kenya and forcibly transported him to Turkey, according to reports in Turkish media. Citing “government sources”, Turkey’s state-owned news agency, Anadolu, said this week that Selahaddin Gülen had been “forcibly repatriated” to Turkey from abroad by officers of the National Intelligence Organization, known as MİT. But it did not specify when or where the alleged operation took place.

Subsequent reports suggested that Selahaddin Gülen’s wife, Serriye Gülen, posted a video on social media, in which she said the couple lived in Nairobi, Kenya, and that her husband, who worked as a school teacher, had disappeared on May 3. It was also reported that Gülen’s alleged kidnapping was soon afterwards confirmed by media outlets connected to the Gülen movement.

The Gülen movement consists of supporters of Muslim cleric Fethullah Gülen, who runs a global network of schools, charities and businesses from his home in the United States. The government of Turkey has designated Gülen’s group a terrorist organization and claims it was behind the failed 2016 coup against Turkey’s President, Recep Tayyip Erdoğan. Ever since the failed coup, Erdoğan’s government has fired or imprisoned over 200,000 government employees, which it accuses of being “Gülenists”. The cleric, who lives in the US state of Pennsylvania, denies Erdoğan’s accusations.

It is not clear whether Gülen’s nephew was kidnapped in a cover operation, or whether he was delivered to the MİT by the Kenyan authorities. Since the failed 2016 coup, the Turkish government has pressured numerous countries in the Americas, Europe, Asia and Africa to arrest and extradite alleged Gülenists. Kenya has so far refused to take action against individuals and institutions that Ankara claims are connected to the Gülen movement.

It is worth noting that in 1999 the MİT carried out a controversial covert operation in Kenya, which resulted in the kidnapping of Kurdish separatist militant Abdullah Öcalan. Öcalan, 74, is the leader of the Kurdistan Workers’ Party (PKK), which Turkey and several other countries have designated a terrorist organization. He remains imprisoned to this day.

Author: Joseph Fitsanakis | Date: 02 June 2021 | Permalink

We knew about the US-Danish spy collaboration. The revelations are still remarkable

DDIS DenmarkTHE FIRST CLAIMS OF an alleged secret collaboration between the signals intelligence agencies of the United States and Denmark surfaced in November of 2020. By January of this year, it was clear that the Danish government would, sooner or later, need to deal with the fallout of its controversial spy deal with Washington, under which Denmark enabled the US to spy on some of its closest European allies. Still, the news last weekend that Denmark helped the US spy on countries such as Germany, France, Sweden and Norway, is nothing short of remarkable, and has a huge symbolic significance that cannot be overlooked.

IntelNews regulars will recall that Lars Findsen, director of the Danish Defense Intelligence Service (FE, or DDIS in English) was unceremoniously “relieved of duty” in August of 2020. This was in response to a damning report by the Danish Oversight Board, known as TET, which is responsible for supervising the work of Denmark’s intelligence agencies. The Danish Ministry of Defense would not discuss the precise nature of the report, which at the time was believed to relate to vaguely described “improper intelligence collection practices”.

Then, in November of 2020 came news of an alleged secret collaboration between the DDIS and its American equivalent, the National Security Agency (NSA). According to Danish newspaper Jyllands-Posten and Danmarks Radio —Denmark’s public-service broadcaster— the agreement dated to 2008, and involved the use by the NSA of a number of fiber optic Internet cables that pass through Danish territory, in return for the DDIS being given access to the content of intercepted traffic. This collaboration resulted in the interception of information belonging to the governments of Germany, France, Sweden, Norway and Holland, among others.

It is said among intelligence practitioners that “there is no such thing as a friendly foreign intelligence agency”. There is also no known agreement not to spy on each other between the United States and several core countries of the Western alliance, such as Denmark, France, Holland, Norway, Germany, Belgium, Italy, Sweden, or Spain (it is rumored that a “no-spy clause” exists between Five Eyes participants). Technically speaking, therefore, espionage between European powers, or between them and the US, is not in violation of some sacred agreement. Read more of this post

Russia-linked PR firm asked social media influencers to spread doubts about vaccines

Coronavirus COVID-19

A PUBLIC RELATIONS FIRM with alleged links to Russia offered to pay French and German social media influencers if they published content casting doubts on the safety of the Pfizer-BioNTech COVID-19 vaccine. The allegations about the firm’s efforts were made on Twitter and on French websites, and later appeared in Britain’s Guardian newspaper.

According to the reports, French and German social media bloggers and influencers who are active on YouTube, TikTok, Instagram, and other social media platforms, were contacted last week by a public relations firm. The firm is called Fazze. It claims to be based in London and describes itself as an “influencer marketing platform […] connecting bloggers and advertisers”.

In an email sent to social media influencers, Fazze reportedly asked them to post information that draws attention to “the death rate among the vaccinated with Pfizer which is almost 3x higher than the vaccinated by AstraZeneca” [sic]. The email from Fazze also reportedly asked the social media influencers to draw attention to a leaked report that supposedly questions the safety of the Pfizer-BioNTech COVID-19 vaccine. The report, published recently by French newspaper Le Monde, is based on an internal document that was stolen by Russian hackers from the European Medicines Agency and was later posted on the Dark Web. The document contains no evidence of the supposed danger of the Pfizer-BioNTech COVID-19 vaccine. However, it has become the basis of anti-vaccine conspiracies on social media in Europe and the United States.

The social media influencers were encouraged to tell their audiences that the Pfizer-BioNTech COVID-19 vaccine is “dangerous to the health of the people” and to question why “governments [are] actively purchasing” this vaccine. They were also instructed to “act like you have the passion and interest in this topic” [sic] and to present the material “as your own independent view”. When asked, Fazze reportedly refused to identify its client, but said that its budget for the project was “considerable” and invited the social media influencers to name “the rate you wish” for their financial compensation.

The company claimed to be based at 5 Percy Street in London, but it is not registered there, according to the Guardian. The British paper also claimed that the company’s management “come from Moscow and have worked for an agency reportedly founded by a Russian entrepreneur”.

Author: Ian Allen | Date: 27 May 2021 | Permalink

China assesses emotions of subjects using AI technology that monitors skin pores

Xinjiang POLICE STATIONS IN CHINA are reportedly experimenting with a new technology that uses artificial intelligence to detect the emotions of subjects, and even monitors their skin pores, according to a source who spoke to the BBC. The source is a software engineer, whose identity has not been disclosed by the BBC. He said he helped install the controversial technology in a number of police stations in the Chinese region of Xinjiang.

Xinjiang, China’s most impoverished region, is home to 12 million Uighurs, most of whom are Muslims. The Chinese state is currently engaged in a campaign to quell separatist views among some Uighurs, while forcibly integrating the general population into mainstream Chinese culture through a state-run program of forcible assimilation. It is believed that at least a million Uighurs are currently living in detention camps run by the Communist Party of China, ostensibly for “re-education”. Xinjiang is often referred to as the world’s most heavily surveilled region.

According to the BBC’s Panorama program, patents filed by Chinese companies point to the development of facial recognition programs that can distinguish subjects by ethnicity, and appear to be “specifically designed to identify Uighur people”. Among them are artificial intelligence systems that are able to detect facial micro-expressions, so as to analyze the emotions of subjects. According to Panorama, some systems even monitor “minute changes” in skin pores on the face of subjects, as a means of detecting micro-expressions. The software then allegedly produces a pie chart that details a subject’s state of mind.

The BBC said it reached out to the Chinese embassy in London, which claimed to have “no knowledge” of these alleged surveillance programs. In a statement issued on Tuesday, the Chinese embassy said that “the political, economic and social rights and freedom of religious belief in all ethnic groups in Xinjiang are fully guaranteed”. It added that people in Xinjiang “live in harmony and enjoy a stable and peaceful life with no restriction to personal freedom”.

Author: Joseph Fitsanakis | Date: 25 May 2021 | Permalink

Belarussian spies were onboard commercial airliner diverted by force to Minsk

Ryanair

BELARUSSIAN INTELLIGENCE OFFICERS were allegedly onboard a commercial airliner that was en route to Lithuania, but was forcibly diverted to Minsk on Sunday, where a vocal Belarussian dissident was arrested. The dissident is 26-year-old Roman Protasevich, who is known as one of the most outspoken opponents of Belarus’ authoritarian President, Alexander Lukashenko.

Protasevich has been voicing his criticism of Lukashenko’s government on popular social-media outlets, such as Telegram. He has evaded charges of terrorism and incitement to violence in his home country by living in Poland, where he applied for political asylum in 2019. On Sunday, May 23, Protasevich was among the 171 passengers onboard Ryanair flight FR4978 from Athens, Greece, to Vilnius, Lithuania. However, while flying over Belarussian airspace en route to Vilnius, the commercial airliner was confronted by a Belarussian Air Force MiG-29 fighter jet, while the pilots were told by Belarussian ground control that a bomb threat had been issued against the plane.

The airplane was forcibly redirected to Minsk, despite the fact that there were several international airports that were physically closer. As soon as the aircraft landed, officers of the Belarussian State Security Committee, known as the KGB, boarded the plane and apprehended Protasevich. He is now under arrest in Minsk. It later surfaced that President Lukashenko had personally given instructions to the MiG-29 to prevent the Ryanair airplane from exiting Belarussian airspace.

Speaking on the breakfast show of Newstalk, an independent radio station in the Republic of Ireland, Ryanair Chief Executive Officer Michael O’Leary described Sunday’s incident as “a case of state-sponsored hijacking”. He added that according to Ryanair personnel onboard the aircraft, who witnessed the incident, Belarussian KGB officers were “onboard the plane when it took off from Athens” and participated in forcibly arresting Protasevich once the airplane had landed in Minsk.

Protasevich appeared on a video issued by the Belarussian authorities late on Sunday. He is reportedly facing 12 years in prison if convicted of inciting riots. However, he faces the death penalty if convicted of acts of terrorism.

Author: Joseph Fitsanakis | Date: 25 May 2021 | Permalink

US Justice Department and CIA may intervene in Saudi lawsuit to protect secrets

Saad al-Jabri

THE UNITED STATES DEPARTMENT of Justice and the Central Intelligence Agency may intervene in a civil lawsuit filed by an exiled Saudi spy against the oil kingdom’s de facto ruler, in order to protect state secrets. In a 106-page lawsuit, filed last year with the US District Court in Washington, DC, Dr. Saad al-Jabri claims that Saudi Arabia’s de facto ruler, Crown Prince Mohammed bin Salman, dispatched members of his “personal mercenary group”, known as the Tiger Squad, to North America, in order to assassinate him.

Al-Jabri was a courtier of Crown Prince Muhammad bin Nayef, grandson of Saudi Arabia’s founding monarch, King Abdulaziz. Bin Nayef, who was widely expected to be Saudi Arabia’s next king, eventually appointed al-Jabri Minister of State and made him his senior adviser on matters of security and intelligence —in essence his spy chief. But al-Jabri’s standing changed suddenly in 2015, when King Abdullah died and was succeeded by King Salman. Salman then named his son, Mohammed bin Salman, as his successor, effectively usurping al-Jabri’s mentor and protector, Prince bin Nayef. Within weeks, al-Jabri had been fired, while his patron, bin Nayef had gone under house arrest. Fearing for his life, al-Jabri took his eldest son, Khalid, and escaped to Canada in the middle of the night. They remain there to this day.

Bin Salman’s lawyers have dismissed al-Jabri’s lawsuit as baseless, and accuse the former spy chief of embezzling $3.4 billion from Saudi state coffers under the pretense of funding security programs. Al-Jabri’s lawyers have told the court that an “examination of the counterterrorism and national security activities of the United States government” may be necessary in order to demonstrate that their client has not embezzled state funds.

This development has US government officials worried, according to The Washington Post’s well-sourced David Ignatius. He reports that, in April of this year, the US Department of Justice filed a document in a federal court in Massachusetts, in which it outlines its plans to intervene in al-Jabri’s lawsuit against bin Salman. According to the Department of Justice, al-Jabri’s legal team may intend “to describe information concerning alleged national security activities”, which is something the US government would like to prevent.

According to Ignatius, the Department of Justice could invoke the rarely used “state secrets privilege”, which allows the US government to refuse to disclose information when ordered to do so by a court of law, if there is a “reasonable danger” that doing so could threaten US national security. Ignatius added that the Central Intelligence Agency is also looking into whether it could resist a judge’s orders to disclose information pertaining to the case of al-Jabri.

Author: Joseph Fitsanakis | Date: 24 May 2021 | Permalink

German army officer led double life as Syrian immigrant, planned to kill politicians

Franco AA GERMAN ARMY LIEUTENANT, who led a double life as a fake Syrian refugee, has gone on trial in Frankfurt, accused of planning to kill German politicians so as to provoke anti-Arab sentiment among Germans. The man has been identified by the German media as “Franco A.”, 32, due to strict German privacy laws. He lived in France, where he served in the Franco-German Brigade, an elite military force that combines units from the French and German armies, and is meant to symbolize Franco-German rapprochement in the postwar era.

In 2016, Franco A. approached German authorities and pretended to be a French-speaking Christian from Syria, having first dyed his beard black and darkened his complexion using make-up. Using the name “David Benjamin”, he convinced German immigration officials to provide him with temporary identity papers and grant him asylum in Germany. He also received a monthly allowance from the German state. In 2017, however, Franco A. was arrested in Vienna while trying to retrieve a loaded pistol he had hidden in a public bathroom. When searching his room at the Franco-German Brigade barracks, police discovered Nazi-era memorabilia. Further searches at his parents’ home in Germany uncovered stockpiles of ammunition and explosives.

German prosecutors now allege that Franco A. belonged in a secretive network of far-right German survivalists, whose members planned to take armed action on a day they referred to as “Day X”, which would mark the beginning of a civil war in Germany. Additionally, Franco A. is accused of having stolen ammunition from his barracks, and of keeping a list of possible victims for assassination. The latter included the German Foreign Affairs Minister Heiko Maas and Claudia Roth, a member of the German Green Party, who currently serves as Vice-President of the Bundestag —Germany’s federal parliament.

But the plot thickened once German authorities realized that Franco A.’s fingerprints matched exactly those of the Syrian immigrant, David Benjamin. They then realized Franco A. and David Benjamin were one and the same person. According to government prosecutors, Franco A. planned to kill at least one senior German political figure, then leave the gun bearing his fingerprints at the scene of the crime. His goal was to have the fingerprints match those of his fake Syrian identity, and in doing so stir anti-Arab sentiment among the German population.

During his court appearance on Thursday, Franco A. denied being a neo-Nazi, and claimed that the reason he posed as a Syrian refugee was because he wanted to “expose the flaws in Germany’s asylum system”. He faces 10 years in prison, if convicted.

Author: Joseph Fitsanakis | Date: 21 May 2021 | Permalink

Chinese state-owned fishing company is cover for spy activities, report claims

Paracel Islands

A CHINESE STATE-OWNED fisheries enterprise is in reality a front for military-related intelligence activities in the South China Sea, according to a new investigative report. The report was produced by Radio Free Asia (RFA), which is operated by the United States Agency for Global Media —an arm of the United States government. Entitled “Unmasking China’s Maritime Militia”, the report focuses on the Sansha City Fisheries Development Co., which is based on the island of Hainan, China’s southernmost province.

Established in February of 2015, Sansha City Fisheries Development Co. is a municipal state-owned enterprise that carries out industrial-scale fishing operations in the South China Sea. However, having analyzed official Chinese government data, including corporate records and third-party bidding contracts, RFA claims that “the company’s ships are engaged in more than just fishing”. In reality, the fishing company operates as an undercover arm of a shadowy force known as the Sansha City maritime militia, according to RFA.

The Sansha City maritime militia is believed to be headquartered at Woody Island (also known as Yongxing Island), the largest of the Paracel Islands in the South China Sea. It was allegedly established in 2013, with the goal of protecting China’s maritime claims in a region where Beijing is competing for influence against Malaysia, Philippines, Taiwan and Vietnam, among other regional actors. Today the maritime militia is said to consist of over 100 vessels and nearly 2,000 militiamen and women.

According to RFA, Sansha City Fisheries Development is known to prioritize hiring veterans of the Chinese People’s Liberation Army. Moreover, a number of service contracts signed between the state-owned fishing company and third party providers appear to include “state secrets protection” clauses, which typically refer to classified programs for the Chinese military or intelligence services. In recent years, at least two of the company’s ships were used to test classified information systems and command and communications systems, which “transformed [them into] mobile communications and surveillance platform[s] capable of transmitting intelligence back to the authorities on land”, according to RFA.

It should be noted that the Chinese government disputes these allegations. The RFA report quotes part of a statement by the Chinese embassy in the Philippines, which claims that “[t]here is no Chinese Maritime Militia as alleged”.

Author: Joseph Fitsanakis | Date: 20 May 2021 | Permalink

US Pentagon’s ‘secret army’ of clandestine operatives dwarfs CIA spy force: report

Pentagon

THE UNITED STATES DEPARTMENT of Defense maintains a “secret army” of over 60,000 operatives, many of whom work across the world in a clandestine capacity, with fake identities and manufactured backgrounds, according to a new report. Newsweek, which published the report on Monday, said that the Pentagon force is “more than ten times the size” of the clandestine wing of the Central Intelligence Agency, which is commonly associated with carrying out covert operations abroad.

According to William Arkin, author of the Newsweek report, the Pentagon’s secret operatives are part of a wider US government effort known as “signature reduction”. The program provides undercover government operatives the ability to operate domestically and around the world without the fear of having their links to spy agencies or the military discovered by online sleuths. Some of these operatives carry out clandestine tasks under their real names, claims Arkin, but without having any formal connections with the US government, or even their country of citizenship.

Others operate under manufactured identifies, which, according to the report, are created by the Pentagon’s Operational Planning and Travel Intelligence Center. Its purpose is to alter databases of US government agencies, such as the US Citizenship and Immigration Services, or the Customs and Border Protection agency, so as to protect the manufactured identities of covert operatives. Such operatives are also provided with technologies that allow them to evade face-recognition and other biometric identification measures, including fingerprint scanners, according to Newsweek.

Another part of the “signature reduction” program, according to the report, consists of private-sector enterprises that work with the Pentagon to provide its clandestine operatives with contractual covers. These allow the operatives to work abroad under civilian cover and without any official connection to US embassies or military bases, according to Newsweek.

The report claims that the largest component of the Pentagon’s “signature reduction” program consists of members of Special Operations Forces. The remaining components of the program are made up of military intelligence and counterintelligence specialists with a variety of skills, including linguistics specialists and cyber operations. The latter form “the fastest growing” group within the program, and are tasked with collecting information about targets online, as well as engaging in influence campaigns utilizing social media platforms around the world.

Author: Joseph Fitsanakis | Date: 19 May 2021 | Permalink