Dutch intelligence disrupts Russian effort to infiltrate International Criminal Court

International Criminal CourtON JUNE 16, THE Dutch General Intelligence and Security Service (AIVD) announced that it prevented a Russian military intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The ICC is of interest to the GRU because it investigates possible war crimes committed by Russia in the Russo-Georgian War of 2008 and more recently in Ukraine.

The GRU officer reportedly traveled from Brazil to Schiphol Airport in Amsterdam in April 2022, using a Brazilian cover identity, making him a so-called “illegal”. This means the intelligence operative was not formally associated with a Russian diplomatic facility. He allegedly planned to start an internship with the ICC, which would have given him access to the ICC’s building and systems. This could have enabled the GRU to collect intelligence, spot and recruit sources, and possibly influence criminal proceedings inside the ICC.

On his arrival at Schiphol, the AIVD informed the Dutch Immigration and Naturalization Service (IND), after which the officer was refused entry to the Netherlands and put on the first plane back to Brazil as persona non grata. The AIVD assessed the officer as a “potentially very serious” threat to both national security and the security of the ICC and Holland’s international allies, due to his access to the organization.

In a first-ever for the AIVD, the agency also released the contents of a partially redacted 4-page document that describes the “extensive and complex” cover identity of the officer. It was originally written in Portuguese, “probably created around mid-2010” and “likely written” by the officer himself. According to the AIVD, the information provides valuable insight into his modus operandi. The cover identity hid any and all links between him and Russia. According to the AIVD, the construction of this kind of cover identity “generally takes years to complete”.

In the note accompanying the document, the AIVD says that Russian intelligence services “spend years” on the construction of cover identities for illegals, using “information on how other countries register and store personal data”. Alternatively, they illegally procure or forge identity documents. Information in the cover identity “can therefore be traceable to one or more actual persons, living or dead” as well as to forged identities of individuals “who only exist on paper or in registries of local authorities”.

AuthorMatthijs Koot | Date: 17 June 2022 | Permalink

Several EU member states expel dozens of Russian diplomats for suspected espionage

Russian Embassy PragueA WEEK AFTER POLAND announced the expulsion of 45 Russian diplomats, the foreign ministries of Belgium, the Czech Republic, Ireland and the Netherlands announced on March 29, 2022 that they would expel Russian diplomats. A day later, Slovakia followed up by announcing it will expel 35 Russian diplomats. On Monday, April 4, France, Germany and Lithuania followed suit with dozens of expulsions.

The German federal government announced it will expel 40 Russian diplomats who, according to minister of foreign affairs Annalena Baerbock, “worked every day against our freedom and against the cohesion of our society”, and are “a threat to those who seek our protection”. The persons involved have five days to leave Germany. Later that day, France announced it will expel “many” Russian diplomats “whose activities are contrary to our security interests”, adding that “this action is part of a European approach”. No further details are known at this time.
Furthermore, Lithuania ordered the Russian ambassador to Vilnius to leave the country, and announced their ambassador to Ukraine will return to Kyiv. In an official statement, foreign minister Gabrielius Landsbergis said Lithuania was “lowering the level of diplomatic representation with Russia, this way expressing its full solidarity with Ukraine and the Ukrainian people, who are suffering from Russia’s unprecedented aggression”. Meanwhile, Latvian minister of foreign affairs Edgars Rinkēvičs announced in a tweet that Latvia will “limit diplomatic relations” with the Russian Federation “taking into account the crimes committed by the Russian armed forces in Ukraine”, and that “specific decisions will be announced once internal procedures have been complete”.

The Czech Republic, which in 2021 called on the European Union (EU) and the North Atlantic Treaty Organization (NATO) to expel Russian diplomats in solidarity against Moscow, announced the expulsion of one diplomat from the Russian embassy in Prague, on a 72-hour notice. In a tweet, the Czech ministry of foreign affairs stated that “Together with our Allies, we are reducing the Russian intelligence presence in the EU”.

Belgium has order the expulsion of 21 diplomats from the Russian embassy in Brussels and consulate in Antwerp. Minister Sophie Wilmès said the measure was taken to protect national security and was unrelated to the war in Ukraine. “Diplomatic channels with Russia remain open, the Russian embassy can continue to operate and we continue to advocate dialogue”, Wilmès said.

The Netherlands will be expelling 17 diplomats from the Russian embassy in The Hague. According to minister Wopke Hoekstra, the diplomats were secretly active as intelligence officers. Hoekstra based this on information from the Dutch secret services AIVD and MIVD. The Russian embassy in The Hague has 75 registered diplomats, of which 58 will remain. Hoekstra says the decision was taken with “a number of like-minded countries”, based on grounds of national security. Like his Belgian colleague, Woekstra adds he wants diplomatic channels with Russia to remain open.

Ireland will be expelling four “senior officials” from the Russian embassy in Dublin, for engaging in activities “not […] in accordance with international standards of diplomatic behaviour”. They were suspected of being undercover military officers of the GRU and were already on the radar of Garda Síochána, the Irish national police and security service, for some time.

Read more of this post

Dutch intelligence disrupt large-scale botnet belonging to Russian spy agency

GRU KtON MARCH 3, 2022, Dutch newspaper Volkskrant reported that the Dutch Military Intelligence and Security Service (MIVD) took action in response to abuse of SOHO-grade network devices in the Netherlands. The attacks are believed to have been perpetrated by the Main Intelligence Directorate of the General Staff of the Russian Armed Forces (GRU) Unit 74455. The unit, which is also known as Sandworm or BlackEnergy, is linked to numerous instances of influence operations and sabotage around the world.

The devices had reportedly been compromised and made part of a large-scale botnet consisting of thousands of devices around the globe, which the GRU has been using to carry out digital attacks. The MIVD traced affected devices in the Netherlands and informed their owners, MIVD chief Jan Swillens told Volkskrant. The MIVD’s discovery came after American and British [pdf] services warned in late February that Russian operatives were using a formerly undisclosed kind of malware, dubbed Cyclops Blink. According to authorities, the botnet in which the compromised devices were incorporated has been active since at least June 2019.

Cyclops Blink leverages a vulnerability in WatchGuard Firebox appliances that can be exploited if the device is configured to allow unrestricted remote management. This feature is disabled by default. The malware has persistence, in that it can survive device reboots and firmware updates. The United Kingdom’s National Cyber Security Centre describes Cyclops Blink as a “highly sophisticated piece of malware”.

Some owners of affected devices in the Netherlands were asked by the MIVD to (voluntarily) hand over infected devices. They were advised to replace the router, and in a few cases given a “coupon” for an alternative router, according to the Volkskrant. The precise number of devices compromised in the Netherlands is unclear, but is reportedly in the order of dozens. Swillens said the public disclosure is aimed at raising public awareness. “The threat is sometimes closer than you think. We want to make citizens aware of this. Consumer and SOHO devices, used by the grocery around the corner, so to speak, are leveraged by foreign state actors”, he added.

The disclosure can also be said to fit in the strategy of public attribution that was first mentioned in the Netherlands’ Defense Cyber Strategy of 2018. Published shortly after the disclosure of the disruption by MIVD of an attempted GRU attack against the computer network of the OPCW, the new strategy included the development of attribution capabilities, as well as the development of offensive capabilities in support of attribution. It advocates the view that state actors “that are [publicly] held accountable for their actions will make a different assessment than attackers who can operate in complete anonymity”.

Author: Matthijs Koot | Date: 07 March 2022 | Permalink

Dutch intelligence service warns public about online recruitment by foreign spies

AIVD HollandLAST WEEK, THE DUTCH General Intelligence and Security Service (AIVD) launched an awareness campaign dubbed ‘Check before connecting’. The purpose of the campaign is to inform the Dutch public about risks of foreign actors using fake accounts on social media, in efforts to acquire sensitive business information. According to the AIVD, such online campaigns frequently target and recruit employees of Dutch private sector companies. The awareness campaign is carried out via Twitter, Instagram and LinkedIn. It is aimed at raising awareness in society at-large. The AIVD will publish a number of fictitious practical examples over time, in order to educate the public.

AIVD director-general Erik Akerboom told Dutch newspaper Het Financieele Dagblad that Dutch and other Western secret services have been surprised by the sheer number of cases in which private sector employees disclosed sensitive information, after being blackmailed or enticed with money to share information. After foreign intelligence operatives make initial contact with their target via LinkedIn, the relationship quickly turns more “personal”, according to Akerboom. The new contact acts flatteringly about the unsuspecting target’s knowledge and competence. “You are asked to translate something. This can be followed by a physical meeting”, he says.

Potential targets are “ranked” by their position in an organization, position in a business network, and level of access to sensitive information. “The rankings determine which persons are prioritized for recruitment attempts”, according to Akerboom. This sometimes involves the creation of fake human resource recruitment agencies, as British, Australian and American intelligence agencies have warned about in the past.

While not a new phenomenon, the scope and effectiveness of foreign infiltration attempts have now reached a scale that has prompted the AIVD to warn the public. China and Russia have made attempts to acquire advanced technology in Western countries, including the Netherlands, via corporate takeovers, digital espionage, and human intelligence operations. Last year, the Netherlands expelled two Russian spies who successfully recruited employees at a number of Dutch high-tech companies. One of the Russians created fake profiles posing as a scientist, consultant and recruiter. The AIVD did not disclose the names of these companies. Read more of this post

Year in review: The biggest spy-related stories of 2021, part 3

End of Year ReviewSince 2008, when intelNews was launched, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2022 may bring in this always timely and highly volatile field, we present you with our selection of the top spy stories of 2021. They are listed below in reverse order of significance, starting from 10 and leading up to 1. This is the third part in a three-part series. Part one is available here and part two is here.

04. FBI built a fake phone company in massive global wiretapping operation. The United States Federal Bureau of Investigation built a fake telephone service provider for a secret worldwide operation that officials described as “a watershed moment” in law enforcement history. The operation, known as TROJAN SHIELD, involved over 9,000 law enforcement officers in 18 countries around the world. When the existence of TROJAN SHIELD was announced in a series of official news conferences in June, officials said the operation had “given law enforcement a window into a level of criminality [never] seen before on this scale”.

03. US spied on some of its closest European allies with the help of Denmark. The first claims of an alleged secret collaboration between the signals intelligence agencies of the United States and Denmark surfaced in November of 2020. By January of 2021, it was clear that the Danish government would, sooner or later, need to deal with the fallout of its controversial spy deal with Washington, under which Denmark enabled the US to spy on some of its closest European allies. Still, the news in June that Denmark helped the US spy on countries such as Germany, France, Sweden and Norway, was nothing short of remarkable, and has a huge symbolic significance that cannot be overlooked.

02. For the first time, Chinese and North Korean spies were tried in the US. For the first time, an alleged Chinese spy was tried—and convicted—in the United States. According to prosecutors Yanjun Xu, also known as Qu Hui or Zhang Hui, was a deputy division director in the Ministry of State Security (MSS)—China’s intelligence agency. His conviction was described by observers as a “seminal moment” for American counterintelligence. Also for the first time, an alleged intelligence officer of North Korea, Mun Chol-myong, was tried in a US court. A North Korean citizen based in Singapore, Mun had tried to defraud international banks and launder money though the US financial system, allegedly for the benefit of North Korean spy agencies.

01. At least 14 heads of state were targeted through controversial phone spyware. At least 14 current or former heads of state were among 50,000 individuals worldwide whose personal telephones were allegedly compromised through a controversial surveillance software, known as Pegasus. The spyware is marketed by NSO Group Technologies, an Israeli digital surveillance company based near Tel Aviv. Pegasus can install itself on targeted telephones without requiring their users to click a link, or download an application. The list of the spyware’s targets allegedly contains telephone devices belonging to three presidents, France’s Emmanuel Macron (pictured), South Africa’s Cyril Ramaphosa, and Iraq’s Barham Salih. The devices of three current prime ministers, Morocco’s Saad-Eddine El Othmani, Egypt’s Mostafa Madboul, and Pakistan’s Imran Khan, are also on the list. There are countless others. As a result of these revelations, the US Department of Commerce placed the NSO Group Technologies on a sanctions list in November 3.

This is part three in a three-part series. Part one is available here. Part two is available here.

Author: Joseph Fitsanakis and Ian Allen | Date: 31 December 2021 | Permalink

Year in review: The biggest spy-related stories of 2021, part 2

Year in ReviewSince 2008, when intelNews was launched, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2022 may bring in this always timely and highly volatile field, we present you with our selection of the top spy stories of 2021. They are listed below in reverse order of significance, starting from 10 and leading up to 1. This is part two in a three-part series. Part one is available here. Part three is available here.

07. Iranian intelligence networks in Europe were decimated following failed operation. Four Iranian spies were tried in Belgium in February, after unsuccessfully trying to bomb an annual conference of Iranian expatriate dissidents. Conference attendees included the then-US President Donald Trump’s personal lawyer, Rudy Giuliani, who addressed the meeting. Stephen Harper, Canada’s former prime minister, also spoke at the conference. Even worse for Iran, a “green notebook” found in the car of one of the spies, allegedly contained “289 places across 11 European countries”, where Assadi is thought to have met with Iranian spies operating throughout Europe.

06. Russian spies allegedly funded one of Italy’s major political parties. An alleged employee of Russian intelligence was present at a secret meeting in Moscow, in which a plan was discussed to fund Lega Nord, Italy’s leading populist party. Established in 1991, the LN seeks greater autonomy for Italy’s northern regions, and opposes the country’s membership in the European Union. An Italian newspaper claimed in June that Andrey Yuryevich Kharchenko, an alleged employee of Russian intelligence, participated in a secret 2019 meeting in Moscow, in which Kremlin figures offered LN officials to enrich the their party’s election campaign coffers by nearly $70 million.

05. US Pentagon has an army of clandestine operatives that ‘dwarfs the CIA’. The US Department of Defense maintains a worldwide “secret army” of over 60,000 operatives, many of whom have fake identities and manufactured backgrounds, according to a report from Newsweek’s investigative journalist, William Arkin. Arkin claimed that the Pentagon force is “more than ten times the size” of the clandestine wing of the CIA, and is allegedly part of a wider US government effort known as “signature reduction”. The scheme provides undercover government operatives the ability to operate domestically and around the world without the fear of having their links to spy agencies or the military discovered by online sleuths.

This is part two in a three-part series; Part one is available here. Part three is available here.

Author: Joseph Fitsanakis and Ian Allen | Date: 30 December 2021 | Permalink

Year in review: The biggest spy-related stories of 2021, part 1

End of Year ReviewSince 2008, when intelNews was launched, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2022 may bring in this always timely and highly volatile field, we present you with our selection of the top spy stories of 2021. They are listed below in reverse order of significance, starting from 10 and leading up to 1. This is part one in a three-part series. Part two is available here. Part three is here.

10. New book claims former Irish head of government was Provisional IRA informant. Controversy has always surrounded, Charlie Haughey—a towering figure in Irish politics. By 1992, when he retired after an illustrious 35-year career, he had served three times as Taoiseach (prime minister) and many more times as minister. Haughey’s critics have always suspected that he was sympathetic to the Provisional Irish Republican Army. If true, however, this latest revelation is nothing short of stunning: a new book by Kevin O’Connor, one of Ireland’s leading investigative reporters, claims that Haughey routinely shared classified information with the IRA, including warnings about British and Irish government spies that operated within the organization.

9. Unlike others, French spies anticipated the Taliban’s takeover of Afghanistan. August found Western nations scrambling to evacuate their citizens and embassy workers from Afghanistan, amidst the chaotic takeover of the country by the Taliban. France, however, began its evacuations at least two months in advance. By late August the French government was being praised from all sides for its “anticipatory planning”. Why was their response so different from those of other Western nations—notably Britain and the United States? Some observers claim that, unlike other Westerners, French spies maintained a “relative distance” from United States intelligence agencies, and were thus not influenced by American projections of what would happen in the war-torn country.

8. Czechs expelled Russian spies, accusing them of blowing up a munitions depot. The Czech Republic unceremoniously expelled a number of Russian diplomats in April, accusing Kremlin spies of being behind a mysterious explosion that leveled a munitions depot in 2014. According to Prague, a team of Russian operatives, posing as Tajiks and Moldovans, blew up a facility belonging to the Military Technical Institute of the Czech Ministry of Defense, killing two security guards and prompting hundreds of evacuations. The Russian operatives allegedly belonged to Unit 29155, a Russian elite spy outfit, whose goal is to subvert European political and economic systems and processes. Several diplomatic tit-for-tat expulsions followed from a number of European nations.

This is part one in a three-part series. Part two is available here. Part three is here..

Author: Joseph Fitsanakis and Ian Allen | Date: 29 December 2021 | Permalink

Israel Security Agency uses Facebook to reach out to young Palestinians – report

Israeli West Bank barrier

AN ARTICLE PUBLISHED LAST month in one of Israel’s leading newspapers, Haaretz, shed light on how the Israel Security Agency (ISA) is using Facebook to combat militant groups in the Palestinian occupied territories, namely the West Bank and the Gaza Strip. According to the article’s author, Amira Hess, the ISA operates about 35 Arabic-language profile pages on Facebook, which are accessible in the various Palestinian areas under Israeli occupation.

ISA case officers (agent handlers) with Arabic monikers are in charge of various regions. For example, the officer in charge of the Hebron area is known as “Captain Eid”, the officer in charge of the Al-Amari refugee camp is known as “Captain Zaker”, and so on. Every Facebook profile page has a telephone number for users to send messages using WhatsApp. In addition, a general Facebook page of the ISA was opened under the heading in Arabic, “Badna Naish” (“Want to Live” in Arabic).

The transition to using Facebook pages is in the spirit of the times, and reflects the fact that many younger Palestinians receive their daily news through social networks, and not through traditional media, such as radio or television. The purpose of the ISA’s open-referral method using Facebook is to talk to the Palestinian population directly, and especially to the younger generation, who is very active on social networks. This also allows social media users to pass on security information to thwart terrorist attacks without disclosing their identity. The Facebook pages also serve the ISA as a tool for recruiting Palestinians who are willing to help Israel.

Additionally, the ISA uses Facebook’s pages to warn Palestinians who plan terrorist acts before they go into action. Here are some examples of the use of Facebook’s pages: In March of this year, an ISA case officer using the moniker “Captain Eid” wrote on his Facebook page covering the Hebron area that he called several masked men who fired shots in the air while welcoming the released terrorist Mahmoud Hushia, and warned them that their identities were known. “In their deeds, they will be punished. Please stay away from unnecessary problems”, wrote Captain Eid. Read more of this post

Book review of “We Never Expected That” by Avner Barnea

Barnea We Never Expected ThatIN HIS NEW BOOK, We Never Expected That: A Comparative Study of Failures in National and Business Intelligence (Lexington Books), Dr. Avner Barnea has coined two new terms in the field of strategic surprise. One is diffused surprise and the other is concentrated surprise, two terms that help us to better understand why intelligence failures occur. In a diffused surprise there is difficulty in identifying the intelligence target and therefore the chance of a surprise increases; while in a concentrated surprise the intelligence target is usually a recognized organization. At the same time, the mistake lies in the assessment of the target’s abilities and intentions.

To illustrate the difference between the types of strategic surprises in the two areas, the author analyzes these types of surprises through a discussion of four test cases. Two of them are from the field of national intelligence and two from the field of competitive intelligence. In the field of national intelligence, Barnea analyzes the surprise of the outbreak of the First Intifada (Palestinian uprising) in 1987 and the surprise of the attacks of September 11, 2001. The first Intifada was a strategic surprise for the State of Israel and broke out as a result of a popular uprising. Therefore Barnea defines it as a diffused surprise. The September 11 terror attack is defined by Barnea as a concentrated surprise, since the terrorist organization, al-Qaeda, which was known to American intelligence, initiated and carried out the terrorist attack. One of the reasons for the surprise was that the American intelligence agencies did not properly assess al Qaeda’s intentions and capabilities, nor did they share the intelligence information that had accumulated.

In competitive intelligence and the business world, units within an organization share intelligence information. One of the lessons of the September 11 surprise in the United States is that intelligence information needs to be shared between the various intelligence organizations. The test cases that Barnea discusses in the field of competitive intelligence include the process of deterioration of the IBM Corporation that almost led to its demise in 1993. This is a classic case of concentrated surprise. IBM’s board  of directors did not internalize the processes and transformations in the field of computer hardware, while competing companies like Dell, Toshiba, and others were aware of the changing needs of customers in this field and also offered customers appropriate solutions. As a result of this failure of a concentrated surprise, IBM’s revenue fell sharply and the company almost declared bankruptcy. The new CEO of IBM, who took office during the crisis, has since adapted the company to changes in the competitive environment. Read more of this post

Analysis: Counterintelligence dimensions of the Gilboa prison break in Israel

Gilboa Prison break

EARLIER IN SEPTEMBER, FIVE members of Palestinian Islamic Jihad and one member of Fatah escaped from the Gilboa Prison in Israel, by digging a tunnel under the prison walls. The escape was a dramatic surprise and caused wonder in the Israeli defense establishment, since the Gilboa Prison is one of the most secure prisons in the country. The Israeli police, together with the Israeli Defense Forces (IDF) and the Israeli Security Service (ISA), immediately began an intense pursuit. About five days later, four of the six men were arrested inside Israel’s borders, after they asked for assistance from Israeli Arabs, who reported them to the Police. The remaining two were arrested a week later in the city of Jenin in the Occupied Territories.

The initial investigation revealed serious misconduct in the Israel Prison Service. Following these findings, the Israeli government decided to establish a state inquiry commission headed by a judge, in order to investigate the prison break and the conduct of the Prison Service. There are already indicators showing a lack of intelligence before and after the prison break.

The Israel Prison Service has a large intelligence unit, whose main purpose is to prevent 6,500 Palestinian prisoners from escaping. In the nine months during which the tunnel was excavated, the Israel Prison Service’s intelligence unit had no information about this activity. Throughout that time, there were various indications that suspicious activity was taking place in the prison, such as blockages of the prison’s sewer pipe with sand. Also, after the six prisoners got out of the prison walls, a system of cameras and sensors did give various signals, but these failed to get the attention of the guards. Serious endemic problems have been found in the intelligence unit, which include its senior director. This individual was allegedly appointed despite having no experience in intelligence and having taken no courses on the subject. Additionally, it is alleged that he does not speak Arabic and is not acquainted with Palestinian culture and outlook.

The second intelligence issue relates to intelligence collection after the prison break. Although some of the most advanced collection tools and significant search resources were used to locate the fugitives, the information that eventually led to their capture came from human intelligence (HUMINT) —namely Israeli Arab citizens, whom the escapees met by chance and asked for help. These Israeli Arabs have demonstrated, contrary to the opinion of right-wing political elements in Israel, their loyalty to the state. Two of the fugitives managed to cross the security fence between Israel and the Occupied Territories and reached the city of Jenin. It then took only a short time for them to be caught, as the ISA has a highly efficient HUMINT system there. Additionally, the two escapees made serious errors, such as when one of them called his father on a cell phone.

Although all six fugitives were captured, they are now considered heroes on the Palestinian street, not just among Islamic Jihad and Hamas supporters.

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA).

Author: Avner Barnea | Date: 24 September 2021 | Permalink

Analysis: The mysterious case of IDF ‘Officer X’ who died in an Israeli prison

Aviv Kochavi

The State of Israel has been in turmoil for several weeks, after it became known that an outstanding officer in one of the elite technological units of the Israel Defense Forces (IDF) Intelligence Division (Israel Military Intelligence, or IMI) was found dead while in custody in a military prison. He had been serving an eight-month sentence on suspicion of causing serious security damage to a critical intelligence technological system. The IDF’s chief of staff, Major General Aviv Kochavi (pictured), said in relation to the case: “The officer from the IMI committed very serious offenses. He committed them on purpose, for reasons I cannot describe. He almost [revealed] a big secret and we stopped it in the [last] minute”.

After the officer’s death, it was revealed by the IDF that his arrest was not a case of treason, or espionage and that he acted for personal, rather than for ideological, nationalistic or financial motives. Following public pressure about IDF’s handling of the matter and the unclear circumstances of the officer’s death, the IDF has provided some more details.

Officer X, who, according to an American website was named Tomer Aiges, was a 25-year-old captain with three honorary awards by the IMI. He had graduated from high school while simultaneously receiving a BSc in computer sciences at the age of 18. Before enlisting in the IDF, he worked in several hi-tech companies in Israel. People who worked with him there testified that he was a young man with extraordinary technical abilities, which is why he was recruited to the technology unit of the IMI.

There are two main issues of concern among the Israeli public. One is how the officer was held in custody for a long time without being brought to trial, even though a serious indictment —the details of which are not known— was filed against him, and when no one except his parents knew about it. To the young man’s acquaintances it seemed that he had mysteriously disappeared. What is more, much of his page on Facebook was deleted and no further updates appeared following his arrest. It was reported that during his arrest, there was a process of criminal mediation, in which the State of Israel sought to sentence him to ten years in prison.

The second problematic issue concerns the circumstances of his death. There are many questions about to how he could have died when his detention cell was under non-stop surveillance by closed-circuit cameras. Further questions remain as to why the investigation into the circumstances of his death has yet to be completed. There have been demands by Israeli former intelligence officers to hand over the investigation to a civilian inquiry committee headed by a Supreme Court judge, as there is grave concern that the IDF could be hiding information that could demonstrate it was negligent in protecting the officer’s life.

The publication of additional details about this case is subject to a strict ban by the Israeli military censorship —it should be noted that Israel is the only Western country that exercises security censorship. The Israeli public is eagerly awaiting the publication of further details about the circumstances of the death of the intelligence officer, Officer X.

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA).

Author: Avner Barnea | Date: 18 June 2021 | Permalink

Russian actors had access to Dutch police computer network during MH17 probe

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

Operation Guardian of the Walls: Israel’s double intelligence failure

Lod Israel

For several days now, a war has been going on between the State of Israel and the Hamas organization that controls the Gaza Strip. The confrontation began after unrest broke out among Palestinians in Judea and Samaria, who raised allegations of Israeli damage to the Temple Mount and the Al-Aqsa Mosque. In firing missiles at Israel, Hamas tries to portray itself as protecting the sanctuaries of Islam in Jerusalem. In doing so, it seeks to strengthen its political position in Judea and Samaria against the Palestinian Liberation Organization (PLO), which is leading the Palestinian Authority. Since then, Israel has been using airstrikes against targets in Gaza, while Hamas has been firing hundreds of missiles at Israel daily. Israel is desperately trying to undermine Hamas’ military and operational capabilities, including armaments factories, while also eliminating senior commanders of the organization.

Hamas’ missile attacks managed to surprise Israel. Israeli intelligence (the Israeli Military Intelligence, known as IMI, and the Israeli Security Agency, ISA) previously estimated that Hamas’ goal was to maintain the status quo, and was not ready to initiate attacks against Israel. Not only did Israeli intelligence err in assessing Hamas’ intentions, but Hamas Q Quotesurprised observers with its range of weapons, such as long-range missiles with a reach that is in excess of 150 miles. This constitutes a strategic surprise for Israel. So far (May 13, 2021), Hamas has fired about 1,500 missiles at Israel, most of which have been intercepted by Israel’s air defense system called the Iron Dome.

At the same time, extensive riots broke out within Israel between Palestinian Israeli Arabs and Israeli far-right groups. The attacks have spread throughout the country, and the Israeli police appear unable to control them. The ISA is responsible for monitoring terrorism-related developments in the area of political subversion, including assessing the intentions of Israeli Arabs and the level of threat posed by these intentions. It appears that the ISA, was completely surprised by recent developments. The spontaneous mobilization of Israeli Arabs stems from fears that Israel intends to harm the Temple Mount and the Al-Aqsa Mosque. It is also a form of identification with their brethren in the Gaza Strip. At present, the government of Israel has not managed to restrain the mobilization of the Israeli Arabs.

In conclusion, Israeli intelligence demonstrates two blind spots. One concerns Hamas’ intentions and offensive capabilities. The other concerns misreading the intentions and degree of threat to public order in Israel by Israeli Arabs. This is why the military clash between Israel and Hamas, as well as the riots by Israeli Arabs, have not yet ended.

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA).

Author: Avner Barnea | Date: 14 May 2021 | Permalink

Opinion: Israel Security Agency should tackle organized crime in the Arab sector

Israeli policeLAST MONTH I WROTE an article on Ynet, Israel’s most popular news website, calling on the Israel Security Agency (ISA) to prevent organized crime in the Arab sector in Israel, which has reached a level that the police cannot deal with. The article caused a broad public debate in Israel, as it marked the first time that the ISA was urged to take responsibility outside its security jurisdiction. It elicited public support, as well as opposition against perceived further invasion of privacy and granting additional powers to the ISA.

Crime in the Arab sector in Israel —especially murders— has reached record highs and is rising year after year. In 2020, over 100 people were killed in the Arab sector. There are many allegations that the police are failing to stop this murky wave of crime. The police are at a loss. The opening of more police stations in the Arab sector and increases in the forces allocated to the Arab sector have not made an impact on this gloomy picture.

The most serious crime in the Arab sector, especially organized crime, requires making out-of-the-box, inventive decisions. The Israel Police is not succeeding in this for several reasons: it has no quality intelligence; there is public distrust in the police that prevents citizens from cooperating with it; the police are perceived as an unreliable body that cannot maintain the confidentiality of sources; and mainly because the police is not an intelligence-oriented organization. The issue of crime in this sector, much of which is organized, requires advanced intelligence capabilities and only the ISA knows how to deal with organizations and individuals operating in secret. This is because the ISA has gained vast experience in covering the Arab sector in Israel for counterintelligence reasons. Read more of this post

FBI, NYPD forewarned Capitol Police of serious violence by Trump supporters

US CapitolTHE FEDERAL BUREAU OF Investigation and the New York Police Department gave Capitol Police officials specific warnings that supporters of United States President Donald Trump were determined to engage in serious violence on January 6, according to federal officials. The FBI even made contact with known far-right radicals across the United States in early January, and warned them not to travel to Washington for the pro-Trump rally that resulted in the bloody attack on the US Capitol, according to NBC News.

Citing “senior law enforcement officials”, including “a senior FBI official”, NBC reported on Sunday that the FBI had “credible and actionable information” about specific far-right radicals who intended to join the protest on January 6. This information was allegedly communicated to Capitol Police officials, according to the report. The senior FBI official, who is not named in report, told NBC that the Bureau made contact with those radicals and warned them not to travel to Washington for the protest. Citing “multiple law enforcement officials”, the news network also said that the Capitol Police was given extensive intelligence by NYPD about planned acts of violence on January 6. The intelligence was “specific”, “detailing the threats and extremist rhetoric on social media”, according to the news network.

Despite these warnings, however, Capitol Police reportedly turned down an offer of assistance by the US National Guard three days before the fateful siege of the Capitol Building Complex by thousands of pro-Trump insurgents, many of whom were armed. According to the Associated Press, despite the advanced and detailed warnings given to it, “the Capitol Police planned only for a free speech demonstration”.

Meanwhile, the experts warning of a significant risk of widespread violence on January 20, when President-Elect Joe Biden is scheduled to be sworn into office, are growing in number. On Sunday, Cindy Otis, a former Central Intelligence Agency analyst and vice-president of the Alethea Group, which tracks online threats, warned that “we are in a tinderbox situation right now”. She pointed to numerous threats made online, which claim that last Wednesday’s attack on the Capitol was “just a taste of things to come”. There are reports that far-right insurgents are preparing for a violent showdown in DC, aimed at preventing Biden from entering the White House on January 20. Other reports suggest that groups of insurgents seek to organize synchronous potentially violent rallies in every state of the union that day.

Author: Joseph Fitsanakis | Date: 11 January 2021 | Permalink

%d bloggers like this: