Analysis: The mysterious case of IDF ‘Officer X’ who died in an Israeli prison

Aviv Kochavi

The State of Israel has been in turmoil for several weeks, after it became known that an outstanding officer in one of the elite technological units of the Israel Defense Forces (IDF) Intelligence Division (Israel Military Intelligence, or IMI) was found dead while in custody in a military prison. He had been serving an eight-month sentence on suspicion of causing serious security damage to a critical intelligence technological system. The IDF’s chief of staff, Major General Aviv Kochavi (pictured), said in relation to the case: “The officer from the IMI committed very serious offenses. He committed them on purpose, for reasons I cannot describe. He almost [revealed] a big secret and we stopped it in the [last] minute”.

After the officer’s death, it was revealed by the IDF that his arrest was not a case of treason, or espionage and that he acted for personal, rather than for ideological, nationalistic or financial motives. Following public pressure about IDF’s handling of the matter and the unclear circumstances of the officer’s death, the IDF has provided some more details.

Officer X, who, according to an American website was named Tomer Aiges, was a 25-year-old captain with three honorary awards by the IMI. He had graduated from high school while simultaneously receiving a BSc in computer sciences at the age of 18. Before enlisting in the IDF, he worked in several hi-tech companies in Israel. People who worked with him there testified that he was a young man with extraordinary technical abilities, which is why he was recruited to the technology unit of the IMI.

There are two main issues of concern among the Israeli public. One is how the officer was held in custody for a long time without being brought to trial, even though a serious indictment —the details of which are not known— was filed against him, and when no one except his parents knew about it. To the young man’s acquaintances it seemed that he had mysteriously disappeared. What is more, much of his page on Facebook was deleted and no further updates appeared following his arrest. It was reported that during his arrest, there was a process of criminal mediation, in which the State of Israel sought to sentence him to ten years in prison.

The second problematic issue concerns the circumstances of his death. There are many questions about to how he could have died when his detention cell was under non-stop surveillance by closed-circuit cameras. Further questions remain as to why the investigation into the circumstances of his death has yet to be completed. There have been demands by Israeli former intelligence officers to hand over the investigation to a civilian inquiry committee headed by a Supreme Court judge, as there is grave concern that the IDF could be hiding information that could demonstrate it was negligent in protecting the officer’s life.

The publication of additional details about this case is subject to a strict ban by the Israeli military censorship —it should be noted that Israel is the only Western country that exercises security censorship. The Israeli public is eagerly awaiting the publication of further details about the circumstances of the death of the intelligence officer, Officer X.

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA).

Author: Avner Barnea | Date: 18 June 2021 | Permalink

Russian actors had access to Dutch police computer network during MH17 probe

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

Operation Guardian of the Walls: Israel’s double intelligence failure

Lod Israel

For several days now, a war has been going on between the State of Israel and the Hamas organization that controls the Gaza Strip. The confrontation began after unrest broke out among Palestinians in Judea and Samaria, who raised allegations of Israeli damage to the Temple Mount and the Al-Aqsa Mosque. In firing missiles at Israel, Hamas tries to portray itself as protecting the sanctuaries of Islam in Jerusalem. In doing so, it seeks to strengthen its political position in Judea and Samaria against the Palestinian Liberation Organization (PLO), which is leading the Palestinian Authority. Since then, Israel has been using airstrikes against targets in Gaza, while Hamas has been firing hundreds of missiles at Israel daily. Israel is desperately trying to undermine Hamas’ military and operational capabilities, including armaments factories, while also eliminating senior commanders of the organization.

Hamas’ missile attacks managed to surprise Israel. Israeli intelligence (the Israeli Military Intelligence, known as IMI, and the Israeli Security Agency, ISA) previously estimated that Hamas’ goal was to maintain the status quo, and was not ready to initiate attacks against Israel. Not only did Israeli intelligence err in assessing Hamas’ intentions, but Hamas Q Quotesurprised observers with its range of weapons, such as long-range missiles with a reach that is in excess of 150 miles. This constitutes a strategic surprise for Israel. So far (May 13, 2021), Hamas has fired about 1,500 missiles at Israel, most of which have been intercepted by Israel’s air defense system called the Iron Dome.

At the same time, extensive riots broke out within Israel between Palestinian Israeli Arabs and Israeli far-right groups. The attacks have spread throughout the country, and the Israeli police appear unable to control them. The ISA is responsible for monitoring terrorism-related developments in the area of political subversion, including assessing the intentions of Israeli Arabs and the level of threat posed by these intentions. It appears that the ISA, was completely surprised by recent developments. The spontaneous mobilization of Israeli Arabs stems from fears that Israel intends to harm the Temple Mount and the Al-Aqsa Mosque. It is also a form of identification with their brethren in the Gaza Strip. At present, the government of Israel has not managed to restrain the mobilization of the Israeli Arabs.

In conclusion, Israeli intelligence demonstrates two blind spots. One concerns Hamas’ intentions and offensive capabilities. The other concerns misreading the intentions and degree of threat to public order in Israel by Israeli Arabs. This is why the military clash between Israel and Hamas, as well as the riots by Israeli Arabs, have not yet ended.

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA).

Author: Avner Barnea | Date: 14 May 2021 | Permalink

Opinion: Israel Security Agency should tackle organized crime in the Arab sector

Israeli policeLAST MONTH I WROTE an article on Ynet, Israel’s most popular news website, calling on the Israel Security Agency (ISA) to prevent organized crime in the Arab sector in Israel, which has reached a level that the police cannot deal with. The article caused a broad public debate in Israel, as it marked the first time that the ISA was urged to take responsibility outside its security jurisdiction. It elicited public support, as well as opposition against perceived further invasion of privacy and granting additional powers to the ISA.

Crime in the Arab sector in Israel —especially murders— has reached record highs and is rising year after year. In 2020, over 100 people were killed in the Arab sector. There are many allegations that the police are failing to stop this murky wave of crime. The police are at a loss. The opening of more police stations in the Arab sector and increases in the forces allocated to the Arab sector have not made an impact on this gloomy picture.

The most serious crime in the Arab sector, especially organized crime, requires making out-of-the-box, inventive decisions. The Israel Police is not succeeding in this for several reasons: it has no quality intelligence; there is public distrust in the police that prevents citizens from cooperating with it; the police are perceived as an unreliable body that cannot maintain the confidentiality of sources; and mainly because the police is not an intelligence-oriented organization. The issue of crime in this sector, much of which is organized, requires advanced intelligence capabilities and only the ISA knows how to deal with organizations and individuals operating in secret. This is because the ISA has gained vast experience in covering the Arab sector in Israel for counterintelligence reasons. Read more of this post

FBI, NYPD forewarned Capitol Police of serious violence by Trump supporters

US CapitolTHE FEDERAL BUREAU OF Investigation and the New York Police Department gave Capitol Police officials specific warnings that supporters of United States President Donald Trump were determined to engage in serious violence on January 6, according to federal officials. The FBI even made contact with known far-right radicals across the United States in early January, and warned them not to travel to Washington for the pro-Trump rally that resulted in the bloody attack on the US Capitol, according to NBC News.

Citing “senior law enforcement officials”, including “a senior FBI official”, NBC reported on Sunday that the FBI had “credible and actionable information” about specific far-right radicals who intended to join the protest on January 6. This information was allegedly communicated to Capitol Police officials, according to the report. The senior FBI official, who is not named in report, told NBC that the Bureau made contact with those radicals and warned them not to travel to Washington for the protest. Citing “multiple law enforcement officials”, the news network also said that the Capitol Police was given extensive intelligence by NYPD about planned acts of violence on January 6. The intelligence was “specific”, “detailing the threats and extremist rhetoric on social media”, according to the news network.

Despite these warnings, however, Capitol Police reportedly turned down an offer of assistance by the US National Guard three days before the fateful siege of the Capitol Building Complex by thousands of pro-Trump insurgents, many of whom were armed. According to the Associated Press, despite the advanced and detailed warnings given to it, “the Capitol Police planned only for a free speech demonstration”.

Meanwhile, the experts warning of a significant risk of widespread violence on January 20, when President-Elect Joe Biden is scheduled to be sworn into office, are growing in number. On Sunday, Cindy Otis, a former Central Intelligence Agency analyst and vice-president of the Alethea Group, which tracks online threats, warned that “we are in a tinderbox situation right now”. She pointed to numerous threats made online, which claim that last Wednesday’s attack on the Capitol was “just a taste of things to come”. There are reports that far-right insurgents are preparing for a violent showdown in DC, aimed at preventing Biden from entering the White House on January 20. Other reports suggest that groups of insurgents seek to organize synchronous potentially violent rallies in every state of the union that day.

Author: Joseph Fitsanakis | Date: 11 January 2021 | Permalink

Analysis: US Capitol attack marks the beginning of a prolonged period of insurrection

Rightwing militancy 2021IF WEDNESDAY’S ATTACK ON the United States Capitol Complex was part of a coup d’état, then the American political system should be considered safe for the time being. The mob that ransacked the Capitol was disordered, leaderless, and appeared to have no coordination, or even direction. However, the broader militant movement that it represents is evolving very rapidly. If left unchecked, it will be able to turn its weaknesses into strengths and spell major trouble ahead for the already stormy waters of American politics. The nation’s law enforcement and security agencies must therefore prepare for a period of widespread insurrection, some of which will be armed and lethal in nature. Insurrectionist acts are likely to occur across the nation, and may last for months, if not longer.

WHO CARRIED OUT THE ATTACK?

Wednesday’s attack was carried out by what can be described as the militant wing of the American nationalist-populist movement. This wing is not strictly representative of the US president’s broader political base. Its members see themselves as vanguard soldiers who are prepared to take extreme action to avert President Trump’s imminent departure from the White House. Such militant attitudes are not typical among Trump voters. Yet this vanguard is revered by Trump’s political base, a sizeable portion of which appears to be in support of Wednesday’s attack on the US Capitol. Indeed, early polling by YouGov suggests that over 40 percent of Republican voters strongly or somewhat support the attack on the US Capitol.Q Quote 1

Many members of this frontline force belong to organized militant cells, like the Oath Keepers, the Three Percenters, and —more recently— the Proud Boys. But these groups provide limited operational direction to their members, and were certainly not commanding Wednesday’s events. In fact, an audiovisual analysis of the attack shows that most of the assailants operated in makeshift groups and many didn’t even know each other’s names. There were no leaders directing the attacks on Wednesday. It is indeed likely that the militant figureheads of the movement were as surprised by the turn of events as the hapless members of the US Capitol Police.

HOW WAS THE ATTACK PREPARED?

Many of the assailants were armed with tactical equipment, as well as with clubs, shields, chemical irritants, knives and other weapons. It also appears that at least one group of insurgents arrived at the Capitol with ropes, which they subsequently used to scale its walls. This points to earlier planning and coordination, which likely involved at least some reconnaissance. Read more of this post

Isaac Shoshan, Israeli undercover operative and case officer, dead at 96

MossadIsaac Shoshan, an Israeli undercover operative, who was involved in some of Israel’s most daring and controversial intelligence operations for over 40 years, has died. In 1990, Shoshan co-authored the book Men of Secrets, Men of Mystery with another Israeli former intelligence officer, Rafi Sutton. In 2019, his career was featured in the book Spies of No Country: Secret Lives at the Birth of Israel, written by the Israeli-Canadian journalist Matti Friedman.

In 1942, Shoshan, a Syrian Jew, traveled for the first time from his native Aleppo to Palestine, which was then under a British mandate. The 18-year-old was soon recruited by the Palmach, the intelligence wing of the Haganah, an armed underground Zionist organization. He carried out undercover work under the Palmach’s so-called ‘Arab Section’, or ‘Arab Platoon’, which consisted of Zionist paramilitaries and intelligence collectors who had grown up speaking Arabic.

After undergoing Islamic religious and cultural training, Shoshan participated in a Palmach operation to kill Sheikh Nimr al-Khatib, in early 1948. Al-Khatib was a Palestinian warlord that the Haganah feared would lead an Arab insurrection against Israel after the impending British withdrawal from Palestine. Although the assassination operation failed, al-Khatib was seriously injured and effectively incapacitated for the rest of his life.

Shoshan was then tasked with carrying out operations in several Arab countries, posing as an Arab. His base was Beirut, where he operated a taxi and worked at a kiosk as a cover. His activities included an elaborate assassination operation against Lebanon’s Prime Minister, Riad al-Suhl, which was aborted at the last minute by the Israeli leadership.

In the mid-1950s, Israeli intelligence disbanded its Arab units, following several failed operations, such as the so-called ‘Lavon affair’, which led to the arrests and executions of some of its undercover operatives. At that time, Shoshan was recalled to Israel, where he began to work as a case officer, with occasional undercover trips abroad, during which he posed as an Arab. He retired in 1982, but continued to carry out contracting work for the Mossad and other Israeli intelligence agencies until the late 1980s.

Author: Joseph Fitsanakis | Date: 05 January 2021 | Permalink

Year in review: The biggest spy-related stories of 2020, part III

End of Year ReviewSince 2008, when intelNews was launched, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2021 may bring in this highly volatile field, we present you with our selection of the top spy stories of 2020. They are listed below in reverse order of significance, starting from 10 and leading up to 1. This is part three in a three-part series. Part one is available here and part two is here.

01. COVID-19 prompts spy agencies’ mission shift that is ‘reminiscent of the space race’. The worldwide competition to invent a vaccine that can curtail the spread of COVID-19, and to secure sufficient quantities of the vaccine, has prompted a mission shift in major intelligence agencies around the world. This mission shift is taking place with such speed that it is “reminiscent of the space race”, according to The New York Times. In an article published in September, the paper cited “interviews with current and former intelligence officials and others tracking the espionage efforts”, who suggest that the mission shift observed in spy agencies worldwide has been among the fastest in history.

02. Swiss neutrality ‘shattered’ as leading cryptologic firm revealed to be CIA front. Switzerland continues to reel from the shock caused by revelations in February that Crypto AG, the world’s leading manufacturer or cryptologic equipment during the Cold War, whose clients included over 120 governments around the world, was a front company owned by the United States Central Intelligence Agency. The revelation, published by The Washington Post and the German public broadcaster ZDF, confirmed rumors that had been circulating since the early 1980s, that Crypto AG had made a secret deal with the US government. According to this year’s revelations, the CIA and West Germany’s Federal Intelligence Service (BND) secretly purchased the Swiss company and paid off most of its senior executives in order to buy their silence. The secret deal allegedly allowed the US and West Germany to spy on the classified government communications of several of their adversaries —and even allies, including Italy, Spain and Greece, as well as Austria, Jordan, Saudi Arabia and the United Arab Emirates.

03. Danish spy service helped US collect intelligence on NATO allies. There was surprise among intelligence observers in August, when Lars Findsen, director of the Danish Defense Intelligence Service (FE, or DDIS in English) was “relieved of duty for the time being”. The Danish Ministry of Defense said the decision was taken following “a series of whistleblower revelations”. We now know the reason: apparently a secret arrangement between Danish and American intelligence agencies enabled Washington to collect intelligence on Danish citizens, as well as spy on some of its closest European allies, including Germany, France, Sweden, Norway, and Holland. The revelation prompted a heated political discussion in Denmark, while Norwegian, Swedish and Dutch authorities launched investigations into the alleged spying. Some in Denmark called for the Minister of Defense, Trine Bramsen, to release to the public a four-volume report government produced about the alleged Danish-US spy collaboration. This has not yet happened.

04. US forces are secretly helping the Taliban fight the Islamic State in Afghanistan. The original reason the United States sent troops to Afghanistan was to fight al-Qaeda and its local allies, the Taliban. Now, however, it appears US forces are helping the Taliban defeat the Islamic State in northeastern Afghanistan. The American military’s newfound role in Afghanistan reportedly reflects the view of the White House that the Taliban have no aspirations outside of Afghanistan, while the Islamic State seeks to challenge America’s interests worldwide. According to The Washington Post‘s military affairs reporter Wesley Morgan, US Joint Special Operations Command (JSOC) forces in Afghanistan have been instructed to provide air cover to Taliban forces as they fight the Islamic State. The resources used in that capacity consist of weaponry that was initially deployed against the Taliban, but is now being secretly repurposed to assist the Taliban in their fight against the Islamic State. According to Morgan, the JSOC team in Kunar, which provides air cover to the Taliban, jokingly refers to itself as the “Taliban air force”. It is unclear whether al-Qaeda, which is a close ally of the Taliban, is benefiting from that assistance.

This is part three in a three-part series. Part one is available here and part two is here.

Author: J. Fitsanakis and I. Allen | Date: 31 December 2020 | Permalink

Year in review: The biggest spy-related stories of 2020, part II

Year in ReviewSince 2008, when intelNews was launched, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2021 may bring in this highly volatile field, we present you with our selection of the top spy stories of 2020. They are listed below in reverse order of significance, starting from 10 and leading up to 1. This is part two in a three-part series. Part one is available here. Part three will be published on Thursday.

05. A group of foreign mercenaries, including Americans, organized a failed coup in Venezuela. In early May, Venezuelan authorities stopped Operation GEDEÓN, an attempt by around 60 armed mercenaries and local dissidents to forcibly remove President Nicolás Maduro from office. The plan centered on infiltrating Venezuela by sea and capturing the Simón Bolívar International Airport, in an attempt to arrest and expel Maduro and other senior cabinet members. It appears, however, that the operation had been infiltrated by Venezuelan government spies and informants. At least two Americans participated in the failed operation, which was allegedly masterminded by Major General Clíver Alcalá Cordones a Colombia-based retired military officer who has since entered US custody on drug-trafficking charges. It has also been alleged that the coup was launched from Colombia with the support of Silvercorp USA, a private security group led by Jordan Goudreau, a Canadian-born former sergeant in the US Green Berets. Allegations by the Venezuelan government that the coup was also supported by the Central Intelligence Agency have not been corroborated with evidence.

06. Argentine ex-president and spy agency leaders indicted in wiretapping probe. In Argentina, a widening investigation into a domestic spying program was broadened to include Mauricio Macri, the country’s former president, and the spy chief that served under him. The alleged espionage took place between 2015 and 2019, when Macri served as the first democratically-elected non-Peronist president of Argentina. But the country’s current president Alberto Fernández, has pledged to reform the security agency, which is known as the Federal Intelligence Agency (AFI, formerly SIDE). In June, the government gave a federal court in Buenos Aires a deposition containing list of over 80 names of Argentine citizens who were allegedly spied on by the AFI without a warrant during Macri’s administration. Since that time, the court has been investigating, aside from Macri, Gustavo Arribas, who served as AFI director under Macri, as well as his deputy director in the spy agency, Silvia Majdalani, and her brother-in-law, Darío Biorci. The names of other alleged culprits remain secret, reportedly because they are still serving as undercover agents in the AFI.

07. One of the world’s most wanted men may have worked for several spy agencies. Austrian financier Jan Marsalek, dubbed by some as “the world’s most wanted man”, is connected with the sudden collapse of Wirecard AG in Germany. Wirecard (est. 1999) was a German provider of financial services, such as electronic payment transaction systems. It declared insolvency in June, after an audit revealed that nearly €2 billion ($2.3 billion) were missing from its accounts. Marsalek, who had worked as Wirecard’s chief operating officer since 2010, was last seen heading to Manila, Philippines, before vanishing into thin air. An investigative report by The Financial Times revealed that his entrance record into the Philippines had been forged, probably by an intelligence agency. Some claim that Marsalek is now under Russian protection. Other reports suggest that he may have worked “for several intelligence agencies at the same time” prior to his disappearance, including as an informant for the Austrian Office for the Protection of the Constitution and Counterterrorism (BVT). Meanwhile, Marsalek’s whereabouts remain unknown.

This is part two in a three-part series. Part one is available here. Part three will be published on Thursday.

Author: J. Fitsanakis and I. Allen | Date: 30 December 2020 | Permalink

Year in review: The biggest spy-related stories of 2020, part I

End of Year ReviewSince 2008, when intelNews was launched, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2021 may bring in this highly volatile field, we present you with our selection of the top spy stories of 2020. They are listed below in reverse order of significance, starting from 10 and leading up to 1. This is part one in a three-part series. Part two will be available on Wednesday and part three on Thursday.

08. Spanish high court broadens illegal wiretap probe to include senior politicians. In September, Spain’s highest criminal court broadened the scope of the Gürtel case, which refers to one of the most extensive corruption scandals in Spanish political history. It centers on an extensive network of tax evasion, bribery and money laundering, which brought together leading business executives, criminal kingpins, and senior politicians from Spain’s conservative Partido Popular (PP). In 2018, the scandal effectively brought an end to the government of conservative Prime Minister Mariano Rajoy, and has virtually annihilated the PP’s once robust electoral popularity. But this corruption investigation is now resulting in several related probes, among which is Operation KITCHEN, an espionage effort connected to the Gürtel case, which targeted Luis Bárcenas, a PP senator and treasurer. It turns out that, once senior government executives realized Bárcenas was about to turn government witness, they set up an espionage operation aimed at preventing him from doing so. Now a new series of prosecutions is taking place in connection to Operation KITCHEN, involving leading PP figures.

09. Massive hacker attack triggers emergency US National Security Council meeting. The computer systems of the United States government are targeted by hackers every minute of every day. These attacks do not usually prompt emergency meetings of the National Security Council —the country’s most senior decision-making body, which is chaired by no other than the president. But the massive data breach that was uncovered earlier this month did just that, with some experts describing it as potentially being among “the most impactful espionage campaigns on record”. Although only discovered two weeks ago, the cyberespionage campaign is believed to date to last spring, possibly as early as March. Sources called it a highly sophisticated operation that originated from a “top-tier” adversary —a term that refers to a handful of state actors that have access to the most elite cyber operatives and advanced technologies in existence. It will take weeks to uncover the extent of the damage caused by this breach, and many months —possibly even longer— to recover from it. Security expert Bruce Schneier said that, in order to fend off against “persistent access, the only way to ensure that your network isn’t compromised is to burn it to the ground and rebuild it, similar to reinstalling your computer’s operating system to recover from a bad hack”.

10. In extremely rare move, Russia’s spy agency disclosed identities of undercover officers. The Russian Foreign Intelligence Service (SVR), which inherited the external intelligence functions of the Soviet-era KGB, does not usually disclose the identities of its undercover operatives. But in January of this year, in an extremely rare move, its director, Sergei Naryshkin, did just that during a commemoration event marking the centenary of the KGB and the SVR. The identities of seven non-official-cover officers, referred to in Russian as ‘pазведчики-нелегалы’, or ‘illegals’ —most of whom are now retired or dead— were disclosed along with brief biographical notes. The term illegals refers to undercover intelligence officers who are secretly posted abroad without diplomatic cover. Accordingly, they have no official connection to a Russian diplomatic facility, while some even pose as citizens of third countries. The accompanying biographies released by the SVR disclose no specifics about the countries in which these illegals operated, the type of work they carried out, and the specific dates in which they were active. Most of them operated between the late 1960s and the early 1990s.

This is part one in a three-part series; Part two will be available on December 30 and part three on December 31.

Author: J. Fitsanakis and I. Allen | Date: 29 December 2020 | Permalink

Holland expels two Russian diplomats, summons Kremlin envoy to issue protest

AIVD HollandOn 10 December 2020, the Dutch Minister of the Interior and Kingdom Relations, Kajsa Ollongren, sent a letter to the House of Representatives to inform them about the disruption of a Russian espionage operation in the Netherlands by the Dutch General Intelligence and Security Service (AIVD).

In connection with Ollongren’s revelations, two Russians using a diplomatic cover to commit espionage on behalf of the Russian Foreign Intelligence Service (SVR) were expelled from the Netherlands. The Russian ambassador to the Netherlands was summoned by the Dutch ministry of Foreign Affairs, which informed him that the two Russians have been designated as persona non grata (unwanted persons). In an unusual move, the AIVD also issued a press statement about this incident in English. The AIVD also released surveillance footage (see 32nd minute of video) of one of the two Russian SVR officers meeting an asset at a park and exchanging material.

The two expelled persons were officially accredited as diplomats at the Russian embassy in The Hague. Minister Ollongren says one of the two SVR intelligence officers built a “substantial” network of sources working in the Dutch high-tech sector. He pursued unspecified information about artificial intelligence, semiconductors, and nano technology that has both civilian and military applications. The Netherlands has designated “High Tech Systems and Materials” (HTSM) as one of 10 “Top Sectors” for the Dutch economy.

In some cases the sources of the SVR officers received payments for their cooperation. According to Erik Akerboom, Director-General of the AIVD, said the agency had detected “relatively intensive” contact between sources and the SVR officers in ten cases. The case involves multiple companies and one educational institute, whose identities have not been revealed. The minister states in her letter that the espionage operation “has very likely caused damage to the organizations where the sources are or were active, and thereby to the Dutch economy and national security”.

The minister announced that the Immigration and Naturalization Service (IND) will take legal action against one source of the two Russians, on the basis of immigration law. The minister also announced that the government will look into possibilities to criminalize the act of cooperating with a foreign intelligence service. Currently, that act on and by itself is not a punishable offense. Under current Dutch and European law, legal possibilities do exist to prosecute persons for violation of confidentiality of official secrets or company secrets.

This newly revealed espionage operation follows other incidents in the Netherlands, including a GRU operation in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in The Hague, and a case in 2015 involving a talented Russian physicist working on quantum optics at the Eindhoven University of Technology. In the latter case, no information was made public about what information the physicist sold to Russian intelligence services. And in 2012, a senior official of the Dutch Ministry of Foreign Affairs was arrested for intending to sell classified official information to a Russian couple in Germany who spied for Russia. He was eventually given an eight year prison sentence.

Author: Matthijs Koot | Date: 14 December 2020 | Permalink

Opinion: Mishandled analysis of 1982 Tyre attack had implications for US, France

1983 Beirut barracks bombings

BETWEEN 1982 AND 1983, 450 defense personnel and civilians from Israel, the United States and France were killed in Lebanon as a result of four consecutive terrorist attacks conducted by Hezbollah. For years, questions have been raised whether these attacks could have been prevented.

In 2000, a senior Israel Security Agency (ISA) official wrote a report on the huge explosion in the Israeli compound in Tyre, Lebanon, in 1982. Based on the available intelligence, he reached a firm conclusion: it was a suicide bombing by a Shiite terrorist inside a booby-trapped vehicle, and not a gas balloon explosion, as was officially claimed. Requests to publish the new report with the recent conclusions were denied by ISA senior officials, for reasons that remain unknown. This prompted questions and strong doubts among counterterrorism experts and the Israeli the public, about whether the initial report from 1982 was actually a serious mistake of judgement, or even a cover-up.

Twenty years later, in November 2020, an investigative article was published in Israel by Ronen Bergman, which shed light on new details indicating a high probability that the attack in Tyre was a Hezbollah terrorist attack and not a result of an explosion of gas balloons. The article stated that in 1982 Israeli authorities, especially the ISA, were not ready to admit that their intelligence missed the attack and did not stop it in time. As a result, lessons were not learned regarding the immediate need to strengthen the security of foreign compounds in Lebanon against possible threats from Hezbollah. In 1983 Hezbollah used the same modus operandi of car bombs to attack US and French forces in Beirut and later the —then new— Israeli compound of Tyre.

Read more of this post

Opinion: Yitzhak Rabin’s assassination 25 years ago was an intelligence failure

Rabin Arafat

THE ASSASSINATION OF YITZHAK Rabin, Prime Minister of Israel, on the evening of November 4, 1995, by an extreme right-wing Jew was one of the most traumatic events in the history of the State of Israel. Contrary to the public perception that the assassination happened as a result of a security failure and poor management of the Israel Security Agency (ISA), I argue that the murder was mainly due to an ISA intelligence failure.

“The Shamgar Inquiry Commission”, as it was known because it was chaired by Meir Shamgar, former president of the Supreme Court, submitted its report in March 1996. This commission found significant failures in the security measures taken by the ISA to protect the late Prime Minister. But, in my opinion, its findings were seriously wrong, as it avoided diving into the major intelligence failure that led to this tragic incident.

On the evening of November 4, 1995, Israeli Prime Minister Yitzhak Rabin was killed by Yigal Amir, a 27-year-old student who was known as an extreme rightwing activist. Amir was waiting for the prime minister next to his car and shot Rabin three times from a close distance, in spite of the fact that four of Rabin’s bodyguards were surrounding the prime minister. Amir claimed to have done it “for Israel, for the people of Israel and the State of Israel”. He was found guilty and was sent to serve a life sentence in prison.

The progress in the peace process with the Palestinians, known as the Oslo Accords of 1993, allowed the political breakthrough of a peace agreement with Jordan in October 1994. Rabin was awarded the 1994 Nobel Peace Prize, along with Yasser Arafat and Shimon Peres, for their role in the creation of the Oslo Accords.

Read more of this post

Soviets penetrated West German spy agency by recruiting ex-Nazis, research shows

Heinz FelfeTHE SOVIET UNION INFLICTED incalculable damage to West German spy agencies —and by extension to their American patrons— by recruiting dozens of former Nazis who populated the ranks of West German intelligence after World War II. These are the preliminary conclusions of a study into the topic by Danny Orbach, a lecturer in history at Hebrew University in Jerusalem, which relies on recently declassified documents from American and German intelligence agencies.

Following the end of World War II and the partition of Germany, the Federal Republic of Germany —commonly known as West Germany— established a new intelligence agency, the Federal Intelligence Service (BND). Under American and British tutelage, the BND focused on combatting communist subversion, with the German Democratic Republic —East Germany— and the Soviet Union as its main intelligence targets.

Between 1956 and at least 1971, the BND employed hundreds of former members of Germany’s Nazi-era intelligence agencies. These included the Gestapo (wartime Germany’s Secret State Police) and the Sicherheitsdienst (Security Service), which was the intelligence of the Nazi Party’s paramilitary wing, the SS. The reason for hiring these officers is that they were experts in anti-communist operations, having spent many years working against the Soviet Union and its supporters inside Germany. Their criminal past as members of some of the Nazi war machine’s most ruthless elements was ignored. Eventually their files were destroyed by an embarrassed BND in the 1960s and 1970s.

But Orbach’s study shows that many of these former Nazi intelligence officers felt no allegiance to West Germany —which they saw as a superficial American creation. Additionally, many were opportunists and thrill-seekers, and actively sought to sell secrets to foreign intelligence agencies. Although these former Nazis “worked as mercenaries and moles for the highest bidder”, most were recruited by the Soviet Union, says Orbach. Several were led by feelings of vengeance against the West, which they blamed for Germany’s defeat in the war.

Among these former Nazis was Heinz Felfe, a former officer in the Sicherheitsdienst from Dresden, who “despised the Americans” for destroying his home city, says Orbach. He rose through the ranks of the BND, eventually becoming head of Soviet counterespionage. Felfe gave the Soviets thousands of classified BND files and single-handedly exposed the identities of at least 100 agents of the Central Intelligence Agency behind the iron curtain, according to Orbach. He was eventually arrested and imprisoned in 1961, but was released in 1969 in exchange for 21 Western citizens held in the Soviet Union. He lived most of the remainder of his life in the Soviet Union and East Germany. He died in 2008.●Orbach told the Israeli newspaper Haaretz that he plans to include unpublished information about the Soviet Union’s penetration of the BND in an upcoming book, which will detail the work of former Nazi officers in the BND during the Cold War.

Author: Joseph Fitsanakis | Date: 30 October 2020 | Permalink

Analysis: The second intifada, a spontaneous act that shocked Israelis and Palestinians

Guest Ed PostOn the 20th anniversary of the outbreak of the second intifada (October 2000), the debate arises again in Israel as to whether the Palestinian move was an initiative of Chairman Arafat and the Palestinian Authority or whether it was a spontaneous evolution on the Palestinian side that largely surprised not only Israel but also the Palestinians.

One opinion in Israel states that the intifada was the result of an initiative by the head of the Palestinian Authority, Yasser Arafat, and that Israeli intelligence knew about it in advance and warned Prime Minister Ehud Barak, who did not listen. This opinion was expressed in the memoirs of Maj. Gen. Res. Amos Gilad, formerly the head of the research division in the Israeli Military Intelligence (IMI) and former Israel Defense Forces (IDF) chief of staff, Lieutenant Gen. Res. Moshe (Boogie) Ya’alon. However, the picture presented by the two former IDF senior personalities seem to be wrong, and in this article, I’ll present another view showing that actually, the IMI (which is responsible for Israel’s national intelligence estimates), contrary to its allegation, failed to predict the Palestinian moves and did not warn the IDF and the Prime Minister to prepare for the intifada.

The different and probably correct opinion has been argued by the ISA (Israel Security Agency, known also as Shabak or the Shin Bet) former managing directors at the time, who discussed the event very openly and presented a clear conclusion: namely that Palestinian Authority Chairman Arafat did not initiate the intifada but was as much surprised by it as was Israel. The source of the views presented by ISA leaders is the book The Gatekeepers (in Hebrew) by David Moreh (2014), in which six former ISA leaders were interviewed. Among other things, the book raised the question of how the second intifada broke out. It is important to mention that there is no doubt in Israel that the ISA is the organization that has the best intelligence on the Palestinian territories. Read more of this post