intelNews

British soldier who spied for Iran found guilty of espionage and terrorism

December 2, 2024 4 Comments

Wandsworth prison DANIEL KHALIFE, A BRITISH soldier who spied for Iran, has been found guilty of espionage and terrorism, in a case that has revealed serious vulnerabilities in the British security clearance-vetting system. The then-20-year-old Khalife was arrested in January 2022 while serving on active duty in Staffordshire, in Britain’s Midlands region. He was charged with violating the Official Secrets Act 1911 and the Terrorism Act 2000.

Prior to his arrest, Khalife was reportedly seen by his fellow soldiers and superiors as a promising soldier. Having joined the British Army at 16, he was quickly promoted to lance corporal (the lowest ranking of a non-commissioned officer) and cleared to work in the area of signals intelligence. He had also expressed a strong interest in joining the Special Air Service (SAS), which are the British Army’s special forces.

However, on November 9, 2021, Khalife voluntarily called the national security concerns hotline of the British Security Service (MI5). He told the operator on the other end of the line that he was a British soldier who had been spying for Iran for “more than two years”, but had now decided to become a double agent by cooperating with the British government. Khalife called again, and although he did not identify himself during the telephone conversations, MI5 was able to track him.

It has since become known that Khalife began spying for Iran when he was just 17 years old, shortly after joining the British Army. Over the next two years, Khalife provided his Iranian handlers with information about the identities of SAS personnel, military computer systems, as well as government surveillance programs and hardware, including unmanned aerial vehicles. Throughout that time, he communicated with his Iranian handlers via the Telegram instant messaging service, or via dead drops in Britain, as well as during trips abroad.

Shockingly, Khalife was temporarily able to escape justice twice following his arrest. In January 2023, he disappeared while on bail. He was found after nearly a month, living in a stolen van, which he had converted into a rudimentary camper. In September of that year, Khalife escaped from Wandsworth prison (pictured) in southwest London, by hiding beneath a delivery vehicle. He was captured three days later and eventually taken to court, where he was convicted and is now awaiting sentencing.

According to reports, British authorities are still unable to piece together the entirety of the information that Khalife shared with the Iranians. Consequently, the full extent of the damage he caused to British national security remains unknown. What is clear is that the Khalife case has exposed serious vulnerabilities in the security clearance-vetting process, which is “lacking in a lot of ways” —not least in the fact that it relies largely on self-reporting, as one expert told The Guardian newspaper on Saturday.

► Author: Joseph Fitsanakis | Date: 02 December 2024 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with British Army, counterintelligence, Daniel Khalife, Iran, Official Secrets Act (UK), Terrorism Act (UK), UK

Russia using nontraditional means to gather intelligence, Finland warns

November 18, 2024 3 Comments

SUPO Finland RUSSIA’S NEED TO GATHER intelligence from Scandinavian targets has increased considerably since Finland and Sweden joined the North Atlantic Treaty Organization (NATO), prompting Moscow to seek nontraditional means of collecting intelligence, according to Finland’s spy agency. A new report by the Finnish Broadcasting Company (Yle) relays a warning by the Finnish Security and Intelligence Service (SUPO) that Russian spies are increasingly operating in Scandinavia without relying on diplomatic protection.

Human intelligence (HUMINT) operations are typically carried out of diplomatic facilities by intelligence officers who enjoy various degrees of diplomatic immunity. Such protections are seen as crucial for the safety of intelligence personnel, who tend to engage in illegal activities while stationed abroad. However, the number of Russian intelligence officers who are based in diplomatic facilities in Finland and elsewhere in Scandinavia has “significantly decreased” in recent years, according to the Yle report.

The reason for the decline in numbers rests with the numerous expulsions of Russian diplomatic personnel —which include intelligence officers— that took place throughout Europe in the months following Russia’s February 2022 invasion of Ukraine. Since then, Finland is one of dozens of European countries that have repeatedly denied Russia’s requests for the issuance of diplomatic visas. As a result, Russian embassies and consulates in Finland remain understaffed and mostly devoid of intelligence personnel.

In response to this new reality, the Kremlin has been experimenting with using nontraditional HUMINT collectors. The latter are not based in diplomatic facilities and are not protected by diplomatic immunity. Such nontraditional intelligence collectors operate as “journalists or researchers”, according to SUPO. At the same time, Russian intelligence agencies increasingly target for recruitment Finns who life in Russia, or try to recruit them while they are traveling elsewhere in Europe.

Lastly, Russian intelligence agencies are systematically hiring criminals to carry out specific tasks on behalf of the Kremlin, in return for money. Such criminals include computer hackers, who are attracted by the Russian state. Indeed, the Russian government is systematically “providing favorable conditions” for computer hackers to operate out of Russian territory. They receive money and protection in return for letting the Russian state use them as a cover for cyber espionage, sabotage, and influence operations.

► Author: Joseph Fitsanakis | Date: 18 November 2024 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with espionage, Finland, human intelligence, HUMINT, News, non-official-cover, Russia, SUPO (Finland)

Israeli couple who spied for Iran made ample use of digital applications

November 11, 2024 3 Comments

Israel and Iran THE ISRAEL SECURITY AGENCY (ISA) recently announced the arrests of an Israeli couple of Azeri origin on suspicion of spying for Iran. The couple, both 32 years old, were allegedly recruited by an Iranian handler of Azeri origin named Elshan Agheev. As part of their activities, and for about two years, the couple gathered intelligence on critical infrastructure and security sites in Israel, and even conducted surveillance on an academic working for the Institute for National Security Studies, allegedly in order to kill her.

The case demonstrates how software that is easily accessible on the Internet makes it possible to encrypt information communicated between a handler and an agent, as well as how money is transferred to the agent. The official indictment reveals details about the couple’s modus operandi, including the identity of the particular software the spies used to communicate with their Iranian handler.

One of the applications the couple used is Zangi, which facilitates the exchange of encrypted instant messages. According to the company’s website, Zangi offers voice and video calling, text messaging, and file transfer services “without registration and without data collection”. In fact, according to Zangi, the data is saved on the user’s device only. In addition to using the Zangi application, the couple also appear to have used the Zolotaya Korona money-transfer platform. The couple allegedly used the platform in order to receive payments by their Iranian handlers, and to transfer funds to other parties involved in Iranian-led espionage activities inside Israel.

Another application allegedly used by the couple is Ecos Dos, a digital wallet for storing and transferring digital currencies. Ecos Dos is a software wallet that can be installed on a computer or mobile phone. It supports a wide variety of crypto-currencies and is used to store and transfer cryptocurrencies. It is known for its simplicity of use and friendly interface. It is popular among users who wish to maintain anonymity when transacting in digital currencies. It does not require identifying a user’s details when operating, so anyone can create an account and receive funds anonymously.

The suspects are also believed to have used a software called Encryptor in order to encrypt information. This software allows files and folders to be encrypted so that only those who have the encryption key can open them. The couple allegedly used Encryptor to encrypt the information they collected before passing it on to their Iranian handlers, thus making it difficult for Israeli authorities to decipher the information.

The use of these applications attests to the sophistication of the Iranian spy network that was recently busted in Israel, and its efforts to hide its activities inside the Jewish state. The recent indictment against the couple details a collection of serious security offenses, including aiding the enemy in war and providing information to the enemy to harm the security of the state. Iran is clearly stepping up its efforts to recruit Israeli citizens for espionage and terrorist activities.

► Author: Avner Barnea | Date: 11 November 2024 | Permalink

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA). He is the author of We Never Expected That: A Comparative Study of Failures in National and Business Intelligence (Lexington Books, 2021).

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with encryption, espionage, Iran, Israel, News

Israeli citizens arrested on suspicion of working for Iranian intelligence

October 28, 2024 2 Comments

Ronen Bar Israeli Security Agency THE ISRAELI SECURITY AGENCY (ISA) has announced the arrest of 18 Israeli citizens suspected of working for Iranian Intelligence. Among them are seven Israelis, who immigrated to Israel from Azerbaijan, and are suspected of having been in contact for two years with Iranian intelligence. Some of the seven were caught carrying out surveillance against a senior Israeli Air Force officer, whom they were reportedly planning to assassinate.

Israeli authorities accuse the suspects of photographing and collecting information on military bases and facilities, including Air Force bases, Iron Dome battery sites, a power plant, and other energy infrastructure facilities. The suspects are also accused of having received from their Iranian handlers a set of maps of Israeli strategic sites, including the Golani Brigade’s training base, where four Israeli soldiers were killed by a drone attack last week. In over two years, the suspects allegedly performed approximately 600 missions under the direction of two handlers from Iranian intelligence. They did so in return for hundreds of thousands of shekels, which were paid to them in cash and various crypto-currencies.

Another Israeli citizen, who was arrested on suspicion of spying for Iranian intelligence in return for payments, has been named as Vladimir Varehovsky, 35, from Tel Aviv. Among other tasks, Varehovsky is suspected of gathering information about an Israeli scientist, whom he agreed to murder in exchange for a $100,000 payment. The suspect had reportedly acquired weapons for the assigned task, but the ISA arrested him before he could carry it out.

In another counterintelligence operation, the ISA arrested seven young Palestinians from the east of Jerusalem, who have been charged with working for Iranian Intelligence. The main suspect recruited the other six to carry out tasks for a fee. Tasks included setting cars on fire, gathering information about a city mayor in Israel, and plotting to assassinate one of the country’s top scientists. The suspects used social media for recruitment purposes. They were reportedly arrested before they were able to execute their missions. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Avner Barnea, counterintelligence, Iran, Israel, Israel Security Agency

US-based Afghan man who planned election-day attack ‘worked as CIA guard’

October 14, 2024 1 Comment

CIA AN AFGHAN NATIONAL BASED in the United States, who was allegedly planning to carry out a terrorist attack during the upcoming Election Day, previously worked for the Central Intelligence Agency (CIA) as a guard, reports claim. According to the US Department of Justice, Nasir Ahmad Tawhedi, 27, was arrested by the Federal Bureau of Investigation (FBI) on October 7, alongside a number of co-conspirators who have so far not been named.

Tawhedi’s arrest occurred shortly after he purchased two AK-47 assault rifles, 10 magazines, and several rounds of ammunition from an FBI employee posing as a seller of the merchandise. The suspect allegedly told at least two FBI informants working on the case that he intended to use the weaponry to target “large gatherings of people” on Election Day. Tawhedi is also reported to have boasted that he expected to die in the attack. His indictment suggests that he planned to carry out the attack on behalf of the Islamic State of Iraq and al-Sham (ISIS).

Tawhedi has lived in the US for a little over three years, having arrived on US soil soon after Washington began withdrawing its forces from Afghanistan, following a two decades-long military campaign. Like thousands of other Afghans, Tawhedi was able to enter the US through an emergency entry privilege known as a “humanitarian parole”. He then applied for a Special Immigrant Visa, which is customarily offered by the US government as a form of protection to foreign nationals who have provided services to its military and security agencies. According to reports, Tawhedi’s Special Immigrant Visa application had been approved and was in the last stages of being officially issued.

Last week, the American television network NBC reported that Tawhedi had been employed as a guard by the CIA in Afghanistan. The network cited “two sources with knowledge of the matter”. Later on the same day, another American television network, CBS News, said it had been able to independently verify the earlier report by NBC. It is notable that, according to both NBC and CBS, Tawhedi worked as a guard for a CIA facility, rather than an informant or an asset for the intelligence agency.

The recent media reports about Tawhedi have yet to answer the question of whether he had been communicating with identifiable ISIS handlers, or whether he was independently radicalized through his online activity. It is also not known whether Tawhedi was a supporter or an affiliate of ISIS during his stint with the CIA, or whether he became radicalized after arriving in the US in September 2021.

► Author: Joseph Fitsanakis | Date: 14 October 2024 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Afghanistan, CIA, elections, FBI, Islamic State, Nasir Ahmad Tawhedi, News, terrorism, US

Leaked documents reveal plans for extensive Russian influence campaign in Israel

September 30, 2024 4 Comments

LEAKED INFORMATION PUBLISHED BY leading German media outlets has revealed Russia’s plans for an influence campaign targeting Israel. The information was leaked earlier this month by the German newspaper Süddeutsche Zeitung and German television stations Norddeutscher Rundfunk (NDR) and Westdeutscher Rundfunk (WDR), as well as by Israeli news outlets. It allegedly came from Social Design Agency (SDA), a Moscow-based firm hired by the Kremlin, which operates in Israel and several countries in the West.

Founded in 2017, the SDA is reportedly one of a host of firms and organizations that are collaborating with Russian intelligence in its efforts to influence public opinion worldwide. Earlier this year, the United States imposed sanctions on SDA, “for providing services to the government of Russia in connection with a foreign malign influence campaign”. The SDA’s founder is Ilya Gambashidze, who is said to be in direct contact with Russian President Vladimir Putin and other Kremlin officials.

Israel has been a central target of SDA’s Russian influence campaign. The country’s internal situation, with mass demonstrations against the legal reform is “perfect for launching a campaign to influence public opinion”, an SDA document from 2023 reads. The document accurately describes the political and social situation in Israel and names a number of influential Russian expatriates whose activities should be monitored.

According to the leaked documents, the purpose of the planned campaign was to raise support for Russia in its war against Ukraine, and strengthen the proportion of Israelis who espouse anti-Ukrainian sentiments. Another central goal was to ensure that no party in the Knesset —the Israeli parliament— would support a possible transfer of military aid to Ukraine.

From the documents, it appears that the conclusions formulated by the SDA were infused into around 50 cartoons distributed every month on social networks, around 20 fictitious articles appearing on websites pretending to be legitimate, and many reactions on various social networks. Among other things, the company distributed through paid ads on Facebook cartoons showing Ukrainian President Volodymyr Zelensky burning the Israeli flag, as well as cartoons accusing Israeli leftists of supporting Hamas.

One of the main revelations of the recent leaks is that the Arab community in Israel constitutes a target of the Russian influence campaign. For example, a fake Arabic-language article that was circulated online claimed that Israel did not have in its possession enough precision weapons, because it had given them to Ukraine. The article went on to claim that the lack of such weapons would lead to failures on the battlefield. “The good news should be heard by all believers living under occupation”, the article states. “The policy of the occupation government will soon lead to its defeat. We will wait for a spark to ignite our war of liberation, in which the entire Muslim world will support us”. The purpose of the article appears to be to prompt the Israeli-Arab population to turn against the Israeli government based on Israel’s alleged weakness, and to support Israel’s enemies. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 2022 Russian invasion of Ukraine, Israel, News, propaganda, psyops, Russia, Social Design Agency

Spy’s release by higher court shows Austria is unable to find its intelligence footing

September 9, 2024 1 Comment

Egisto Ott ON JUNE 26, THE longwinded case of Austria’s counter intelligence failure regarding a possible inside threat took yet another —quite surprising— turn: the state court of Vienna (Landesgericht Wien) released from pre-trial detention (Untersuchungshaft) Egisto Ott, a former member of the Federal Office for the Protection of the Constitution and Counterterrorism (BVT) —Austria’s now-dissolved domestic intelligence agency. Ott, who was accused of spying against Austria, had been arrested (again) at the end of March on suspicion of obtaining classified information for which he could provide no reason, as well as for presumably selling it. Among the suspected recipients of the classified information were Russian assets and —more or less directly— Russian intelligence.

However, the three-judge panel called to decide on the detention complaint came to the conclusion that, while there remains a strong suspicion (dringender Tatverdacht) against Ott, the reasons for his further detention were not sufficiently given. In the judges’ view, all activities that could carry a pre-trial detention were committed before Ott was arrested and released for the first time in 2021. Back then, Ott had also been released after a short detention, following a decision by the same court. Briefly summarized, in 2021 the Landesgericht concluded that Ott could no longer spy against Austria as he did not have access to classified information, having been removed from the domestic intelligence agency years earlier. Additionally, since the BVT was in the process of reorganization and reformation at that point, the judges deemed the possibility of further criminal behavior by Ott to be unrealistic.

The recent assessment that Ott did not conduct additional punishable offences following his first release is surprising, since the prosecutor alleged —with a certain undertone directed against the initial decision to release Ott, which can be noted in the arrest warrant— that Ott had resumed his information-gathering and handling activities immediately upon being set free in 2021. Specifically, Ott is accused of having unlawfully retrieved data from the Central Register of Residents (Zentrales Melderegister) on March 24 of that year and then passing it on. The information accessed by Ott concerned the Bulgarian investigative journalist Christo Grozev, who was living in Austria at the time. Consequently, Grozev had to leave Vienna, since his life was deemed to be in severe danger. Today, whenever Grozev returns to Austria to visit members of his family who remain there, he has to do so under heavy protection by the Austrian authorities.

Between June and November 2022, when Ott had been released from his first pre-trial detention, there was also an alleged transfer to Russia of three mobile phones, or their data, as well as a highly-encrypted SINA-workstation laptop. However, the judges of the Landesgericht concluded that, while information or intelligence provided to foreign services does not have to be secret to constitute criminal espionage against Austria, “concrete and vital interests of Austria” have to be violated by such a transfer. The judges did not deem that the evidence furnished by the prosecutor met their criteria. Die Presse, Austria’s ‘newspaper of record’, published a detailed explanation of the court decision. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Analysis, Austria, BVT (Austria), Egisto Ott, Jan Marsalek, Paul Schliefsteiner

Profile of Tang Yuanjun, alleged asset for Chinese intelligence 2018-2023

September 5, 2024 1 Comment

Yuanjun Tang TANG YUANJUN WAS ARRESTED by the United States Federal Bureau of Investigation (FBI) in August 2024. He allegedly worked as a Chinese Ministry of State Security (MSS) asset between 2018 and 2023. He reported on the following categories of information that were of interest to the MSS:

Prominent U.S.-based Chinese democracy activists and dissidents.
US Chinese-American Member of Congress Xiong Yan, from New York.
Immigration claims from dissidents wanting to leave China for the US.

According to the US Department of Justice (DoJ), Tang expressed his desire to see his aging family in China. A prominent dissident such as Tang would not be able to travel to China without being arrested, unless his travel had been approved by authorities. An acquaintance helped him establish secure online contact with the MSS. After being recruited, Tang reported to the MSS using an email account, encrypted chats, text messages and audio and video calls. Tang helped the MSS infiltrate a group chat on WhatsApp; used by numerous People’s Republic of China (PRC) dissidents and pro-democracy activists to communicate about pro-democracy issues and express criticism of the PRC government. In fact, this was what users called a “super group”. It is a group that consists of many other groups. Members could not even identify who was the sponsor of the group chats [1].

In addition, Tang reportedly video-recorded a June 2020 Zoom discussion commemorating the anniversary of the Tiananmen Square massacre in the PRC. The Zoom online discussion was led by Zhou Fengsuo, Director of the June 4th Memorial Museum in New York City and a leading advocate for democracy in China. The Ministry of Public Security also infiltrated these discussions with the assistance of Zoom China and US based employees [2].

Tang was Secretary General of the overseas headquarters of the China Democratic Party United Headquarters in New York City. This non-profit organization assists mainland Chinese dissidents in immigration and asylum applications for the US. Tang allegedly provided information on these individuals to the MSS [3]. Tang also allegedly identified ten immigration attorneys to support MSS efforts to place assets in the US. Other dissident organizations in New York and Los Angeles provide similar visa application services to generate income.

In 2022, reportedly Tang met with the MSS in Changchun City, Jilin Province, China, where an officer installed a software on Tang’s phone which Tang believed to be a “bug” that caused all photographs and videos captured on the phone to be transmitted to the MSS. In his role as leading democracy advocate Tang encouraged dissidents to attend protests in Manhattan and Washington DC. He used the compromised phone to take photographs of the events. The Chinese Communist Party (CCP) then used the photographs as evidence against overseas dissidents. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with China, counterintelligence, immigration intelligence, MSS (China), Nicholas Eftimiades, Yuanjun Tang

Is Israel preparing to carry out intelligence operations on US soil?

August 26, 2024 2 Comments

SEVERAL WEEKS AGO, ISRAEL’S Minister of Diaspora Affairs, Amichai Chikli, reportedly met with the chief executive officer (CEO) of Israeli private intelligence company Black Cube. According to Israeli newspaper The Marker, the purpose of the alleged meeting was to propose an intelligence operation to be carried out on American soil by Black Cube, on behalf of the Israeli government. The intelligence operation would allegedly target a United States-based organization that stands at the forefront of demonstrations against Israel on university campuses in the United States —demonstrations that the state of Israel views as anti-Semitic.

According to The Marker report, the alleged meeting between Minister Chikli and the CEO of Black Cube, Dan Zorla, took place in a private residence in Herzliya near Tel Aviv. Minister Chikli was personally involved in the discussions with Black Cube, with the understanding that intelligence operations carried out by the firm on American soil would not be officially attributed to the State of Israel. However, it is unclear whether such intelligence operations were indeed authorized to proceed.

The organization against which Chikli reportedly asked Black Cube to target is “Students for Justice in Palestine”. The group has staged numerous demonstrations on university campuses across the United States since the outbreak of the Israel-Hamas war last October.

The alleged use of a private intelligence company against an American-based organization, whose leaders are primarily American citizens, may be perceived as a violation of American sovereignty. Such an activity could further-damage the relationship between Israel and the American government and stigmatize Israel’s image among the American public.

Following the publication of The Marker report, the Ministry of Diaspora Affairs claimed the proposal for the intelligence operation had been initiated by Black Cube and that Ministry officials ultimately rejected it. Still, at least three different sources appear to confirm the exact opposite —namely, that the spying initiative was prompted by the Ministry. Black Cube reportedly rejected it based on concerns that such a high-risk operation could damage the company’s standing with the United States government and harm its ability to do business on American soil in the future.

An official statement issued by the Ministry of Diaspora Affairs said: “Since the beginning of the war, the ministry has held meetings with dozens of organizations seeking to assist the efforts of the State of Israel in various fields. At the company’s [Black Cube’s] request, a meeting was held with the ministry’s professional echelon, and at the end of it, it was decided not to proceed with any engagement”. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Amichai Chikli, Black Cube, Dan Zorla, Israel, News, Students for Justice in Palestine, United States

Israel releases findings of internal probe into October 7 intelligence disaster

August 12, 2024 17 Comments

Hamas Gaza THE OFFICIAL INTERNAL INVESTIGATION into the performance of Israel’s Military Intelligence Directorate (MID) during the run-up to the Hamas attack of October 7, 2023, has been released. Known as The Road to War, the report addresses the central question of: how did the MID –the main military intelligence body of the Israel Defense Forces, or IDF– miss all the signs of the pending Hamas attack, and how did all the available warnings go unheeded?

To compline the report, the Intelligence Directorate of the IDF investigated how the most significant intelligence failure in the history of the State of Israel occurred, as well as how the MID analysts and other members of the intelligence community failed to notice the attack that Hamas had been planning.

According to the findings of the investigation, Hamas began planning its attack between seven and eight years ago, which means that Israeli intelligence should have been able to observe the relevant warnings as early as 2016. However, the IDF’s intelligence division missed the early signs.

It appears that the MID assumed Hamas had been deterred by Israel. There was also a prevailing assumption that the group’s military wing, led by Yahya Sinwar, had settled on improving the economic situation of Gaza Strip residents while securing its internal sovereign status in the Gaza Strip. The MID intelligence analysts were uniformly immersed in the concept that Hamas “did not want to and could not” go to war against Israel.

The main findings of the investigation are as follows: Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 2023 Israel-Hamas War, Avner Barnea, Hamas, IDF, intelligence disasters, Israel, Israel Military Intelligence, News

South Korea’s top HUMINT agency probes potentially catastrophic data breach

July 29, 2024 1 Comment

North South Korea IN A HIGHLY UNUSUAL move, authorities in Seoul have publicly acknowledged a data leak that may have resulted in the outing of a number of South Korean undercover human intelligence (HUMINT) operatives abroad. The South Korean Ministry of National Defense said on Sunday it was investigating an alleged link of highly sensitive data belonging to the Korea Defense Intelligence Command (KDIC).

Formed under American tutelage in 1946, KDIC is today considered South Korea’s most secretive intelligence agency. It operates under the Defense Intelligence Agency (DIA), which makes it part of the Ministry of National Defense’s chain of command. Unlike DIA’s civilian counterpart, the National Intelligence Service, KDIC rarely surfaces in unclassified news reporting, and it almost never issues press releases. Its operations primarily involve HUMINT activities, thus making it South Korea’s most active HUMINT-focused agency.

Predictably, KDIC’s primary intelligence target is North Korea. The agency gathers much of its intelligence on the North through an extensive network of undercover officers operating with diplomatic credentials. KDIC also handles non-official cover (NOC) operatives, who are located mostly in Asia. There have been periodic claims in the unclassified literature that some KDIC NOCs have operated inside North Korea at times –though such claims remain speculative.

On Saturday, the Seoul-headquartered Yonhap News Agency alleged that classified information relating to KDIC had been “leaked”. According to Yonhap, the leak included personally identifiable information about KDIC official and non-official cover personnel stationed abroad. The report claimed that the leak was discovered by South Korean authorities a month ago, and that the discovery had resulted in the recall of several KDIC undercover operatives serving overseas “due to concerns over their identities being exposed”.

The Yonhap report claimed that, according to an ongoing probe, the leak may have originated from a personal laptop computer belonging to a civilian KDIC employee. The employee has since claimed that the laptop had been hacked, but some investigators believe the suspect may have “intentionally left the laptop vulnerable to hacking by North Koreans”.

According to an official statement released on Sunday by the Ministry of National Defense, the case is “currently under investigation by military authorities”.

► Author: Joseph Fitsanakis | Date: 29 July 2024 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Defense Intelligence Agency (South Korea), HUMINT, KDIC (South Korea), Korea Defense Intelligence Command, News, non-official-cover, North Korea, official cover, South Korea

Analysis: Secret Service failed Trump because it can’t keep up with the growing threat

July 15, 2024 13 Comments

Trump 2016 THE UNITED STATES SECRET Service is among the world’s most prestigious law enforcement agencies. Its institutional experience in protecting US presidents and presidential candidates dates to 1901. Given its high-stakes protective mission —safeguarding the executive leadership of the world’s most powerful nation— the agency has historically placed emphasis on flawlessness: it simply can’t afford to fail.

Yet it did just that on Saturday in Butler, Pennsylvania. Presidential candidate Donald Trump did not survive the attempted assassination because his Secret Service detail neutralized the threat to his safety in time. Instead he survived because the shooter, 20-year-old Thomas Matthew Crooks, from the small suburb of Bethel Park in Pittsburgh, missed. How are we to explain this abject failure by one of the world’s most venerated law enforcement agencies?

POLICING IN A DEMOCRACY

Unlike tyrannical regimes, where law enforcement is nearly omnipresent, policing functions in democratic societies are relatively limited. They rely on what can be essentially described as a numbers game. Under this model, the effectiveness of policing functions inherently rests on the assumption that the vast majority of the population will comply with legal norms voluntarily, and that it will do so most of the time.

Thus, the sustainability of law and order in democratic societies hinges, not just on the capabilities of the enforcement agencies, but significantly on the general populace’s commitment to uphold the rule of law. This tacit social contract allows law enforcement agencies to operate with a relatively small logistical footprint. It also allows police forces to focus their efforts on a relatively small number of individuals, or groups, who do not adhere to the law.

WIDESPREAD BREAKDOWN

The US has relied on this model of policing since the Civil War. However, this model tends to falter once a substantial segment of the population refuses to voluntarily adhere to legal conventions. In such a scenario, the sheer number of non-compliant individuals can overwhelm the policing system, leading to a widespread breakdown in law and order.

The US has witnessed such incidents with alarming intensity in recent years. Examples include the 2014 Bundy standoff and the 2016 occupation of the Malheur National Wildlife Refuge by armed groups of anti-government extremists. It also witnessed the —often gratuitously violent— George Floyd protests, as well as the armed occupation of the Capitol Hill neighborhood of Seattle, Washington, in 2020.

Most notably, America witnessed widespread civil disobedience on January 6, 2021, when thousands of frenzied Trump supporters stormed the US Capitol and attempted to bring an end to the Constitutional order in one of the world’s oldest democracies. In addition to exposing the fragility of American democracy, the January 6 attack drew attention to the ineffectiveness of the state’s policing functions, thus further-eroding public trust and compliance.

AMERICANS ARE EMBRACING VIOLENCE

There is no denying that Americans are viewing violence as an element of national politics with an alarming rate. Last summer, a survey conducted by the University of Chicago’s Project on Security and Threats revealed that 4.4 percent of the adult population of the US —12 million Americans— believed that violence was justified to restore Donald Trump to power. Granted, very few of those survey responders would actually be willing to act on such extreme beliefs. But even a mere 1 percent of those 12 million people who appear to endorse violence in support of Trump amounts to 120,000 individuals. That’s an enormously large number of radicalized Americans. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Analysis, assassinations, Donald Trump, Joseph Fitsanakis, Newstex, United States, US Secret Service

German intelligence agencies discuss ongoing espionage and hybrid challenges

May 6, 2024 1 Comment

Conference Agenda THE 5^TH SYMPOSIUM ON the Law of Intelligence Services (Symposium zum Recht der Nachrichtendienste) took place in Berlin, Germany, on March 21-22. In view of the public criticism that German intelligence agencies have faced in recent times, it was probably a relief for their officials to be able to talk more-or-less among themselves for once.

The event (see agenda in .pdf) was organized by the Federal Ministry of the Interior and the Federal Chancellery Office. This year’s topic was: “Intelligence Agencies and Armed Conflicts”. It included the tried and tested mix of academics —predominantly legal scholars—, practitioners and heads of various government authorities. The majority of the external experts discussed the complicated and, in Germany, arduous parliamentary procedures that would arise in the event of a war.

In view of the controls increasingly being placed on German intelligence agencies by various bodies and authorities —which were also represented at the symposium— a certain discrepancy became apparent repeatedly in the presentations: How can the German intelligence agencies react adequately and quickly to hybrid threats when these types of threat do not concern themselves with administrative-legal subtleties and parliamentary procedures? Although the concept of hybrid threats was generally taken for granted and therefore hardly discussed in terms of content, those present agreed at a minimum that disinformation is part of it. All the more worrying was the statement by one speaker who explained that there was no official definition of disinformation within the German security authorities’ legal codes.

In the discussion, the panel moderated by Center for Intelligence Service Training and Further Education (ZNAF), the common training and study location of the Federal Intelligence Service (BND) and the Federal Office for the Protection of the Constitution (BfV), clearly stood out and underscored that this relatively new institution has made a name for itself in the academic intelligence landscape since its establishment in 2019.

However, the symposium also showed that the German security bureaucracy tends to reach its limits when it comes to current developments in the unconventional domain. This was demonstrated, for example, by a speaker’s demand that hybrid risks ought to be assigned to a “state area of responsibility”. The problem, however, lies precisely in the statelessness of hybrid risks. The existing regulations are also proving to be counterproductive, in view of the challenges: there would simply be highly heterogeneous participants in the so-called Cyber Defense Centre, which would also include police authorities. However, due to the strict separation in the legal domain, personal data cannot simply be passed on from the BND to the Federal Police, for example. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with BND, conferences, Federal Office for the Protection of the Constitution (Germany), Germany, News

Tradecraft observations on the Reichenbach/Fischer espionage case

May 3, 2024 3 Comments

Germany Reichstag SEVERAL CASES OF CHINESE espionage have been announced recently in Europe. Thomas Reichenbach and Herwig and Ina Fischer —a married couple— were arrested on April 22, 2024, for illegal exports of dual use technology with military (naval) applications.

Reichenbach lists himself as a contract marketing manager for the Hong Kong Trade Development Council. He studied at Peking University in the mid-1980s. He worked in China, speaks Mandarin, and has a Chinese wife.

Herwig and Ina Fischer own a small engineering consulting company named Innovative Dragon in Duesseldorf. Both have travelled extensively in China. Innovative Dragon contracts for technical research with universities. Herwig studied mechanical engineering and aircraft and spacecraft construction at the Rhine-Westphalia Higher Technical School, focusing on guidance technology and composite fiber materials. The company headquarters are in London and there are offices in Duesseldorf and Shanghai (Donghua University Science and Technology Park). The London office does not appear to have a functioning telephone number.

Reichenbach is suspected of having been recruited by the Ministry of State Security (MSS) in China. The German government has accused the trio of having illegally exported dual use technology since at least 2022. At the time of the arrests, the suspects were in negotiations on additional research projects useful for expanding the combat strength of the Chinese People’s Liberation Army Navy.

Status: Alleged

Tradecraft observations:

Use of a potential front company in London to facilitate allegedly illegal exports.
Use of third countries to facilitate allegedly illegal exports.
Reichenbach allegedly recruited Herwig and Ina Fischer and handled them as in-country assets.
It is alleged that the MSS probably recruited Reichenbach in China.
An MSS officer allegedly handled Reichenbach from China (linear control).
The MSS allegedly funded the operation through front companies.

► Author: Nicholas Eftimiades* | Date: 03 May 2024 | Permalink

* Nicholas Eftimiades is a Senior Fellow at the Atlantic Council. He retired from a 34-year government career that included employment in the United States Central Intelligence Agency, the Department of State, and the Defense Intelligence Agency. He held appointments on the Department of Defense’s Defense Science Board and the Economic Security Subcommittee of the Department of Homeland Security’s Homeland Security Advisory Council. He is an advisor to the United States Intelligence Community. Eftimiades authored numerous works on China’s espionage methods. His books, Chinese Intelligence Operations (1994) and Chinese Espionage: Operations and Tactics (2020) are examinations of the structure, operations, and methodology of China’s intelligence services. They are widely regarded as seminal works in the field.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with China, Chinese Ministry of State Security, espionage, Germany, Herwig Fischer, Ina Fischer, Nicholas Eftimiades, Thomas Reichenbach

Notes on the assassination of Iranian IRGC Commander Hassan Mahdawi

April 26, 2024 2 Comments

IRGC - AB THE TARGETED KILLING OF Hassan Mahdawi, a high-ranking member of Iran’s Islamic Revolutionary Guards Corps (IRGC) and the commander of the Quds Force in Syria and Lebanon, was carried out by Israel on April 1, 2024. The actual assassination was based on precise operational intelligence, while Israel’s assessment of Iran’s response was wrong.

On the day of the attack, a building adjacent to the Iranian Embassy in the Syrian capital of Damascus was attacked with rockets. The attack killed seven IRGC members: General Muhammad Reza Zahedi, also known as Hassan Mahdawi, his deputy, and five additional officers. Mahdawi is the most senior Iranian commander to be killed since the assassination of IRGC Quds Force Commander Qasem Soleimani by the United States in 2020.

Mahdawi had close ties with Hezbollah. He maintained a close relationship with Hezbollah Secretary-General Hassan Nasrallah and was perceived by Israel to be directly coordinating the military attacks on Israel from Lebanon and Syria. In Tehran’s collective memory, Israel’s history of attacks against it includes numerous strikes on Iranian nuclear sites, assassinations of scientists within Iran, and actions against Iranian proxies in Syria, Lebanon, Iraq, and Yemen. Traditionally, these attacks have been invariably met with attacks by Iran’s proxies in the region.

This time, it was different. Iran recognized Mahdawi’s assassination as a direct attack on Iran that it could not tolerate, and had to respond to differently. Just days following Mahdawi’s assassination, Iran attacked Israel. According to the Israel Defense Forces, 99 percent of the more than 330 weapons fired at Israel (including at least 185 drones and 110 surface-to-surface missiles) were intercepted, mostly over the territory of countries adjacent to Israel. Iran’s attack on Israel was unprecedented. It was launched directly from Iranian territory in contrast to prior cases, when Iran has used its proxies, supposedly leaving its hands clean.

Israel could not tolerate such a blatant infringement on its sovereignty. After Israeli officials vowed a response to the Iranian attack, the Jewish State counter-attacked, causing minor damage to the Eighth Shekari Air Base in northwest Esfahan, a dozen kilometers from the Natanz nuclear facility. It was a calculated response designed to deliver a message to Iran that Israel could and would respond to an attack. Following Israel’s counterattack, the tensions between Iran and Israel have subsided for the time being.

While the attack on General Mahdawi was based on excellent operational intelligence, it became evident that the Israeli assessment regarding a possible Iranian response was erroneous. The Israeli assessment was that the Iranian response would be similar to what occurred in the past —namely limited attacks by Hezbollah on northern Israel and attacks on the Golan heights by Iranian proxies in Syria. Israel simply did not anticipate a direct Iranian attack on Israel from Iranian territory.

It seems that Israeli senior analysts were entangled in a conception of Iran’s past behavior and anticipated that Tehran’s response would be similar to prior cases, namely utilizing Iran’s proxies. Israel did not pay enough attention to the difference between Mahdawi’s assassination and previous attacks against Iran. This time, the attack targeted the Iranian embassy in Damascus and the target was a very senior official, who was close to Iran’s Supreme Leader Ali Khamenei.

It appears that Israel’s assessment of the Iranian response to Mahdawi’s assassination was a strategic failure. It appears more likely that the Israeli War Cabinet was provided with an incorrect assessment by the nation’s intelligence community, and less likely that it was provided with an incorrect assessment, which it then decided to ignore. There is concern in Israel that the intelligence assessment was once again wrong, after the colossal failure to anticipate the October 7 attack on Israel by Hamas.

► Author: Avner Barnea | Date: 26 April 2024 | Permalink