German think-tank researcher arrested on suspicion of spying for Chinese intelligence

Shanghai

A GERMAN POLITICAL SCIENTIST, who worked for years as a senior member of a prominent Munich-based think-tank, has been arrested by German authorities on suspicion of spying for Chinese intelligence. In line with German privacy laws, the man has been named only as “Klaus L.”. He is believed to be 75 years old and to live in Munich.

According to reports, the suspect worked since the 1980s for the Hanns Seidel Stiftung, a political research foundation named after a former chairman of the conservative Christian Social Union (CSU) of Bavaria. The Munich-headquartered foundation is the informal think-tank of the CSU, which is the Bavarian arm of German Chancellor Angela Merkel’s Christian Democratic Union.

As part of his job, Klaus L. traveled frequently to countries in Africa, Asia and Europe, as well as former Soviet states. It is also believed that, for over 50 years, he had worked as a paid informant for the German Federal Intelligence Service (BND) —Germany’s foreign intelligence agency, which is equivalent to the United States Central Intelligence Agency. According to a government press statement, Klaus L. would provide the BND with information relating to his foreign travels, conference attendance and other “certain issues” of interest to the spy agency. In return, the BND allegedly funded some of his travel and conference expenses, and provided him with a regular stipend.

But in the summer of 2010, Klaus L. was allegedly approached by Chinese intelligence during a trip to the city of Shanghai. According to German counterintelligence, he was persuaded by the Chinese to cooperate with Chinese intelligence operatives, and did so until the end of 2019. In November of that year, German police searched his home in Munich, as part of an investigation into his activities. In May of this year, Klaus L. was charged with espionage and on July 5 he was formally arrested.

Interestingly, Klaus L. does not deny that he provided sensitive information to China. He argues, however, that he informed his BND handler about his contacts with the Chinese, and that these were known to German intelligence. He therefore claims that his Chinese contacts were part of a German counterintelligence operation targeting the Chinese government. His trial is scheduled for this fall.

Author: Joseph Fitsanakis | Date: 07 July 2021 | Permalink

Main suspect in potentially momentous hacker-for-hire case seeks plea deal in NY

Computer hacking

IN A DRAMATIC CASE, described by observers as “unusual”, a suspect in a hacker-for-hire scheme of potentially global proportions has told United States government prosecutors he is ready to discuss a plea deal. The case centers on Aviram Azari, a highly sought-after private detective who served in an Israeli police surveillance unit in the 1990s before launching a private career in investigations.

Azari was arrested in Florida in 2019 during a family vacation, and was shortly afterwards indicted in New York on charges of aggravated identity theft, conspiracy to commit computer hacking, and wire fraud. These charges reportedly date back to 2017 and 2018. Azari’s alleged objective was to target carefully selected individuals in order to steal their personal information, including email usernames and passwords. Last year, The New York Times reported that the case against Azari is connected with a potentially massive hacker-for-hire scheme code-named DARK BASIN.

Further information about DARK BASIN was published by Citizen Lab, a research unit of the University of Toronto’s Munk School of Global Affairs and Public Policy, which focuses on information technology, international security and human rights. It said DARK BASIN was orchestrated by an India-based firm called BellTroX InfoTech Services. It also claimed that the company is one of a number of hacker-for-hire firms based in India. These companies are said to be employed by private detectives in Western countries, who are usually hired by large multinationals or wealthy individuals.

Accordingly, the targets of DARK BASIN activities appear to have been investment firms based in the US and elsewhere, as well as government officials, pharmaceutical companies, lawyers, large banks, and even environmental activists who campaign against large multinationals. Additionally, some of DARK BASIN’s thousands of targets appear to be people involved in high-stakes divorce proceedings. Perhaps more alarmingly, among DARK BASIN’s targets are journalists around the world, who seem to have been targeted systematically in efforts to reveal their sources of information.

Azari has pleaded not guilty. But the fact that he his lawyer has now communicated his client’s desire to seek a plea deal with US government prosecutors may be a major game-changer in this case, which may have global ramifications. The Reuters news agency, which reported the latest developments on this case this week, said it reached out to the US Attorney’s Office in Manhattan, but spokesmen there declined to provide any information on Azari’s case.

Author: Joseph Fitsanakis | Date: 02 July 2021 | Permalink

Senior Serb intelligence officials given prison sentences for war crimes

Jovica Stanisic Franko Simatovic

TWO SENIOR FORMER OFFICIALS in the now defunct domestic security apparatus of Serbia have been given prison sentences totaling 24 years, after being found guilty of war crimes by a United Nations court. The crimes of the two officials stem from the Yugoslav Wars, a series of bloody ethnic conflicts that followed the breakup of the former Yugoslavia in 1991.

The two former officials, Jovica Stanišić, 70, and Franko “Frenki” Simatović, 71, deny that they trained Serbian elite police units in methods of exterminating non-Serb populations in various regions of the former Yugoslavia. The two men were initially acquitted of all charges against them by the International Criminal Tribunal for the former Yugoslavia (ICTY). But the initial ruling was quashed, and the two men were tried again, this time by United Nations Mechanism for International Criminal Tribunals, which took over ICTY’s operations after its mandate ended.

Stanišić directed the State Security Service (SDB), which operated under the Ministry of Internal Affairs of Serbia as the country’s primary domestic security agency. Simatović was an intelligence officer who, from 1991 until 1998, commanded the feared Special Operations Unit, known as JSO. The JSO was an elite police force that operated under Stanišić’s SDB. Prosecutors accused the two men of working under direct orders by Serb President Slobodan Milošević, with the aim of ethnically cleansing non-Serbian populations. Milošević died in 2006 in prison at The Hague, Netherlands, where he was held facing charges of genocide and crimes against humanity.

On Wednesday, each of the two men were given 12 years in prison. Simatović has already served eight years in prison, and Stanišić close to five. Both continue to deny the charges against them, and their lawyers said they would appeal the convictions.

Author: Joseph Fitsanakis | Date: 01 July 2021 | Permalink

Secret recordings show Peru’s jailed ex-spy chief trying to change election results

Vladimiro MontesinosAUDIO RECORDINGS RELEASED LAST week appear to show Peru’s imprisoned former spy chief, Vladimiro Montesinos, trying to organize bribes for judges in an effort to alter the outcome of the recent presidential election. From 1990 to 2000, Montesinos headed Peru’s intelligence service, Servicio de Inteligencia Nacional (SIN). He worked in close cooperation with his political patron, Alberto Fujimori, who is currently serving a lengthy prison sentence for corruption and human-rights abuses. Like his boss, Montesinos is currently serving a 25-year prison sentence for setting up a sophisticated network of illegal activities during his SIN tenure. The crimes he committed include drug trafficking, bribing, extortion, as well as embezzlement.

Despite his dramatic fall from power, Fujimori remains popular in Peru. Earlier this month, his daughter, Keiko Fujimori, a rightwing populist, fought a neck-and-neck election contest with leftist school teacher and trade unionist Pedro Castillo. Castillo was provisionally declared the winner of the second and final round of the general election, with 50.12 percent of the votes cast, having received 44,263 more votes than Fujimori. The United States, the European Union and the Organization of American States declared the election as free and fair. But Fujimori, who has vowed to pardon her father and release him from prison if she wins, claims that Castillo’s victory was the result of widespread fraud. Now the National Jury of Elections, set up by the National Office of Electoral Processes, is auditing the election results across the nation.

The plot thickened on Saturday, when a veteran lawmaker, Fernando Olivera, released over a dozen recordings of conversations between the jailed Montesinos and a retired military commander, Pedro Rejas, who is a political ally of Fujimori. In the recordings, Montesinos is heard instructing Rejas to arrange monetary bribes for judges who staff the National Jury of Elections. The purpose of the bribes, says Montesinos, is to secure a victory for Fujimori. He also warns Rejas that if Fujimori does not win the election, she will probably end up in prison for corruption, like her father.

The prison authority of the Peruvian Navy, which oversees the maximum security prison that houses Montesinos, has confirmed that the recordings released by Olivera are authentic, and says it has launched an investigation into the matter. There are also some who believe that Rejas’ involvement in Montesinos’ conspiracy may indicate willingness by the Peruvian Armed Forces to organize a coup, in case Castillo becomes Peru’s next president. Meanwhile, Fujimori has said she felt “indignation” when listening to the recordings of Montesinos’ attempts to secure her electoral victory. She described Montesinos as a “criminal” who “betrayed all Peruvians” as head of the SIN.

Author: Joseph Fitsanakis | Date: 30 June 2021 | Permalink

Kremlin spy participated in secret meeting to fund Italian separatist party

Kremlin, Russia

AN ALLEGED EMPLOYEE OF Russian intelligence was present during a secret meeting in Moscow, in which politicians and investors discussed a plan to fund a northern Italian separatist political party. The party, Lega Nord (Northern League, or LN) was established in 1991 as an amalgamation of northern Italian separatist groups whose members seek greater autonomy and are opposed to Italy’s membership in the European Union. Under its current leader, Matteo Salvini, the LN has adopted an hard-line anti-immigration stance and has associated itself with United Russia, the political home of Russian President Vladimir Putin.

In July of 2019, the investigative news website BuzzFeed released audio recordings of a secret meeting that allegedly took place in Moscow’s Hotel Metropol, between members of the LN and Russian emissaries of the Kremlin. The discussion reportedly concerned a plan to sell Russian oil to an Italian firm connected to the LN at a markedly discounted price, which would allow it to compete with Italy’s state-owned energy supplier and at the same time enrich the LN’s election campaign coffers by nearly $70 million.

According to an investigation by Italian authorities, participants at that meeting were Salvini’s former spokesperson, Gianluca Savoini, as well as two other Italians, who managed investment banks and were also supporters of the LN. There were also three Russian participants, including a Kremlin lawyer who works for the Russian Ministry of Energy, and a Russian former banker and tycoon with clsoe ties to President Putin. But the third Russian had not been identified. Until now.

The Italian newspaper L’Espresso, which has led the investigative reporting into the alleged scandal, reports that the Milan Prosecutor’s Office has identified the third Russian participant as Andrey Yuryevich Kharchenko, an alleged employee of Russian intelligence. The paper said that Kharchenko’s identity was supplied to the Italian government by “another Western state” that has been targeted by Russian intelligence in recent years. The investigation into the alleged scandal continues.

Author: Joseph Fitsanakis | Date: 29 June 2021 | Permalink

Sensitive UK defense documents found in bus stop by member of the public

UK Ministry of DefenceSensitive documents belonging to the British Ministry of Defense were found by a member of the public behind a bus stop last week, in what the BBC described as “a major embarrassment” for the British government. The documents number 50 pages; most are marked “official sensitive”, which is a low level of classification, but it means they are still subject to security requirements.

The BBC said it was contacted by “a member of the public, who wishes to remain anonymous”, after he or she found the documents dumped behind a bus stop in the southeastern county of Kent, which borders greater London,. The papers were reportedly in a deteriorated state, as they had been exposed to the elements -including rain- for several days.

According to the BBC, the sensitive documents most likely originated in the office of a senior Ministry of Defense official. They include printouts of email exchanges, as well as a number of PowerPoint slides concerning several timely topics. Among them is a presentation about HMS Defender, a Type 45 Destroyer belonging to the Royal Navy. It is followed by a presentation on the tense maritime incident that took place between Britain and Russia off the coast of Crimea last week.

Another document concerns the defense priorities of the administration of United States President Joe Biden, especially as they relate to the Indo-Pacific region and China. Several emails concern the future of the British military presence in Afghanistan, following the pending withdrawal of US forces from there in September. Yet another set of documents addresses British defense contracts that may irk some of the former European Union member state’s European allies.

The British Defense Ministry said last week it was investigating the details of “an incident” in which sensitive papers were “recovered by a member of the public”. It added that one of its employees, who had been entrusted with the documents, had reported them missing in the days prior to their recovery.

Author: Joseph Fitsanakis | Date: 28 June 2021 | Permalink

Afghans who spied for CIA say they fear retaliation once US forces withdraw

Antony Blinken

AFGHAN CIVILIANS WHO WERE recruited by the United States Central Intelligence Agency as local assets say they fear retaliation by a resurgent Taliban once American forces withdraw from Afghanistan in September. Last April, US President Joe Biden announced that American troops would leave Afghanistan by September 11. The date will mark the 20th anniversary of the terrorist attacks of September 11, 2001, which caused Washington to send troops to Afghanistan in response.

The CIA has been a major component of America’s presence in Afghanistan over the past two decades. When operating in the Central Asian country, CIA officers have routinely relied on local people to collect intelligence, provide translation services, and guard its facilities and personnel. These local assets were typically paid in cash for their services, which were secret in nature and often life-threatening.

Now many of these local assets —possibly thousands— are apprehensive of the pending withdrawal of their American protectors from Afghanistan, and fear retaliation from a resurgent Taliban. According to The Wall Street Journal, these local CIA assets say that “their lives are now at risk”. A large number of them have submitted applications for a US Special Immigrant Visa. This is a State Department program that aims to offer protection to local people who have carried out “sensitive and trusted activities” on behalf of American government personnel abroad.

But the Special Immigrant Visa process is complicated and expensive, and is currently plagued by major delays. The Wall Street Journal reports that, even though the law stipulates Special Immigrant Visa requests must be processed within nine months, applications are currently taking between three to five years to be adjudicated. The Department of State says it is currently working through a backlog of 18,000 applications from around the world. The situation is particularly dire for Afghan CIA assets, says the paper, because many find it difficult to prove they ever worked for the CIA. The spy agency’s record-keeping was minimal throughout its time in Afghanistan, especially in the opening years of the conflict, according to the report. Furthermore, some local assets may not even be named in CIA documentation, so as to protect their identity.

In response to calls for faster processing of Special Immigrant Visa requests, US Secretary of State Antony Blinken (pictured) said earlier this month: “We’re determined to make good on our obligation to those who helped us, who put their lives on the line, put their families’ lives on the line working with our military, working with our diplomats”.

Author: Joseph Fitsanakis | Date: 23 June 2021 | Permalink

Germany arrests Russian PhD student on suspicion of spying for Moscow

University of Augsburg

A RUSSIAN DOCTORAL STUDENT in mechanical engineering, who is studying in a Bavarian university, has been arrested by German police on suspicion of spying for Moscow, according to official statements and reports in the German media. According to a press statement issued by the Federal Public Prosecutor General’s office in the city of Karlsruhe, the PhD student was arrested on Friday, June 18.

The student was subsequently identified by the German authorities only as “Ilnur N.”, in accordance with German privacy laws. On Monday, however, local media identified the suspected spy as Ilnur Nagaev, a doctoral candidate at the University of Augsburg, which is located 50 miles northwest of Munich. Nagaev reportedly works as a research assistant there, while pursuing his doctoral studies in mechanical engineering.

German authorities maintain that the suspect began working “for a Russian secret service” in early October of 2020, and possibly earlier. He is also accused of having met with an unidentified “member of a Russian foreign secret service” at least three times between October 2020 and June of this year. According to German federal prosecutors, Nagaev shared unspecified information with his alleged Russian handler, and received cash in return at the end of each meeting.

German police reportedly searched Nagaev’s home and work office looking for further clues about the case. In the meantime, a judge at the Bundesgerichtshof (Federal Court of Justice) in the Federal Court of Justice in Karlsruhe, which is Germany’s highest court on matters of ordinary jurisdiction, ordered that Nagaev be kept in pre-trial detention, pending a possible indictment. Neither the Russian nor the German federal governments have commented on this case.

Author: Joseph Fitsanakis | Date: 22 June 2021 | Permalink

No prison for Australian former spy who disclosed controversial espionage operation

Bernard Collaery

A FORMER AUSTRALIAN SPY, who prompted international outcry by revealing a controversial espionage operation by Canberra against the impoverished nation of East Timor, has been given a suspended prison sentence. The case against the former spy, known only as “Witness K.”, first emerged in 2013. It is believed that Witness K. served as director of technical operations in the Australian Secret Intelligence Service (ASIS), Australia’s foreign-intelligence agency.

In 2013, Witness K. revealed an espionage operation that targeted the impoverished Pacific island nation of Timor-Leste, also known as East Timor. He alleged that ASIS officers, disguised as a renovation crew, bugged an East Timorese government complex. The information gathered from the spy operation allegedly allowed the Australian government to gain the upper hand in a series of complex negotiations that led to the 2004 Certain Maritime Arrangements in the Timor Sea (CMATS) treaty. The treaty awards Australia a share from profits from oil exploration in the Greater Sunrise oil and gas field, which is claimed by both Australia and East Timor.

In 2013, the East Timorese government took Australia to the Permanent Court of Arbitration in The Hague, claiming that the Australian government was in possession of intelligence acquired through illegal bugging. The claim was supported by Witness K., who argued that ASIS’ espionage operation was both “immoral and wrong” because it was designed to benefit the interests of large energy conglomerates and had nothing to do with Australian national security. It is worth noting that Witness K. said he decided to reveal the ASIS bugging operation after he learned that Australia’s former Minister of Foreign Affairs, Alexander Downer, had been hired as an adviser to Woodside Petroleum, an energy company that was directly benefiting from the CMATS treaty.

Read more of this post

FBI thanks French police for high-profile arrest of Luxembourg’s former top spy

Luxembourg City

AGENTS OF THE UNITED States Federal Bureau of Investigation visited the northeastern French city of Nancy last week, reportedly to thank its local police force for arresting a former senior officer in Luxembourg’s spy agency. The case is said to be connected to a notorious cyptocurrency-based fraud scheme, which some claim may be the largest in history.

Frank Schneider headed the operations directorate of the Service de Renseignement de l’État Luxembourgeois (SREL), Luxembourg’s intelligence agency. Although he left the service in 2008, his name came up frequently in the context of a spy scandal that eventually brought down Luxembourg’s prime minister, Jean-Claude Juncker. The former spy was eventually acquitted of illegal conduct in that case —but he now appears to be in legal trouble of a different kind.

According to reports, US authorities have been looking for a man referred to in French media as “Frank S.” in connection to a massive Ponzi scheme that allegedly involves OneCoin, a Bulgarian-based cyptocurrency firm. British newspaper The Times has described the scheme as “one of the biggest scams in history”. It is believed that the OneCoin scheme defrauded victims around the world of over $4 billion.

Schneider was reportedly arrested on April 29 in Audun-le-Tiche, a small town on the French-Luxembourg border and not far from the Belgian and German borders. His arrest took place pursuant to an international warrant, which was later confirmed to have been issued by authorities in New York. It was reported at the time that Schneider’s arrest involved the deployment of members of Brigade de recherche et d’intervention —France’s equivalent of the Special Weapons And Tactics (SWAT) teams in the US.

The former spy is currently being held in detention at the Nancy-Maxéville prison, and is highly likely to be extradited to the US. American authorities have until June 28 to submit a formal extradition request to the Nancy office of the prosecutor.

Author: Joseph Fitsanakis | Date: 14 June 2021 | Permalink

Chinese state-linked cyber actor allegedly behind attack on global airline industry

Air India

A GROUP OF COMPUTER hackers with close links to the Chinese state are allegedly behind a wide-scale attack on the global airline industry, which includes espionage, as well as financial motives, according to a new report. If confirmed, the attack would constitute a global campaign against a single industry that is unprecedented in size, according to experts.

The most recent victim of this series of worldwide attacks is Air India, India’s government-owned flagship air carrier. In May of this year, the company was targeted by what officials described as “a highly sophisticated attack” that had begun over two months earlier. It was indeed in early February that the hackers had begun to collect information about Air India and trying to infiltrate its networks through a combination of methods, including spear-phishing. The resulting compromise affected the data of some 4.5 million of Air India’s passengers. Stolen information included passengers’ credit card details, as well as passport information, such as names and dates of birth.

But in a new report issued on Thursday, the Singapore-based cybersecurity firm Group-IB said that the methodology used by the perpetrators of the Air India attack resembled those used to hack other airline carriers around the world. Other victims have included Singapore Airlines, Malaysia Airlines, Finnair, as well as SITA, a Swiss-based provider of information technology services to airline operators in over 200 countries and territories around the world.

What is more, the Group-IB report claims “with moderate confidence” that the attacks on the global airline industry are being perpetrated by APT41. Also known as BARIUM, APT41 is a highly prolific group of computer hackers that is widely believed to be connected with the Chinese government. Since first appearing on the scene in 2006, APT41 has amassed a list of victims that include firms from almost every imaginable industry, including manufacturing, telecommunications, transportation, healthcare and defense. Some of its strikes are clearly financially motivated and include ransomware attacks. Others are espionage-related and point to the information needs of a nation-state —allegedly China.

In 2020, the United States Federal Bureau of Investigation added five members of APT41 to its “Most Wanted” list. The accompanying press statement accusing the five men of conducting “supply chain attacks to gain unauthorized access to networks throughout the world”, and attacking a host of companies on nearly every continent, including the Americas.

Author: Joseph Fitsanakis | Date: 11 June 2021 | Permalink

France suspends aid to Central African Republic over espionage charges

Juan Remy Quignolot

THE GOVERNMENT OF FRANCE has suspended all civilian and military aid to the Central African Republic (CAR), after authorities there charged a French national with espionage and conspiracy to overthrow the state. The charges were announced approximately a month after the arrest of Juan Remy Quignolot, 55 (pictured), who was arrested in CAR capital Bangui on May 10 of this year. Following Quignolot’s arrest, CAR police said they found more than a dozen cell phones, machine guns, ammunition and foreign banknotes in his hotel room.

Speaking to reporters in Bangui on Wednesday, the CAR’s attorney general, Eric Didier Tambo, said that Quignolot had been charged with espionage, illegal weapons possession, as well as conspiracy against the security of the state. According to CAR authorities, Quignolot has been providing training and material support to anti-government rebel groups for nearly a decade. However, CAR authorities have not specified for which country or group Quignolot performed his alleged activities.

The French Ministry of Foreign Affairs and the French embassy in Bagnui have not commented on Quignolot’s charges. When the French national was arrested in May, French Foreign Affairs Ministry officials said the move was part of “an anti-French campaign” orchestrated by Russia. Paris has been competing with Moscow for influence in this former French colony —a diamond- and gold-producing country of nearly 5 million people— which remains highly volatile following a bloody civil war that ended in 2016.

Earlier this week, France said it would immediately suspend its $12 million-a-year civilian and military aid to the CAR. The reason is that the African nation’s government had allegedly failed to take measures against “massive disinformation campaigns”, purportedly originating from Russia, which have “targeted French officials” in the CAR and the broader central African region. Despite suspending financial aid, France continues to maintain approximately 300 soldiers in the CAR. In recent years, however, France’s military presence in its former colony has been dwarfed by contingents of Russian military instructors, who are now training government forces.

Quignolot’s trial is expected to take place by December. Speaking about the Frenchman’s possible sentence, attorney general Tambo said on Wednesday that, “in cases of harming domestic security, you’re talking about lifetime forced labor”.

Author: Joseph Fitsanakis | Date: 10 June 2021 | Permalink

FBI built fake phone company in global wiretapping operation of historic proportions

Trojan Shield

THE UNITED STATES FEDERAL Bureau of Investigation built a fake telephone service provider for a secret worldwide operation that officials described on Monday as “a watershed moment” in law enforcement history. The operation, known as TROJAN SHIELD, began in 2018 and involved over 9,000 law enforcement officers in 18 countries around the world. When the existence of TROJAN SHIELD was announced in a series of official news conferences yesterday, officials said the operation had “given law enforcement a window into a level of criminality [that has never been] seen before on this scale”.

The operation centered on the creation of an entirely fake telephone service provider, known as ANØM. The fake firm advertised cell phones that were specially engineered to provide peer-to-peer encryption, thus supposedly making it impossible for government authorities to decipher intercepted messages or telephone calls between users. The FBI and law enforcement agencies in Australia and New Zealand used undercover officers to spread news about ANØM in the criminal underworld. The fake company’s modus operandi was to let in new users only after they had been vetted by existing users of the service. Within two years, there were nearly 10,000 users of ANØM around the world, with Australia having the largest number —approximately 1,500.

On Tuesday morning hundreds of raids were conducted in over a dozen countries, beginning with New Zealand and Australia, where over 500 raids were carried out, resulting in the arrests of 224 people. News reports suggest that over $45 million in cash has been seized in the past 24 hours in Australia alone, where law enforcement authorities dubbed the operation IRONSIDE. More raids have been taking place around the world, including in the United States. However, as raids were continuing into the evening, the FBI said it would not discuss the results of Operation TROJAN SHIELD until later today, Tuesday.

Speaking to reporters on Monday, Australian Prime Minister Scott Morrison described the undercover operation as “a watershed moment in Australian law enforcement history”, which would “echo around the world”. An early report on the operation, which was published by the San Diego Union Tribune in the United States, said the purpose of TROJAN SHIELD was two-fold: to dismantle organized criminal syndicates through evidence acquired from wiretaps, and to spread confusion and mistrust of encryption devices in the worldwide criminal underworld.

Author: Joseph Fitsanakis | Date: 08 June 2021 | Permalink

Russian spy activity has reached Cold War levels, say Germany’s intelligence chiefs

Thomas Haldenwang Bruno Kahl

RUSSIAN INTELLIGENCE ACTIVITY in Germany has reached levels not seen since the days of the Cold War, while espionage methods by foreign adversaries are now more brutal and ruthless, according to the country’s spy chiefs. These claims were made by Thomas Haldenwang, who leads Germany’s Agency for the Protection of the Constitution (BfV), and Bruno Kahl, head of the Federal Intelligence Service (BND), which operates externally.

The two men spoke to the Sunday edition of Die Welt, one of Germany’s leading newspapers. Their joint interview was published on June 6. Haldenwang told Die Welt am Sonntag that the presence of Russian spies on German soil reflects Moscow’s “very complex intelligence interest in Germany”. Accordingly, Russia has “increased its [espionage] activities in Germany dramatically” in recent years, said Haldenwang.

The counterintelligence chief added that Russia has a “large number of agents” that are currently active in German soil. Their goal is to try to “establish contacts in the realm of political decision-making”. One of many topics that the Kremlin is intensely interested at the moment is the future of Russia’s energy relationship with Germany, according to Haldenwang.

At the same time, Russia’s espionage methods are becoming “coarser” and the means that it uses to steal secrets “more brutal”, said the spy chief. Kahl, his external-intelligence colleague, agreed and added that Germany’s adversaries are “employing all possible methods […] to stir up dissonance between Western states”. Their ultimate goal is to “secure their own interests”, concluded Kahl.

However, despite Russia’s increased intelligence activity in Germany, the most serious threat to the security and stability of the German state is not Moscow, but domestic rightwing extremism, said Haldenwang. Notably, the German spy chief discussed the unparalleled rise of rightwing rhetoric on social media and websites. Such propaganda is being spread by people that he termed “intellectual arsonists”. Their “hate-filled messages” are essentially anti-democratic, said Haldenwang.

Author: Joseph Fitsanakis | Date: 07 June 2021 | Permalink

US government takes control of Internet domains used by SolarWinds hackers

Computer hacking

THE UNITED STATES GOVERNMENT has taken control of two Internet domains used last month in a large-scale phishing campaign by the same Russian-linked hacker group that was behind SolarWinds. The Department of Justice said on Tuesday it seized the two domains, theyardservice[.]com and worldhomeoutlet[.]com, on May 28, following a decision by a US court that authorized the action.

The large-scale attack was detected on May 25, and was delivered in over 3,000 emails sent from a compromised account belonging to the United States Agency for International Development (USAID). The compromised account was paired with the services of a legitimate email marketing company called Constant Contact. It was subsequently used to deliver phishing emails to the employees of over 150 organizations worldwide, most of them American.

The phishing emails featured an official USAID logo, beneath which was an embedded link to a purported “USAID Special Alert” titled “Donald Trump has published new documents on election fraud”. The link sent users to one of the two illicit subdomains, which infected victim machines with malware. The latter created a back door into infected computers, which allowed the hackers to maintain a constant presence in the compromised systems.

According to Microsoft Corporation, the hackers behind the phishing attack originated from the same group that orchestrated the infamous SolarWinds hack in 2020. The term refers to a large-scale breach of computer systems belonging to the United States federal government and to organizations such as the European Union and the North Atlantic Treaty Organization. The threat actor behind the attack is referred to by cybersecurity experts as APT29 or Nobelium, among other names.

Speaking on behalf of the US Department of Justice’s National Security Division, Assistant Attorney General John C. Demers said on Tuesday that the seizure of the two Internet domains demonstrated the Department’s “commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation”.

Author: Joseph Fitsanakis | Date: 03 June 2021 | Permalink