Cybersecurity researchers uncover first-ever use of LinkedIn to spread malware

LinkedInCybersecurity researchers have uncovered what is believed to be the first-ever case of hackers using LinkedIn to infect the computers of targeted users with viruses, according to a new report. The hackers appear to have been sponsored by government and to have targeted employees of carefully selected military contractors in central Europe, according to sources.

The existence of the alleged cyberespionage operation was revealed on Wednesday by researchers at ESET, a cybersecurity firm based in Bratislava, Slovakia, which is known for its firewall and anti-virus products. The researchers said that the operation was carried out in 2019 by hackers who impersonated employees of General Dynamics and Collins Aerospace, two leading global suppliers of aerospace and defense hardware.

ESET researchers said that the hackers made use of the private messaging feature embedded in LinkedIn to reach out to their targets. After making initial contact with their intended victims, the hackers allegedly offered their targets lucrative job offers and used the LinkedIn private messenger service to send them documents that were infected with malware. In many cases, the targets opened the documents and infected their computers in the process.

The use of the LinkedIn social media platform by hackers to make contact with their unsuspecting victims is hardly new. In 2017, German intelligence officials issued a public warning about what they said were thousands of fake LinkedIn profiles created by Chinese spies to gather information about Western targets. Germany’s Federal Office for the Protection of the Constitution (BfV) said it had identified 10,000 German citizens who had been contacted by Chinese spy-run fake profiles on LinkedIn in a period of just nine months. And in 2018, a report by France’s two main intelligence agencies, the General Directorate for Internal Security (DGSI) and the General Directorate for External Security (DGSE), warned of an “unprecedented threat” to security after nearly 4,000 leading French civil servants, scientists and senior executives who were found to have been accosted by Chinese spies on LinkedIn.

Tricking a target into accessing a virus-infected document file is not a new method either. However, according to the researchers at ESET, this was the first case where LinkedIn was used to actually deliver the malware to the victims. As for the identity of the hackers, there appears to be no concluding information. However, ESET said the attacks appeared to have some connections to Lazarus, a group of hackers with North Korean links. Lazarus has been linked to the 2014 Sony Pictures hack and the 2016 Central Bank of Bangladesh cyber heist, which was an attempt to defraud the bank of $1 billion.

LinkedIn told the Reuters news agency that it had identified and terminated the user accounts behind the alleged cyberespionage campaign. Citing client confidentiality, ESET said it could not reveal information about the victims of the attacks. Meanwhile, General Dynamics and Raytheon Technologies, which owns Collins Aerospace, have not commented on this report.

Author: Joseph Fitsanakis | Date: 18 June 2020 | Permalink

Lax security behind greatest data loss in CIA’s history, internal report concludes

WikiLeaksComplacency and substandard security by the United States Central Intelligence Agency were behind the Vault 7 leak of 2017, which ranks as the greatest data loss in the agency’s history, according to an internal report. The Vault 7 data loss was particularly shocking, given that the CIA should have taken precautions following numerous leaks of classified government information in years prior to 2017, according to the report.

The Vault 7 data leak occurred in the first half of 2017, when the anti-secrecy website WikiLeaks began publishing a series of technical documents belonging to the CIA. Once all documents had been uploaded to the WikiLeaks website, they amounted to 34 terabytes of information, which is equivalent to 2.2 billion pages of text. The information contained in the Vault 7 leak is believed to constitute the biggest leak of classified data in the history of the CIA.

The Vault 7 documents reveal the capabilities and operational details of some of the CIA’s cyber espionage arsenal. They detail nearly 100 different software tools that the agency developed and used between 2013 and 2016, in order to compromise targeted computers, computer servers, smartphones, cars, televisions, internet browsers, operating systems, etc. In 2017 the US government accused Joshua Adam Schulte, a former CIA software engineer, of giving the Vault 7 data to WikiLeaks. Schulte’s trial by jury was inconclusive, and a re-trial is believed to be in the works.

Now an internal report into the Vault 7 disclosure has been made public. The report was compiled by the CIA WikiLeaks Task Force, which the agency set up with the two-fold mission of assessing the damage from the leak and recommending security procedures designed to prevent similar leaks from occurring in the future. A heavily redacted copy of the report has been made available [.pdf] by Senator Ron Wyden (D-OR) who is a member of the US Senate Select Committee on Intelligence. An analysis of the report was published on Tuesday by The Washington Post.

The report recognizes that insider threats —a data leak perpetrated on purpose by a conscious and determined employee, or a group of employees— are especially difficult to stop. It adds, however, that the Vault 7 leak was made easier by “a culture of shadow IT” in which the CIA’s various units developed distinct IT security practices and their own widely different systems of safeguarding data. Many cyber units prioritized creative, out-of-the-box thinking, in order to develop cutting-edge cyber-tools. But they spent hardly any time thinking of ways to safeguard the secrecy of their projects, and failed to develop even basic counterintelligence standards —for instance keeping a log of which of their members had access to specific parts of the data— according to the report.

Such standards should have been prioritized, the report adds, given the numerous high-profile leaks that rocked the Intelligence Community in the years prior to the Vault 7 disclosure. It mentions the examples of Edward Snowden, a former contractor for the National Security Agency, who defected to Russia, as well as Chelsea Manning, an intelligence analyst for the US Army, who gave government secrets to WikiLeaks. Manning spent time in prison before being pardoned by President Barack Obama. Snowden remains in hiding in Russia.

The CIA has not commented on the release of the internal Vault 7 report. An agency spokesman, Timothy Barrett, told The New York Times that the CIA was committed to incorporating “best-in-class technologies to keep ahead of and defend against ever-evolving threats”. In a letter accompanying the release of the report, Senator Wyden warned that “the lax cybersecurity practices documented in the CIA’s WikiLeaks task force report do not appear limited to just one part of the intelligence community”.

Author: Joseph Fitsanakis | Date: 17 June 2020 | Permalink

Russia accuses its top Arctic scientist of giving China submarine secrets

Valery MitkoRussian prosecutors have accused one of the country’s most respected hydroacoustics specialists, and globally recognized expert on the Arctic region, of spying for Chinese intelligence. This development highlights the competitive relationship between the two neighboring countries, who in recent years have tended to work together against what they perceive as a common threat coming from the United States.

The scientist in question is Dr. Valery Mitko, a St. Petersburgh-based hydroacoustics researcher, who is also president of Russia’s Arctic Academy of Sciences. Investigators with the Federal Security Service (FSB), Russia’s domestic security and counterintelligence agency, are accusing Dr. Mitko, 78, of having provided classified documents to Chinese intelligence.

The FSB first detained Dr. Mitko in February, when he returned from a stint as a visiting professor at Dalian Maritime University. Located in China’s northeastern Liaoning province, near the North Korean border, Dalian Maritime University is considered China’s foremost higher-education institution on maritime subjects, with many of its research projects funded directly by the Chinese Ministry of Transport. According to sources, Dr. Mitko gave a series of lectures at Dalian University in early 2018.

Upon arriving back to Russia from China, Dr. Mitko was detained and placed under house arrest. The FSB now claims that the Russian scientist gave the Chinese classified information relating to the underwater detection of submarines. The agency alleges that Dr. Mitko received payments in return for sharing this information with Chinese spies. However, Dr. Mitko’s lawyers argue that the information he shared with the Chinese “came from open sources”, and that he never knowingly came in contact with Chinese intelligence operatives.

There have been several arrests of Russian academics in recent years, who have been accused by the FSB of providing China with classified information. Last week saw the release from prison of Vladimir Lapygin, a 79-year-old avionics researchers, who was jailed in 2016 for allegedly giving China classified information on Russian hypersonic aircraft designs. In 2018, Russian authorities charged Viktor Kudryavtsev, a researcher at a Russian institute specializing in rocket- and spacecraft design, with passing secret information on spacecraft to researchers at the Von Karman Institute for Fluid Dynamics in Belgium. The FSB claimed that some of that information ended up in Chinese hands.

If convicted of the crime of espionage against the Russian state, Dr. Mitko faces a prison sentence of up to 20 years. He denies the charges against him.

Author: Joseph Fitsanakis | Date: 16 June 2020 | Permalink

Researchers claim discovery of remote eavesdropping method using light bulbs

Black HatResearchers at a university in Israel claim to have discovered a new low-tech eavesdropping technique, which relies on sound vibrations on the glass surface of light bulbs and requires equipment costing less than $1,000. The researchers claim that the technique, which they call “lamphone”, enables eavesdroppers to intercept, in real time, audible conversations from a room located hundreds of feet away, simply by recording the vibrations that sounds create on the glass surface of a common light bulb present in the room.

The announcement was made by Ben Nassi, Yaron Pirutin and Boris Zadov, who work at the Ben-Gurion University of the Negev and the Weizmann Institute of Science, near Tel Aviv. The three researchers said they used a low-cost telescope, which they placed nearly 100 feet from a target room containing a commercially available standard light bulb. They then placed each telescope behind a $400 electro-optical sensor. The goal of the contraption was to measure the minuscule changes in light output from the bulb, which are caused by sound vibrations off the bulb’s surface.

The electrical signals captured by the telescopes were digitized using commercially available analog-to-digital converters, before being transferred onto a laptop. The researchers then used commercially available software to filter out noise, and were gradually able to reconstruct clearly audible recordings of the sounds inside the target room. They claim that the resulting recording is clearly audible and can even be transcribed using Google speech-to-text software.

The three Israeli researchers say they now plan to present their findings at the Black Hat security conference in August, which will be held virtually due to health concerns caused by the coronavirus pandemic. Speaking to Wired magazine last weekend, they said that their goal is “not to enable spies or law enforcement, but to make clear to those on both sides of surveillance what’s possible”. “We’re not in the game of providing tools”, they said.

Author: Joseph Fitsanakis | Date: 15 June 2020 | Permalink

Austrian court finds unnamed retired Army colonel guilty of spying for Russia

Igor Egorovich ZaytsevA court in Austria has found a retired Army colonel guilty of providing classified military information to Russia, following a closed-door trial. Interestingly, the alleged spy’s name has not been made public. Some Austrian media have been referring to him as “Martin M.”.

The retired colonel was arrested in November of 2018, reportedly after having recently retired following a long military career. Austria’s Defense Ministry said at the time that the arrest came after a tip given to the Austrian government by an unnamed European intelligence agency from a “friendly country”. Martin M. reportedly served in peacekeeping missions in the Golan Heights and Cyprus before being posted at one of the Austrian Armed Forces’ two headquarters, located in the western city of Salzburg. It was around that time, say prosecutors, that the unnamed man began spying for Russia. Starting in 1992, he was in regular contact with his Russian handler, who was known to him only as “Yuri”.

“Yuri” was later identified by Austrian authorities as Igor Egorovich Zaytsev, who is allegedly an intelligence officer for the Main Directorate of the General Staff of the Russian Armed Forces. Known as GRU, the organization is Russia’s primary military-intelligence agency. The Austrian government has issued an international arrest warrant for a Zaytsev.

Zaytsev reportedly trained Martin M. in the use of “sophisticated equipment”, according to the Austrian prosecutor, which he used to communicate classified information to Moscow. He is thought to have given Russia information on a range of weapons systems used by the Austrian Army and Air Force, as well as the personal details of high-ranking officers in the Austrian Armed Forces. Austrian media initially reported that the alleged spy was paid nearly $350,000 for his services to Moscow.

During his trial, Martin M. reportedly admitted that he had received payments form the Russians to provide information. But he claimed that the information he gave them was already publicly available. His legal team compared his role to that of a “foreign correspondent” for a news service. The court, however, did not accept that argument and on Tuesday sentenced Martin M. to three years in prison.

Soon after his sentencing, the defendant was released on parole, after the court counted the 18 months he has served behind bars since his arrest as part of his prison sentence. His legal team said they plan to appeal the sentence.

Author: Joseph Fitsanakis | Date: 11 May 2020 | Permalink

Russia responds angrily to Czech expulsions of Russian diplomats in poison probe

Andrei KonchakovMoscow has reacted angrily to the Czech government’s decision to expel two Russian diplomats from the country, in response to allegations that the Kremlin plotted to assassinate three outspoken Czech politicians using a deadly poison. Russian officials pledged to respond in kind to Prague’s “indecent and unworthy deed”.

In April, the Czech weekly investigative magazine Respekt reported that a Russian assassination plot had been foiled by authorities in Prague. The magazine said a Russian citizen carrying a diplomatic passport had arrived in Prague in early April. The man allegedly had with him a suitcase with a concealed quantity of ricin —a deadly toxin. His alleged mission was to assassinate Prague mayor Zdeněk Hřib, as well as Pavel Novotny and Ondřej Kolář, two of Prague’s three district mayors. All three men are known as fervently anti-Russian. Earlier this year, Hřib led a nationwide effort to rename the square in front of the Russian Embassy in Prague after Boris Nemtsov, a Russian opposition activist who was gunned down in Moscow in 2015. Kolář has been advocating for years for the removal of Soviet-era statues from Prague’s public spaces.

A few weeks later, the Czech state television’s flagship investigative program 168 Hodin (168 Hours) claimed that the Russian diplomat who tried to smuggle poison into the country is Andrei Konchakov (pictured). Konchakov, 34, directs the Russian Center for Science and Culture in Prague, which is an extension of the Russian Embassy there. Citing “intelligence sources” 168 Hodin said Czech counterintelligence officials believed Konchakov was a actually an intelligence officer for Russia.

Now the Czech government has officially declared Konchakov and one of his colleagues at the Center for Science and Culture persona non grata (unwanted persons) and has ordered their expulsion from the country. In a statement issued on Friday, the Czech Ministry of Foreign Affairs accused the two diplomats of “trying to harm the relations of the two countries”. At a news conference in Prague, Czech foreign minister Tomas Petricek told reporters that Prague had “made efforts to settle the situation discreetly and diplomatically”. However, “Russia’s approach gives us no choice but to expel the diplomats”, said Petricek.

Speaking later that day, Russia’s Minister of Foreign Affairs, Sergey Lavrov, dismissed Prague’s allegations as “absurd”. The head of the Russian Foreign Intelligence Service (SVR), Sergey Naryshkin, called the expulsions “a very vile and mean provocation by the Czech authorities” and vowed that “retaliatory measures will be taken”. In a press statement issued in response to the expulsions, the Russian Ministry of Foreign Affairs said that the Czech authorities had “seriously damaged” bilateral relations between the two countries “without any basis”. The statement went on to state that “Prague’s actions will not only receive an adequate response, but will also be taken into account when forming the Russian policy on bilateral relations with the Czech Republic”.

Author: Joseph Fitsanakis | Date: 09 June 2020 | Permalink

US Defense Intelligence Agency responds to claims it was asked to spy on protesters

Defense Intelligence Agency DIAThe United States Defense Intelligence Agency, a Pentagon organization tasked with collecting foreign military secrets, has rejected reports that it is spying on protestors inside the country. However, it confirmed that it has set up an “internal coordination group” to respond to “requests for information” by the Department of Defense. This development follows reports that some DIA employees communicated their concerns about being asked to spy domestically to the organization’s director last week.

Several government agencies are reportedly involved in monitoring the waves of protests that have reputed  throughout the United States in recent weeks, following the death of George Floyd. Floyd, 46, died on May 25 while in police custody in Minneapolis. His death, which was captured on video by a bystander, has prompted nationwide calls for police accountability and regulation of excessive force by police officers, especially against members of minority groups.

The administration of US President Donald Trump has responded to the demonstrations —some of which have turned violent— with a show of force involving a wide range of federal law enforcement agencies. This is especially true in the nation’s capital, where military personnel have been repeatedly deployed to help police monitor and control the protests. Earlier this month, BuzzFeed News reported that the Trump administration authorized the Drug Enforcement Administration to “conduct covert surveillance” and collect intelligence on individuals and groups participating in the protests.

Now Yahoo News reports that some DIA employees are wondering whether their agency might follow suit. The DIA operates under the US Department of Defense and collects foreign military intelligence. Like the Central Intelligence Agency, the DIA is prevented by law from spying domestically. However, its personnel can support domestic intelligence efforts, providing they are detailed to a domestic law enforcement agency for specific operations or tasks.

According to Yahoo News’s Jenna McLaughlin, the possibility that DIA personnel might be assigned to domestic intelligence tasks relating to the nationwide protests was discussed last week during an agency-forum. The unclassified forum —called a “virtual town hall” was led last Wednesday by DIA Director Lt. Gen. Robert Ashley. McLaughlin cites “two sources” who were “briefed on what happened during the town hall”. They said that Gen. Ashley was asked by a DIA employee about the agency’s position on domestic intelligence operations. “We have been told that DIA is setting up a task force on ‘unrest’ in our country”, said the employee. “Is this true? Is it legal given intelligence oversight? What options will there be for employees who are morally opposed to such an effort?”

According to McLaughlin, the DIA director responded that the agency’s “core mission is foreign intelligence” and that it is “focused on the foreign nexus”. Gen. Ashley’s words were interpreted to mean that the DIA had been asked to investigate possible interference in the protests by foreign intelligence agencies —possibly in a manner similar to the meddling by Russian spies in the 2016 US elections. He added that the DIA’s Office of the General Counsel had “reviewed the issue to ensure that [the agency] was in compliance with the law”. However, Gen. Ashley did not explain whether the DIA had proceeded to carry out such an investigation.

On Saturday, DIA spokesman James M. Kudla told Yahoo News that the agency had set up “an internal coordination group to respond to increased and appropriate Department requests for information”. However, he added that “the mission of the Defense Intelligence Agency is to provide intelligence on foreign militaries to prevent and win wars”. He went on to say that “any claims that DIA has taken on  a domestic mission are false”. The “DIA has not established any task force related to the current domestic situation”, he said.

Author: Joseph Fitsanakis | Date: 08 June 2020 | Permalink

US embassy in UAE declined free COVID-19 tests due to Chinese spying concerns

Abu DhabiThe embassy of the United States in the United Arab Emirates declined free COVID-19 testing kits for its staff, because of concerns that the private labs offering the kits had ties to China, according to a new report. The testing kits were offered by a testing facility that was set up in March in Abu Dhabi, which is the capital of the oil-rich UAE —a close American ally in the Middle East.

The facility was built in record time, through a collaboration between two private companies. The main partner in the scheme is Group42, a privately owned artificial intelligence firm, which is based in the UAE and is believed to be partly owned by members of the kingdom’s royal family. Its partner in the venture is BGI Group, a Chinese company —formerly known as the Beijing Genomics Group— that specializes in genomics research. Since its establishment, the facility has reportedly delivered over 2 million COVID-19 testing kits —complete with reagents— for the population of the UAE, which numbers just over 9 million. Given these numbers, local officials have hailed the initiative as a success and credit it with having produced “one of the largest per capita testing rates in the world”. The oil-rich kingdom has so far reported about 36,000 confirmed coronavirus cases, which have resulted in 270 deaths —about 2.5 deaths per 100,000 UAE residents.

But, according to The Financial Times, the United States embassy in Abu Dhabi turned down an offer for free COVID-19 testing kits for its employees by Group42. The paper quoted an anonymous United States government official, who said that the offer was “politely declined” last month by the embassy leadership. American State Department officials were allegedly concerned that the DNA information of tested embassy employees could be compromised and “find its way to Beijing”, said the source. “Concerns were raised about patient privacy and the way that the tests could be used”, added the official, and described the involvement of BGI in the venture as “a red flag” for Washington.

BGI Group told the paper that it had no links to the government of China and no access to the data of patients, which were stored in Group42 facilities in the Emirates. The UAE-based company said that it followed “strict information security and data privacy protocols are in place” to protect sensitive information. The firm refused to divulge information about its owners, citing strict laws that are in place in the kingdom.

But the incident illustrates the growing suspicion in relations between the US and China. This poses difficult dilemmas for third countries, like the UAE. The oil-rich state is among several monarchies in the Gulf that have deepened their relations with China in recent years, in both the political and economic domains. Since 2000, the value of bilateral trade between Abu Dhabi and Beijing has grown from $2 billion to nearly $70 billion per year. At the same time, the UAE is one of the largest purchasers of US military technology in the world. The oil-rich monarchy spends on average $3 billion annually to acquire American weapons. Recently, however, Abu Dhabi has shown an increasing interest in Chinese-made weapons. Its armed forces and police departments now use several Chinese weapons and surveillance systems. At the same time, Huawei, a Chinese-owned telecommunications hardware producer, is scheduled to build the nation’s 5G cellular network. Washington has expressed serious concerns about that decision.

Speaking to The Financial Times, the anonymous US government official said that these steps by the UAE leadership, which are bringing it closer to China, “risk rupturing the long-term strategic relationship [the country has] with the US”.

Author: Joseph Fitsanakis | Date: 04 June 2020 | Permalink

Argentine former president and spy agency director indicted in wiretapping probe

kirchner fernandezThe former president of Argentina, Mauricio Macri, has been indicted as part of a widening investigation into a domestic spying program, which allegedly targeted opposition politicians, journalists and other public figures. The alleged espionage took place between 2015 and 2019, when Macri occupied the country’s highest office.

In 2015, Macri, a successful businessman and former mayor of Buenos Aires, became the first democratically-elected president of Argentina in 100 years that came from a party other than the populist brand described as ‘Peronist’ in the post-war era. His presidency was marked by a turn to the right, as well as numerous investigations into allegations of corruption against prior heads of state, notably Cristina Fernández de Kirchner, whom Macri succeeded in the presidency.

But Kirchner is now back, serving as vice-president under Argentina’s new president, Alberto Fernández. Fernández, a Peronist, took office in December of 2019, after defeating Macri in a hotly contested race. Among Fernández’s top agenda items is the reform of the country’s Federal Intelligence Agency (AFI). The agency used to be known as the Secretaría de Inteligencia del Estado (SIDE) until 2015, when then-President Kirchner dissolved the organization and replaced it with the AFI, in order to combat alleged human-rights abuses by SIDE agents. But Kirchner has always said that her work in reforming the old SIDE was left incomplete. Her running mate, Fernández, promised to complete her work if elected. In his first post-election speech, President Fernández said that the SIDE/AFI would be reformed. He famously told his jubilant supporters: “Never again, the secret state. Never again, the cellars of democracy”. Soon afterwards, Fernández appointed Cristina Caamaño, an attorney and government administrator with experience in the area of civil liberties, to lead the AFI.

Last week, Caamaño gave a federal court in Buenos Aires a deposition containing list of over 80 names of Argentine citizens, who were allegedly spied on by the AFI without a warrant during Macri’s administration. In her deposition, Caamaño alleges that the individuals had their emails “spied on without any court order”, from as early as June 2016 until the final days of Macri’s presidency. According to local media reports, the list of alleged victims includes political opponents of Macri, as well as investigative journalists, government officials, and notable members of Argentina’s business community. There are also police and military officers on the list as well as artists, intellectuals, and trade unionists. Caamaño asked the court to investigate, aside for Macri, Gustavo Arribas, who served as AFI director under the previous president, as well as his deputy director in the spy agency, Silvia Majdalani, and her brother-in-law, Darío Biorci. The names of other alleged culprits in Caamaño’s deposition remain secret, reportedly because these individuals are still serving as undercover agents in the AFI.

On Wednesday, Caamaño’s deposition was shared with the Argentine Congress, and are now being debated in various committees, including the intelligence committee. Congress members from President Fernández’s Partido Justicialista have expressed strong support for the probe. But the opposition is highly skeptical and has asked for more information from Caamaño’s office.

Author: Joseph Fitsanakis | Date: 02 June 2020 | Permalink

India expels Pakistan embassy officials for allegedly carrying out espionage

Pakistan embassy IndiaIndia has expelled two officials at the High Commission of Pakistan in New Delhi, after they were allegedly caught with fake Indian identity papers while trying to acquire classified documents. But the Pakistani government has rejected the allegations and subsequent expulsions as “a part of persistent anti-Pakistan propaganda” from India, and said the two officials were tortured while under detention by Indian authorities.

The expulsion orders followed the arrest of three Pakistani citizens, who were identified as Abid Hussain, 42, Tahir Khan, 44, and Javed Hussain. The Times of India said Abid Hussain had been working at the Pakistani embassy’s visa issuance department since late 2018. Khan was “an upper division clerk” at the embassy and arrived in India at around the same time Abid Hussain did, said the paper. Javed Hussain has been working as a driver at the embassy since 2015, and was reportedly released by the Indian authorities after he was found not to have been implicated in the alleged espionage.

The Times cited unnamed sources in New Delhi in claiming that the three Pakistanis had been arrested by Indian police at an undisclosed location in the Indian capital’s centrally located Karol Bagh neighborhood. The men were reportedly there to receive “highly sensitive information” by unnamed Indian “defense personnel”. Javed Hussain and Khan were reportedly found to be carrying Indian identification cards bearing fake names. They also had in their possession what the newspaper called “incriminating documents”, two smartphones and 15,000 rupees, which equal to around $200.

On Sunday, India’s Ministry of Foreign Affairs said that Javed Hussain and Khan had been declared “persona non grata” and had been ordered to leave the country within 24 hours. The reason for their expulsion was “indulging in activities incompatible with their status as members of a diplomatic mission”. The phrase is used in the international legal vernacular to describe an accredited diplomat engaging in intelligence operations abroad without the consent of his or her host nation. The Ministry also said that it had summoned the Pakistani ambassador and issued him with a “strong protest” about the incident.

The Indian government said late on Sunday that it was investigating whether other Pakistani embassy officials had been engaging in espionage. Diplomatic observers expressed certainty last night that Islamabad would expel at least two Indian diplomats from the country in a tit-for-tat response to India’s move.

Author: Joseph Fitsanakis | Date: 01 June 2020 | Permalink

As ISIS goes online due to COVID-19, it publishes a new cybersecurity magazine

Islamic StateAs the Islamic State continues to transfer its activities online due to the coronavirus pandemic, the group has published the first issue of a new cybersecurity magazine, aimed at helping its members evade surveillance. The Islamic State, known previously as the Islamic State of Iraq and Syria, has always been active online. But the COVID-19 pandemic has prompted it to augment the volume and intensity of its online work, for two reasons: first, to protect its members from the virus; second, to recruit young people who are spending more time online as a result of lockdowns taking place across the world.

Amidst this shift to the online environment, the Islamic State has published the first issue of what appears to be a new cybersecurity magazine. Veteran reporter Bridget Johnson, currently the managing editor for Homeland Security Today, said earlier this week that the 24-page magazine is titled The Supporter’s Security and is published in two versions, one in the Arabic and one in the English language.

Johnson reports that the new magazine is produced by the Electronic Horizons Foundation (EHF), the Islamic State’s information technology wing. Since its appearance in 2016, the EHF has taken it upon itself to operate “as an IT help desk of sorts” to assist Islamic State supporters avoid online tracking and surveillance by state agencies, says Johnson. It its inaugural proclamation, the EHF called on Islamic State supporters to “face the electronic surveillance” and educate themselves about “the dangers of the Internet” so that “they don’t commit security mistakes that can lead to their bombardment and killing”. Read more of this post

Russia flew unmarked military aircraft to Libya to evacuate mercenaries, US claims

Libyan National Army LibyaThe United States has alleged that the Russian military flew over a dozen unmarked aircraft to Libya, in an attempt to provide air support for Russian mercenaries who are fighting in Tripoli. If true, this development marks a major escalation of Russia’s military intervention in the Libyan civil war.

The war has been raging in Libya since 2011, when a popular uprising backed by the West and its allies led to the demise of the country’s dictator, Muammar Gaddafi. Much of the east of the country is controlled by the United States-backed Tobruk-led Government, which is affiliated with the Libyan National Army (LNA) and its commander, Field Marshal Khalifa Haftar. Russia also backs the LNA and is vying with the United States for influence among Haftar’s commanders and troops. The LNA is fighting against the United Nations-recognized Libyan Government of National Accord (GNA), which is supported by Qatar and Turkey.

On Tuesday, the Africa Command of the United States Department of Defense alleged that Russian pilots had flown military planes to Jufra, an LNA stronghold. The Americans claimed that the jets had been repainted in Syria to hide their Russian Federation insignia, before being flown first to Tobruk, in Libya’s east, and from there to Jufra. According to the Pentagon, the Russian planes were flown to Libya in order to provide air support to over 1,000 Russian mercenaries who are fighting alongside the LNA.

The mercenaries reportedly belong to the PMC Wagner (also known as the Wagner Group), a Russian security contractor with presence on the ground in Syria, eastern Ukraine, the Central African Republic, and elsewhere. Western officials allege that Russian private contractor firms like Wagner could not operate without permission from the Kremlin. According to recent reports, Wagner personnel have been participating in the LNA’s year-long effort to take Tripoli from the hands of the GNA and by doing so put an end to the Libyan civil war. But the offensive has not been going well in recent days, and Wagner forces were reportedly pushed back by Turkish- and Qatari-supported GNA troops.

The US Pentagon alleged that Moscow sent the Russian military aircraft to Libya in order to “provide close air support and offensive fires for the Wagner Group PMC that is supporting the LNA’s fight”. Other commentators have argued that the main purpose of the mission was to reach the outskirts of Tripoli and airlift the Russian mercenaries to safety. But Ahmed Mismari, a spokesman for the LNA, rejected reports of the arrival of Russian military aircraft to Libya as “media rumors and lies”. He said that all aircraft used by the LNA were “repaired […] old Libyan jets”. The Russian military has not commented on the allegations by the US Pentagon.

Author: Joseph Fitsanakis | Date: 28 May 2020 | Permalink

Exiled former intelligence official says Saudi government abducted his children

Muhammad bin NayefA Saudi government official, who served as a senior advisor to the oil kingdom’s former Crown Prince, has accused the Saudi monarchy of abducting his children in order to force him to end his self-exile in Canada. With a doctorate in artificial intelligence from the University of Edinburgh, Dr. Saad al-Jabri was until 2015 a rare example of a highly educated government administrator among Saudi Arabia’s ruling elite. Dr. al-Jabri rose in the ranks of the Saudi aristocracy in the 1990s under the tutelage of his patron, Crown Prince Muhammad bin Nayef (pictured). Prince bin Nayef is the grandson of Saudi Arabia’s founding monarch, King Abdulaziz, and until 2015 was destined to succeed King Abdullah and occupy the kingdom’s throne. Eventually, bin Nayef appointed Dr. al-Jabri as Minister of State and made him his most senior and trusted adviser on matters of security and intelligence.

Western intelligence officials credit Dr. al-Jabri with transforming the Saudi security establishment in the 2000s, by introducing scientific methods in investigations, associated with digital forensics, data mining and other advanced techniques. Thanks to his British upbringing and education, Dr. al-Jabri operated with ease and comfort in Western capitals. He soon became the primary link between Saudi Arabia and the so-called “Five Eyes Alliance” —a longstanding intelligence-sharing agreement between the United States, Britain, Canada, Australia and New Zealand. Read more of this post

Israeli prime minister publicly thanks Mossad chief for help with COVID-19

Yossi Cohen MossadThe embattled Prime Minister of Israel, Benjamin Netanyahu, met publicly with the Director of the Mossad, Yossi Cohen, and thanked him for leading the country’s procurement efforts during the COVID-19 crisis. The meeting was a rare public acknowledgement of the central role that the secretive spy agency played during the pandemic.

Early on during the COVID-19 outbreak, it was reported that the intelligence agencies of Israel were playing an increasingly important role in the Jewish state’s effort to combat the effects of the coronavirus in its territory. In an uncharacteristic move, the government went out of its way to advertise the participation of its secretive spy agencies in the national effort to limit the spread of the virus.

In a television interview, an unnamed official for Israel’s external intelligence agency, the Mossad, said the agency had managed to secure 100,000 coronavirus testing kits, 25,000 N-95 masks and 100 ventilators. The material had been acquired “from unnamed countries” by Mossad officers, he said. The officers had to “race to [foreign] factories” and secure these critical supplies after they had been “ordered by other countries”, he added. The agents then had to coordinate secret airlifts so that the medical material could be transported to Israel in time.

But many of the coronavirus testing kits procured by the Mossad turned out to be incomplete. According to local media reports, when the kits arrived in Israel from “an unidentified Gulf state”, scientists realized that they were useless. That was because they arrived without the chemical reagents that were required to carry out complete tests on subjects. These reagents were eventually procured from South Korea and arrived in Israel nearly a month later, when demand for them was far less urgent. The Mossad was heavily criticized for this operation.

But last weekend, Prime Minister Netanyahu publicly thanked the Mossad director for leading the nation’s Joint Procurement Command Center during the COVID-19 pandemic. He told Director Cohen that he had carried out his tasks “exceptionally well [and] the results speak for themselves”. The meeting took place to mark the return of the procurement centers’ command to the Ministry of Health. But the Mossad may be asked to step in again, said Netanyahu: “we are currently passing the torch”, said the prime minister. However, “we do not know what the next day, or the next month, will bring. Since you have acquired the experience, remember it, we may need it again”, he told Cohen.

Author: Joseph Fitsanakis | Date: 26 May 2020 | Permalink

US threatens to end intelligence sharing if Australian state joins Chinese venture

Belt and Road InitiativeThe United States has warned that it might be forced to stop sharing intelligence with Australia if the country’s second most populous state enters into a much-heralded investment agreement with China. The Australian state of Victoria has said it intends to join Beijing’s Belt and Road Initiative, a worldwide investment venture that was announced with much fanfare by Chinese President Xi Jinping in 2013.

The initial goal of the venture was to encourage economic cooperation between China and countries of the Eurasian region. Eventually, the project’s scope expanded to include agreements with countries in Asia, Africa and Europe, mostly through the Chinese-led construction of telecommunications and transportation networks, which trace the trading routes of the Silk Road of ancient times.

Although Australia is not a participant in the Belt and Road Initiative, the Australian state of Victoria announced its decision to join the project in late 2019. The decision has been criticized by senior Australian federal officials, including Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton. These officials argue that any interference by China in the Australian national telecommunications network could compromise the national security of the country as a whole.

On Sunday, the US Secretary of State Mike Pompeo warned Australia that Washington would look “incredibly closely” at aspects of the Belt and Road Initiative affecting telecommunications. Pompeo, who was Director of the Central Intelligence Agency before his current post, told Sky News that some aspects of the project were designed to “build up the capacity of the Chinese Communist Party to do harm” around the world.

In his interview, Pompeo referred to the so-called “Five Eyes” alliance (also known as “UKUSA”), which is a longstanding intelligence-sharing agreement between the United States, Britain, Canada, Australia and New Zealand. He added that the US government was concerned that the Victoria state government’s decision to participate in the Chinese venture project could “have an adverse impact on our ability to protect telecommunications from our private citizens, or security networks for our defense and intelligence communities”.

If that were to happen, said Pompeo, then the US would “not take any risks to our telecommunications infrastructure, [or] any risk to the national security elements of what we need to do with our Five Eyes partners”. In the US government determined that these risks were real, “we simply disconnect, we will simply separate”, Pompeo concluded.

Author: Joseph Fitsanakis | Date: 25 May 2020 | Permalink