Finnish intelligence identifies Chinese state-linked group behind cyber-attack

Finnish Parliament

FINLAND’S INTELLIGENCE AGENCY HAS identified a hacker group with ties to the Chinese state as the culprit of an attack of “exceptional” magnitude and intensity that targeted the Finnish Parliament last year. The attack was reported in December 2020, but had been going on for several weeks prior to being discovered by the information security department of the Eduskunta (Parliament of Finland).

Finland’s National Bureau of Investigation (NIB) said at the time that the attack had compromised parts of the Parliament’s internal communication system, including a number of Parliamentary email accounts. Some of these accounts belonged to members of Parliament, while others belonged to members of staff, according to the NIB.

Little became known about the attack in the months after the incident was first reported by Finnish media. But on Thursday the Finnish Security and Intelligence Service (SUPO) issued a press release about the incident. It said that the attack was likely part of a state-sponsored cyber espionage operation. It also identified those responsible for the attack as Advanced Persistent Threat (APT) 31. The SUPO report did not name the state that sponsored the attack. However, several private computer security firms have linked APT31 with the Chinese government.

The SUPO report stated that the attack on the Finnish Parliament was neither random nor experimental. On the contrary, it was aimed at acquiring specific information stored at the Parliament’s computer servers. Although the motive for the attack is still being investigated, it is possible that it was part of an effort “to gather intelligence to benefit a foreign state or to harm Finland’s interests”, said SUPO. The spy agency added that it would not provide further details about the case while it remains the subject a criminal investigation.

Author: Joseph Fitsanakis | Date: 19 March 2021 | Permalink

Domestic extremism quickly ‘metastasizing’, US intelligence report warns

US Capitol

A MAJOR INTELLIGENCE REPORT produced for the United States Congress and the White House warns that violent extremism by ethnically and racially motivated militants is “metastasizing”, and “will almost certainly” result in further attacks in 2021. The report was produced by the National Counterterrorism Center of the Office of the Director of National Intelligence, in cooperation with the Federal Bureau of Investigation and the Department of Homeland Security. A declassified version of the report was released online, shortly after the White House and Congress were given a classified briefing on the matter.

The report —the first of its kind to be issued after the January 6 attack on the US Capitol Complex, points to threats from several strains of domestic violent extremism, ranging from environmental activists to animal rights extremists, anarchists and adherents of far-right ideologies. It states, however, that by far the greatest threat to public security is presented by ethnically and racially motivated violent extremists, in combination with armed militias. These groups “will almost certainly” grow more active in the coming months, due to a number of economic, political and social factors. Their members are feeling emboldened following the January 6 attacks, and social media are allowing these groups to expand their presence among the population. Widespread conspiracy theories about last November’s presidential elections are also fueling rightwing armed militancy, according to the report.

The same can be said about the economic pressures caused by the coronavirus pandemic and associated lockdowns, which anti-government extremists view as the imposition of tyranny by a government that should be overthrown. These kinds of social disruptions “will almost certainly” fuel further violence this year, according to the report. Members of domestic extremist organizations are currently exchanging ideas on methods of violence, and devising “innovations in targeting and attack tactics”, it adds. Additionally, white supremacist groups appear to rely on “the most persistent and concerning transnational connections” of any type of domestic violent extremist organizations.

Author: Joseph Fitsanakis | Date: 18 March 2021 | Permalink

Nashville Christmas Day bombing was not terrorism, FBI concludes

Nashville Tennessee

A MAN WHO LAST December detonated a massive bomb in Nashville, capital of the American state of Tennessee, was not motivated by political ideology, but by paranoid alien conspiracies, according to the Federal Bureau of Investigation. Anthony Quinn Warner kept the bomb inside his recreational vehicle, which he had parked in downtown Nashville. He was inside the vehicle as he detonated the bomb at 6:30 a.m. on Christmas Day, 2020, killing himself and injuring three people. Minutes before the explosion, Warner used an outdoor speaker attached to his vehicle’s sounds system to broadcast a pre-recorded message warning that a bomb was about to detonate.

The incident has perplexed authorities, because Warner did not seem to have a clear motive for his action. Additionally, his background did not fit that of a typical ideologically or racially motivated violent extremist. Now, however, after nearly three months of research, which included over 250 interviews with people who knew Warner, the FBI has concluded its investigation. The law enforcement agency said that Warner acted completely alone, and that he was not motivated by an ideological belief, nor was he aiming to bring about social or political change. This means that his violent action cannot be officially classified as terrorism.

The FBI investigation also rejects the intense speculation that took place following the attack, according to which Warner may have been motivated by fringe conspiracy theories about 5G technology. These rumors emerged due to the location of the attack. The latter caused extensive damage to a facility owned and operated by AT&T, one of the world’s largest telecommunications providers. However, the FBI concluded that Warner was not concerned about AT&T or 5G technologies. Instead, he was apparently motivated by a concoction of conspiracy theories fueled by paranoia. Most of these conspiracy theories revolved around a race of reptiles that Warner believed had secretly infiltrated human societies. He told some of his friends that he saw his personal mission as hunting down these aliens.

In addition to alien conspiracy theories, Warner’s act of violence was triggered by a number of personal relationships that deteriorated in the months prior to his suicide. However, his violent act was not aimed as revenge fueled by grievances against specific individuals or groups of people that lived near the site of the explosion, according to the FBI.

Author: Joseph Fitsanakis | Date: 17 March 2021 | Permalink

US designates two African armed groups as foreign terrorist organizations

THE UNITED STATES DEPARTMENT of state has designated two armed groups, based in Mozambique and the Democratic Republic of the Congo, as foreign terrorist organizations. In a statement released last week, the US Department of State identified the groups as Mozambique’s Ahlu Sunnah Wa-Jama and Congo’s Allied Democratic Forces (ADF). In its statement, the US Department of State also said that the two groups have declared allegiance to the Islamic State of Iraq and Syria (ISIS).

Established in Uganda in 1996, the ADF has had a presence in the eastern regions of Congo for over two decades. The ADF insurgency is rooted in regional ethnic rivalries. However, the group’s rhetoric became increasingly Islamist-centered in the 2000s. In 2013, following an intense recruitment campaign in Uganda, the ADF launched a series of attacks in northeastern Congo. It is currently involved in an insurgency against the Congolese military, which launched a major offensive against the group in 2019. Mozambique Ahlu Sunnah Wa-Jama, known locally as Al-Shabab (no relation to the Somali group by the same name), first appeared in 2017. Two years later, its leader, Abu Yasir Hassan, declared the group’s allegiance to ISIS and proclaimed that its goal was to establish an Islamic emirate in Mozambique.

US officials regularly refer to the two groups as “ISIS-DRC” and “ISIS-Mozambique”. In the spring of 2019, ISIS declared that the two groups were the armed wings of the so-called Islamic State Central Africa Province (ISCAP). The militant group added that the mission of ISCAP was to build a caliphate in central, eastern, and eventually southern Africa. In addition to designating ISIS-DRC and ISIS-Mozambique as foreign terrorist organizations, the US Department of State named their leaders, Seka Musa Baluku and Abu Yasir Hassan, as “specially designated global terrorists”.

Author: Ian Allen | Date: 16 March 2021 | Permalink

Israel behind mysterious attacks on Iranian oil tankers, report claims

Iran oil tanker

THE ISRAELI INTELLIGENCE SERVICES are behind a series of mysterious attacks that have damaged Iranian oil tankers in the past 24 months, according to a new report that cites sources in the international shipping industry. The report, which appeared last week in The Wall Street Journal, cites a number of “shipping professionals” and “regional officials”, but does not name them.

The paper claims that the Israeli government decided to target the Iranian oil tankers after it concluded that Tehran uses the proceeds from oil sales to fund groups like Hezbollah in Lebanon and the Houthi rebels in Yemen. Most of the damaged ships were attempting to deliver oil to Syria in violation of a host of international sanctions against Iran, which are led by the United States. Washington appears to be quietly supporting the Israeli attacks on Iranian ships, according to The Wall Street Journal.

The article cites an anonymous shipping industry professionals as claiming that at least three Iranian oil tankers sustained serious damage following Israeli attacks in 2019, while at least six more Iranian ships were struck by Israel in 2020. All nine ships were transporting oil. There is no information about alleged attacks on Iranian oil tankers in 2021, with the exception of one Iranian vessel that was targeted by a group of divers who allegedly planted a limpet mine on its keel in February of this year.

None of the Iranian ships that were allegedly attacked by Israel sunk as a result, said The Wall Street Journal. However, all sustained significant damage and were forced to return to Iranian ports. As a result, Iran’s ability to deliver oil to Syria has been severely disrupted in the past two years, said the paper.

Author: Joseph Fitsanakis | Date: 15 March 2021 | Permalink

CIA base in northern Niger expands, as Islamism spreads in the Sahel

Dirkou NigerA REMOTE BASE THAT houses an outpost of the United States Central Intelligence Agency in northeast Niger appears to have expanded in recent months, as Islamist groups continue to make their presence felt in Africa’s Sahel region. The base was built quietly in 2018 in Dirkou, a small oasis town and commune located 800 miles northeast of Niamey, Niger’s capital. The area where the CIA base is located is sparsely populated and arid, making it one of the world’s most inhospitable regions.

Northeast Niger, where Dirkou is located, is part of the Sahara. The region is largely inhabited by nomads, who journey in caravans between networks of oases that include Dirkou. In recent years, however, the territories of north-central Niger, northern Mali, southern Algeria, northern Chad and southern Libya, have witnessed an alarming growth of extremist groups, many of which are affiliated with al-Qaeda or the Islamic State. Increasing numbers of young men are joining these groups, whose leaders also exploit local grievances stemming from poverty, ethnic divisions and the dramatic effects of climate change.

Since 2014, France, the region’s former colonial power, has spearheaded a counterinsurgency campaign led by a 5,000-strong military force stationed in the Chadian capital, N’Djamena. But the effort has seen few successes, and its commanders have been forced to downgrade their objectives: instead of their original goal of neutralizing the Islamist insurgency, they now hope to contain it in the Sahara, and not let it spread to the region’s urban areas. It is within this context that the CIA outpost in Dirkou was set up in 2018.

The New York Times, which first reported the existence of the CIA outpost three years ago, said last week that it has seen no evidence to suggest that the outpost has been used for anything more than to carry out airborne surveillance using drones. However, the outpost now has a paved runway, which appears to be twice the length of the original landing strip of 2018. There are also a new buildings at the outpost, as well as a fixed perimeter, which indicates increased security, according to The Times. This, says the paper, shows that the CIA would now “be ready to carry out armed drone strikes” in the region, if authorized to do so by the White House.

Author: Joseph Fitsanakis | Date: 10 March 2021 | Permalink

German court blocks intelligence agency’s plan to spy on far-right party

BfV GermanyA GERMAN COURT HAS temporarily blocked an attempt by the country’s intelligence service to place a domestic far-right party under government surveillance for the first time since the Nazi era. The far-right party, Alternative für Deutschland, or AfD, was established in 2013. It shocked the German political establishment in 2017, when it received nearly 6 million votes, which amounted to 12.6% of the national vote. Since then, however, the AfD has been shunned by other political parties and the German media, for its alleged links with neo-Nazi groups and sympathizers.

Last week, German newsmagazine Der Spiegel revealed that the country’s domestic intelligence agency, known as the Federal Office for the Protection of the Constitution (BfV), had launched an operation to place the entirety of the AfD under surveillance. The purpose of the operation was to assess whether the party is part of a concerted campaign to undermine the German system of government and the constitution. According to Der Spiegel, the BfV decided to launch a surveillance campaign against the AfD following the conclusion of a two-year investigation into the legality of the party’s political platform and activities.

The BfV plan would enable the spy agency to monitor the AfD’s telecommunications, keep tabs on its officials, members and supporters, and investigate the party’s finances for foreign or illicit sources of income. The BfV’s proposed plan marked the first time that a German political party would become the target of systematic surveillance by the state since the Nazi era.

But a court in Cologne has now placed a temporary halt on the BfV’s plans, following a number of legal cases and emergency motions filed by the AfD against the plan, according to reports in the German media. The party reportedly argued that being placed under surveillance by the state would prevent it from competing fairly in elections against other political parties that were not targeted by state surveillance. On Friday, the court concluded that the BfV could not initiate its surveillance of the AfD until the party’s legal challenges against the measure had concluded. This means that the BfV plan is currently suspended until the courts decide on the case. It is not known at this time if the BfV intends to appeal the court’s decision.

Author: Joseph Fitsanakis | Date: 08 March 2021 | Permalink

Informant helped FBI infiltrate US militia accused of plot to kidnap politician

Michigan governor mansionA CONFIDENTIAL INFORMANT, WHO infiltrated an armed militia on behalf of the Federal Bureau of Investigation, will testify in a United States court about an alleged plot to kidnap the governor of Michigan. State prosecutors accuse members of Wolverine Watchmen, a self-styled anti-government militia, with plotting to kidnap Michigan governor Gretchen Whitmer in October of last year. A total of 14 men have been charged in connection with the alleged plot.

Two days or preliminary hearings have taken place this week, relating to three of those charged. Pete Musico, 43, Joseph Morrison, 26, and Paul Bellar, 22, are facing several charges, including providing material support to acts of terrorism and belonging to Wolverine Watchmen, which the FBI says was a domestic terrorist organization. According to the FBI, the group was founded specifically to recruit individuals who agreed with the goal of capturing and killing politicians, including Governor Whitmer.

The group’s ultimate goal, says the FBI, was to overthrow the government of the state of Michigan and then launch an all-out war against the federal government of the United States. The plan would begin with an attack on the Michigan governor’s residence, during which the assailants would use Molotov cocktails to draw out members of law enforcement. They would then detonate home-made bombs and other explosive devices to kill law enforcement responding to the fire.

However, according to testimony delivered on Thursday by FBI Special Agent Henrik Impola, a member of Wolverine Watchmen, who did not agree with the plot, contacted the authorities. The FBI then convinced the disillusioned member of the group to continue to attend meetings, in order to infiltrate the organization and provide further evidence of the plot. According to reports, the confidential informant is scheduled to testify at the hearing in the coming days.

Author: Ian Allen | Date: 05 March 2021 | Permalink

Venezuelan intelligence spied on Citgo executives on US soil, spy alleges

CitgoVENEZUELAN INTELLIGENCE SERVICES SPIED on executives of the Citgo Petroleum Corporation in the United States for at least a year, according to court testimony by a Venezuelan former counterintelligence official. The espionage targeted six executives of Citgo, a Texas-headquartered oil company owned by the Venezuelan government. The executives have been named as Gustavo Cardenas, Jose Luis Zambrano, Jose Pereira, Alirio Jose Zambrano, Tomeu Vadell and Jorge Toledo. Five of them are reportedly American citizens.

In 2017 the Venezuelan government accused the six executives of knowingly involving Citgo in a corrupt refinancing agreement, thus damaging the company’s financial wellbeing. They were arrested in Caracas and last year were given prison sentences ranging from eight to 13 years. The United States government condemned the court proceedings for lack of impartiality, and late last year imposed sanctions on the judge and leading prosecutors in the case.

On Wednesday the Reuters news agency said it had reviewed court documents from the appeal of the so-called “Citgo Six”. The documents include testimony from Ramon Balza, who in 2017 was director of operations for the Directorate General of Military Counterintelligence (DGCIM). The DGCIM is the military counterintelligence agency of Venezuela. According to Reuters, Balza told the appeals court on August 11 that the DGCIM and other Venezuelan intelligence agencies have been monitoring senior Citgo officials “ever since [Citgo] became Venezuelan”. He added that the monitoring includes physical surveillance, as well as wiretaps.

Balza’s testimony suggests that DGCIM and other Venezuelan intelligence personnel spied on the six (and possibly other) Citgo executives on American soil prior to their arrest in 2017. It is also possible, says Reuters, that the espionage against the executives was carried out by non-diplomatic foreign agents of Venezuela.

Author: Ian Allen | Date: 04 March 2021 | Permalink

Turkey and United States co-examine Russian missile system captured in Libya

Mitiga International AirportTURKEY AND THE UNITED States, two North Atlantic Treaty Organization (NATO) allies with a checkered relationship, have agreed to jointly examine a Russian missile system that was captured by fighters in Libya. Turkish troops are present on the ground in Libya, where they are fighting in support of the United Nations-backed Government of National Accord (GNA) in Tripoli. The United Arab Emirates and Russia support the Tobruk-based Libyan National Army (LNA) of General Khalifa Haftar.

Last year, General Haftar led the LNA in a major offensive aimed at capturing Tripoli and ending the conflict between the two sides, which has raged for nearly a decade. He was supported by Emirati advisors and Russian troops, which are ostensibly in Libya as private security contractors, but are commonly thought to receive directions from the Kremlin. In a surprise move, Turkey sent troops to assist in the defense of Tripoli. These troops were instrumental in beating back the LNA, and effectively terminating General Haftar’s ambitions.

In the process of beating back General Haftar’s’s offensive, GNA fighters took over the LNA’s airbase in Al-Watiya, 100 miles southwest of Tripoli, which LNA forces abandoned in haste. Among the looting was a Russian-built Pantsir missile defense system —reportedly captured in pristine condition. This is the Russian armed forces’ state-of-the-art self-propelled anti-aircraft system, which fires medium-range surface-to-air missiles. It had reportedly been given to the LNA by the Emiratis.

The captured Pantsir system disappeared for a few weeks, and eventually reappeared in the hands of a local militia in the town of Zawiya. The militia is commanded by Mohamed Bahroun, a Libyan warlord with links to the Islamic State. Turkish troops struck a deal with Bahroun, whose forces agreed to deliver the Pantsir to the Turkish-controlled Mitiga International Airport on the outskirts of Tripoli. Shortly afterwards, the United States warned Turkey that it was prepared to forcibly take control of the missile system, fearing that it could fall in the hands of the Islamic State. Washington also wanted to get its hands on Russia’s state-of-the-art anti-aircraft system.

According to reports, the two countries reached a deal in recent weeks. The United States sent a C-17 Globemaster cargo plane to Mitiga airport from its AFRICOM base in Germany, and collected the Pantsir. It then delivered it to Ankara, where it is now being examined by a joint team of Turkish and American weapons experts. Some weapons specialists suggest that this development could significantly affect Russia’s ability to counter NATO military systems, given that the Pantsir’s technology will now be compromised.

Author: Joseph Fitsanakis | Date: 03 March 2021 | Permalink

Analysis: Without fanfare, FBI places Putin’s right-hand man on most wanted list

Yevgeny PrigozhinWITHOUT MUCH FANFARE LAST week, the Federal Bureau of Investigation placed on its most wanted list Yevgeny Prigozhin, who is one of Russian President Vladimir Putin’s closest collaborators. Known as “Putin’s chef”, for providing catering services to the Kremlin, Prigozhin was indicted in February 2018 by United States prosecutors for his alleged role in Russia’s meddling in the 2016 presidential elections. According to the Special Counsel investigation, led by Robert Mueller, Prigozhin bankrolled the Internet Research Agency (IRA), which in turn played a central coordinating role in the effort to influence the outcome of the elections.

But it is one thing to be indicted by the US government, and quite another to be placed on the FBI’s most wanted list. What does this mean? And why did the FBI wait three years to place Prigozhin on its list of infamy?

With characteristic flamboyance, Prigozhin boasted victory against the FBI back in March of 2020, when US federal prosecutors requested that the Mueller-era criminal case against Concord Management and Consulting (CMC) be dismissed. Founded in 1995, CMC is Prigozhin’s flagship company. According to the US government, CMC was used to fund the IRA’s activities in the run-up to the 2016 US elections. Although some were surprised by that decision, it made sense from an intelligence point of view. US federal prosecutors said at the time that it would not be possible to prove the allegations against CMC due to a “classification determination”. The term basically meant that the US government could not prove the claims made against CMC without revealing “methods and sources”. The term refers to witnesses that have probably been recruited as US government assets, as well as to methods of surveillance that the government wishes to keep secret.

Even though the individual indictment against Prigozhin was never dropped, the flamboyant Russian boasted at the time that the dismissal of the case against CMC proved that he was not implicated in the US election meddling affair. He became even more boastful after September of last year, when Interpol removed his name from its international alert list. He reportedly began traveling outside Russia again, something that he had stopped doing after his 2018 indictment, out of an abundance of caution. At that time, everyone assumed that US prosecutors would eventually drop the case against Prigozhin too, for the same reason they had dropped the CMC case —namely a “classification determination”. Read more of this post

British SIGINT agency vows to integrate artificial intelligence into its operations

GCHQBRITAIN’S GOVERNMENT COMMUNICATIONS HEADQUARTERS, one of the world’s most advanced signals intelligence agencies, has published a position paper that vows to embrace artificial intelligence in its operations. For over 100 years, GCHQ, as it is known, has been in charge of spying on global communications on behalf of the British state, while protecting the government’s own communications systems from foreign espionage. In a report published on Thursday, the agency says it intends to use artificial intelligence (AI) to detect and analyze complex threats, and to fend against AI-enabled security challenges posed by Britain’s adversaries.

The report, entitled “Pioneering a New National Security: The Ethics of AI”, includes a foreword by GCHQ Director, Jeremy Fleming. Fleming was a career officer of the Security Service (MI5) until he became head of GCHQ in 2017. In his introductory note he argues that “technology and data” are engrained in the structure of GCHQ, and that AI has “the potential […] to transform [the agency’s] future operations”. The report acknowledges that GCHQ has been using AI for some time for functions including intelligence collection and automated translation. But the ability of AI to distinguish patterns in large sets of data in seconds, which would normally take humans months or years to detect, offers a transformational potential that should not be overlooked, it posits.

Security-related applications of AI are endless, says the report. They include measures against online child exploitation —for instance by detecting the methods used by child sex abusers to conceal their identities across multiple online platforms. Another potentially revolutionary application would be mapping global drug- or human-trafficking networks, by analyzing up-to-the-minute financial transactions and money-laundering activities around the world. Illicit activities that take place in the so-called “dark web” could also be mapped and monitored by AI systems, according to the report.

The report also states that GCHQ will seek ways to promote AI-related research and development in the United Kingdom. Its goal will be to establish bridges with industry by funding start-up ventures in AI, it states. Lastly, GCHQ will seek to formulate an ethical code of practice in AI, which will include best-practice guidelines, and will purposely recruit a diverse personnel of engineers, computer and data scientists. Future reports will tackle emerging technologies such as computational science and synthetic biology, among many others, the GCHQ report concludes.

Author: Joseph Fitsanakis | Date: 26 February 2021 | Permalink

Sweden charges consultant with spying for Russia, expels Russian diplomat

ScaniaA SWEDISH MAN HAS been charged with spying for Russia, after he was apprehended while meeting with a Russian diplomat stationed at the Russian embassy in Stockholm. Neither the Swedish man nor the Russian diplomat —who is believed to have been expelled from Sweden— have been named. Swedish government officials reportedly expelled the Russian diplomat following the incident, accusing him of working as an intelligence officer under diplomatic cover.

Government prosecutors said the Swedish man is 47 years old and worked as a consultant for numerous Swedish manufacturers. His employers included the car manufacturer Volvo, as well as Scania, a company that builds commercial vehicles, such as buses and trucks. According to Sweden’s public broadcaster, SVT, the man was arrested two years ago, in February 2019, while he was meeting in Stockholm with an accredited Russian diplomat. According to news reports, during the meeting the Swedish man gave the Russian a bag containing commercial secrets. In return, he received an envelope containing 27,800 Swedish kronor (US$3,350). These were confiscated by Swedish counterintelligence.

The indictment states that the 47-year-old Swede spied for Russia “for a number of years”, during which he routinely “transferred commercial secrets from his work computer to his home computer”. He would then transfer the files to USB memory sticks and pass them on to his Russian hander. Eventually, when his employer installed security software that monitored employees’ use of USB memory sticks, the consultant resorted to photographing material appearing on his work computer screen. He now faces “a lengthy sentence” if convicted, according to SVT.

Author: Joseph Fitsanakis | Date: 24 February 2021 | Permalink

Top Syrian chemical weapons scientist spied for CIA for 14 years, new book claims

Syrian Scientific Studies and Research CenterTHE TOP SCIENTIST IN Syria’s chemical weapons program, reputed to be among the world’s deadliest, spied for the United States Central Intelligence Agency for 14 years, according to a new book by Pulitzer Prize-winning reporter Toby Warrick. The claim is included in Warrick’s latest book, Red Line: The Unraveling of Syria and America’s Race to Destroy the Most Dangerous Arsenal in the World, which has been published this week by Doubleday.

The scientist, whose name Warrick is withholding from publication, was partly educated in the United States in the 1980s, after receiving an academic scholarship. Upon returning to Syria, he became a senior researcher in Institute 3000, a secret chemical weapons program that was hidden within the Damascus-based Scientific Studies and Research Center (SSRC). Known mostly by its French name, Centre D’Etudes et de Recherches Scientifiques (CERS), the center coordinated scientific research throughout the country. Camouflaged as a CERS engineering outfit, Institute 3000 maintained over 40 research and storage facilities that manufactured and housed Damascus’ stockpiles of military grade sarin, mustard gas, VX, and other nerve agents.

Citing interviews with “three former US intelligence officials familiar with the case”, and with a Syrian defector who knew the scientist, Warrick claims that the scientist was in his 30s when he reached out to the CIA. It allegedly happened in the mid-1990s, when the scientist was attending a conference in Europe. A number of months later, the scientist, who is simply referred to as “Ayman” in Warrick’s book, was approached in Damascus by a CIA case officer. He soon began sharing classified information with the CIA, which included samples of nerve agents that the Syrians were working on. In return he received regular payments from the US spy agency “in the form of cash transfers to a foreign bank account”, according to Warrick.

But the scientist’s service to the CIA ended abruptly in late 2001, says Warrick, when officers from Syria’s Mukhabarat intelligence agency appeared at his Damascus office and took him away for questioning. It turns out they were there to investigate reports that he had been asking foreign suppliers to CERS for payoffs, in return for recommending them for contracts with the research agency. But the scientist thought his work for the CIA had been betrayed, so he confessed to everything, without realizing that the Mukhabarat had no idea about his espionage. He was executed by firing squad on April 7, 2002 in the Adra Prison, on the northeast outskirts of Damascus, says Warrick.

Author: Ian Allen | Date: 22 February 2021 | Permalink

Iran spies on dissidents via web server based in Holland, registered in Cyprus

Computer hackingA WEB SERVER BASED in Holland and owned by a company registered in Cyprus is being used by the Iranian government to spy on its critics abroad, according to Dutch public radio. The information about Iranian espionage was revealed on Thursday by NPO Radio 1, one of Holland’s public radio stations, with the help of Romanian cybersecurity firm BitDefender.

The discovery was reportedly made after an Iranian dissident based in Holland was sent an infected file by a user of the popular instant messaging application Telegram. Instead of opening the file, the recipient contacted cybersecurity experts, who identified it as a type of infected software that is known to have been used in the past by the Iranian state. Once it infects a computer, the software takes screenshots and uses the machine’s built-in microphone to make surreptitious recordings.

According to BitDefender’s cybersecurity experts, the server is being used for “command and control” functions in order to facilitate remote control of infected computers and phones. These functions include stealing data, as well as collecting screen shots and audio recordings. The server had been previously used to penetrate computers in Holland, Sweden, Germany, and several other countries, including India.

Cybersecurity experts from BitDefender found that the infected file was delivered to its target via a web server facility based in Haarlem, a city located 20 miles west of Amsterdam. The cybersecurity company said the server is registered to a company that belongs to a Romanian service provider. The company is registered in Cyprus and provides services to a number of companies, including in this case an American company. The latter reportedly stopped using the service provider once it was told of the Iranian connection, according to reports.

Author: Joseph Fitsanakis | Date: 19 February 2021 | Permalink