Russian government cyber spies ‘hid behind Iranian hacker group’

Computer hackingRussian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, released on Monday, concerns a Russian cyber espionage group termed “Turla” by European cyber security experts.

Turla is believed to operate under the command of Russia’s Federal Security Service (FSB), and has been linked to at least 30 attacks on industry and government facilities since 2017. Since February of 2018, Turla is believed to have successfully carried out cyber espionage operations in 20 different countries. Most of the group’s targets are located in the Middle East, but it has also been connected to cyber espionage operations in the United States and the United Kingdom.

On Monday, officials from Britain’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) said Turla had hijacked the attack infrastructure of an Iranian cyber espionage group. The group has been named by cyber security researchers as Advanced Persistent Threat (APT) 34, and is thought to carry out operations under the direction of the Iranian government.

The officials said there was no evidence that APT34 was aware that some of its operations had been taken over by Turla. Instead, Russian hackers stealthily hijacked APT34’s command-and-control systems and used its resources —including computers, servers and malicious codes— to attack targets without APT34’s knowledge. They also accessed the computer systems of APT34’s prior targets. In doing so, Turla hackers masqueraded as APT34 operatives, thus resorting to a practice that is commonly referred to as ‘fourth party collection’, according to British and American officials.

The purpose of Monday’s announcement was to raise awareness about state-sponsored computer hacking among industry and government leaders, said the officials. They also wanted to demonstrate the complexity of cyber attack attribution in today’s computer security landscape. However, “we want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them”, said Paul Chichester, a senior GCHQ official.

Author: Joseph Fitsanakis | Date: 22 October 2019 | Permalink

Advertisements

Iran abducts France-based dissident in ‘complex intelligence operation’

Ruhollah ZamIranian authorities have announced the capture of a Paris-based Iranian dissident, who was reportedly lured out of France and then abducted by Iranian agents in a third country. The kidnapped dissident is Ruhollah Zam, 46, son of  Mohammad-Ali Zam, a well-known reformist cleric who served in top Iranian government posts after the 1979 Islamic Revolution. But in 2009 the younger Zam distanced himself from this father and sided with the so-called Green Movement, whose leaders called for the toppling of the government in Tehran. Around that time, Zam was part of a group of Internet-savvy Iranians who launched AmadNews. The website’s stated purpose was “spreading awareness and seeking justice” in Iran, and it soon became the online voice of the Green Movement.

Zam was promptly arrested and jailed for urging Iranian protesters to topple the government. He was eventually released thanks to his father’s status and reputation. He quickly fled Iran and settled in France, from where he continued his online work through AmadNews and its successor, a website and Telegram channel called Seda-ye Mardom (Voice of the People). The Iranian government accuses Zam of inciting violence against the state and claim that his online agitation is funded by the intelligence services of countries like France, Israel and the United States.

On October 15, Iran’s state-owned media network aired a video showing a bound and blindfolded Zam surrounded by armed officers of the Islamic Revolutionary Guard Corps (IRGC). The Iranian government announced that Zam had been captured following a “complicated intelligence operation” using “modern intelligence methods and innovative tactics” to lure Zam out of France and into the hands of he IRGC. It eventually emerged that Zam had flown from France to Jordan on October 11, and from there to Baghdad, Iraq, on October 12. He appeared to be under the impression that he would travel to the Iraqi city of Najaf in order to meet Ali al-Sistani, arguably the most senior Iranian cleric in Iraq.

In the same video, Zam is shown sitting in a armchair next to an Iranian flag, making a statement. He calmly looks at the camera and says that he “fully regrets” his actions directed against Iran. He then says that he made the mistake of entrusting his security to the intelligence services of France. Finally, he warns other dissidents who are involved in agitation against the Iranian state to not trust foreign governments. He names the latter as “the United States, Israel, Saudi Arabia and Turkey”. Iranian officials have not responded to questions about Zam’s current status and fate.

Author: Joseph Fitsanakis | Date: 21 October 2019 | Permalink

Russia preparing to swap imprisoned spies with NATO members, sources claim

LithuaniaThe Russian government is preparing to swap a number of imprisoned spies with at least two member states of the North Atlantic Treaty Organization (NATO), according to reports. The Estonia-based news agency BNS, which is the largest news agency in the Baltics, said on Wednesday that negotiations between Russian and Lithuanian, as well as probably Norwegian, officials were nearing completion.

The alleged spies at the center of the reputed spy swap are said to include Nikolai Filipchenko, who is reportedly an intelligence officer with the Russian Federal Security Service (FSB). Filipchenko was arrested by Lithuanian counterintelligence agents in 2015, allegedly while trying to recruit double agents inside Lithuania. He was charged with using forged identity documents to travel to Lithuania on several occasions between 2011 and 2014. His mission was allegedly to recruit officers in Lithuania’s Department of State Security in order to install listening bugs inside the office of the then-Lithuanian President Dalia Grybauskaite. In 2017, a district court in the Lithuanian capital Vilnius sentenced Filipchenko to 10 years in prison. The alleged Russian spy refused to testify during his trial and reportedly did not reveal any information about himself or his employer. He is believed to be the first FSB intelligence officer to have been convicted of espionage in Lithuania.

BNS reported that the Russians have agreed to exchange Filipchenko for two Lithuanian nationals, Yevgeny Mataitis and Aristidas Tamosaitis. Tamosaitis is serving a 12-year prison sentence in Russia, allegedly for carrying out espionage for the Lithuanian Defense Ministry in 2015. In the following year, a Russian court sentenced Mataitis, a dual Lithuanian-Russian citizen, to 13 years in prison, allegedly for supplying Lithuanian intelligence with classified documents belonging to the Russian government. Lithuanian authorities have refused to comment publicly about Filipchenko and Mataitis, saying that details on the two men are classified. According to BNS, the spy swap may involve two more people, an unnamed Russian national and a Norwegian citizen, who is believed to be Frode Berg, a Norwegian retiree who is serving a 16-year jail sentence in Russia, allegedly for acting as a courier for the Norwegian Intelligence Service.

BNS said on Wednesday that the Lithuanian State Defense Council, which is chaired by the country’s president, had approved the spy exchange, and that Moscow had also agreed to it. On Thursday, however, a spokeswoman for Russia’s Foreign Affairs Ministry said she had “no information on this issue” that she could share with reporters.

Author: Joseph Fitsanakis | Date: 18 October 2019 | Permalink

Russia detains American diplomats for traveling to top-secret military site

SeverodvinskRussian authorities detained three American diplomats because they allegedly tried to enter a highly secret weapons testing site in northern Russia, according to reports. The site in question is located near the northern Russian city of Severodvinsk. The city is home to a number of military shipyards and is thus restricted for non-Russians. The latter require a special permit to enter it.

In August of this year, Western media reported on a mysterious explosion that took place in a weapons research site located near Severodvinsk. The explosion allegedly happened during testing of a top-secret prototype rocket engine. Russian authorities revealed that five workers died as a result of the explosion, but denied media reports that the explosion had caused a radiation leak that had affected Severodvinsk. The Russian Ministry of Defense also denied allegations that a large-scale nuclear clean-up operation had been conducted in and around Severodvinsk. At the same time, Russian authorities restricted maritime traffic in the White Sea, on the shores of which Severodvinsk is situated.

On Wednesday, the Russian news agency Interfax reported that three American diplomats had been detained by authorities near Severodvinsk, allegedly because they tried to enter the city without the necessary permits. The diplomats were not named but are believed to be military attachés that serve in the United States embassy in Moscow. Interfax said the three were detained on Monday while onboard a passenger train. They were removed from the train, questioned and eventually released. However, they might still face charges of trying to enter a restricted area without permission.

The United States Department of State issued a statement claiming that the three diplomats “were on official travel and had properly notified Russian authorities of their travel”. A State Department spokesman said on Wednesday that the three diplomats’ travel plans had been authorized by the Russian Ministry of Defense. But authorities in Russia said that the three military attachés had been authorized to travel to the city of Arkhangelsk, which is located approximately 30 miles east of Severodvinsk. “We are quite willing to provide the United States embassy with a map of the Russian Federation”, the Russian statement concluded.

Author: Joseph Fitsanakis | Date: 17 October 2019 | Permalink

US Special Forces secrets could fall into hands of Russians as Kurds side with Syria

Yekîneyên Antî Teror‎American defense officials with knowledge of Special Operations Forces activities in Syria are concerned that their secrets may fall into the hands of the Russians, as the Kurds switch their allegiance to the Moscow-backed Syrian government. Members of the United States Special Operations Forces and the Central Intelligence Agency (CIA) have had a presence in Kurdish-dominated northern Syria since at least 2012. Following the rise of the Islamic State in 2014, the Americans have worked closely with the Kurds in battling the Islamist group throughout the region.

Throughout that time, US Special Operations Forces have trained members of the Syrian Democratic Forces (SDF), a political and military umbrella of anti-government Syrian groups, which is led by the Kurdish-dominated People’s Protection Unit (YPG) militias. Until recently, the SDF and the YPG were almost exclusively funded, trained and armed by the US through its Special Operations Forces units on the ground in northern Syria. US Special Operations Forces were also behind the creation in 2014 of the SDF’s most feared force, the Anti-Terror Units. Known in Kurdish as Yekîneyên Antî Teror‎, these units have been trained by the US in paramilitary operations and are tasked with targeting Islamic State sleeper cells.

As of this week, however, the SDF and all of its US-trained militias have switched their allegiance to the Russia-backed government of Syrian President Bashar al-Assad. The dramatic move followed the decision of the White House earlier this month to pull its Special Operations Forces troops from norther Syria, effectively allowing the Turkish military to invade the region. According to the American defense news website Military Times, US Pentagon officials are now worried that the SDF may surrender to the Russians a long list of secrets relating to US Special Operations Forces’ “tactics, techniques, procedures, equipment, intelligence gathering and even potentially names of operators”.

One former US defense official told The Military Times that SDF “may be in survival mode and will need to cut deals with bad actors” by surrendering US secrets. Another source described this scenario as “super problematic” and a symptom of the absence of a genuine American strategy in the wider Middle East region. The website also cited US Marines Major Fred Galvin (ret.), who said that Special Operations Forces tend to reveal little about themselves and their capabilities when working with non-US actors. However, this is uncharted territory for them, said Galvin, since “we’ve never had a force completely defect to an opposition like this before”.

Author: Joseph Fitsanakis | Date: 16 October 2019 | Permalink

Trump thought Erdoğan was “bluffing” about invading Syria, sources claim

Turkey SyriaSenior White House officials close to United States President Donald Trump believed that Turkish President Recep Tayyip Erdoğan was bluffing when he threatened to invade northern Syria, according to sources. For over two years, most of northern Syria has been controlled by American-supported Kurdish militias, who were instrumental in helping Washington defeat the Islamic State. But the growing strength of the Kurdish forces alarmed Turkey, which views Kurdish nationalism as a bigger threat than the Islamic State.

Since 2016, Ankara repeatedly threatened to invade northern Syria and disarm the Kurdish groups, which it sees as terrorist. It had refrained from doing so due to the presence of American troops in the area. However, according to news website Axios, key officials in the Trump White House were convinced that Turkish President Erdoğan would not have his troops invade northern Syria even if the American forces pulled out. In making this claim, the website cites six unnamed sources “with direct knowledge of the situation”, some of whom were allegedly “in the room with the two leaders and had access to their phone calls going back several years.

In one of these phone calls, which took place in 2017, President Erdoğan allegedly informed the US leader of his government’s intention to “move in to take care of the Kurdish threat” in northern Syria. But President Trump cautioned him about making such a daring move. He reminded the Turkish leader that, by invading northern Syria, Turkey would become responsible for the tens of thousands of Islamic State supporters and their families who are kept in detention camps. Ankara would also face mass international condemnation and possible sanctions from the United States and Europe. Moreover, the US-trained and -supplied Kurdish forces would arguably create a military quagmire for Turkish troops in the region. At that point Turkey “would own” the problem and would not be able to “come to [the US] for help”, according to Trump.

The Axios report claims that, until last week, the White House thought that “Erdoğan would never actually go through with his long-threatened Syria invasion”, because doing so would be detrimental to Turkish interests in the region. Based on that conviction, President Trump finally decided to call Erdoğan’s bluff by pulling American Special Forces troops out of northern Syria, in the belief that Tukey’s response would amount to nothing further than a few airstrikes and small-scale cross-border incursions. That belief was behind the White House’s surprise decision to suddenly pull its troops from northern Syria, according to Axios’ sources.

The report did not mention whether the US Intelligence Community’s reports to the White House concurred with the US President’s conviction that Turkey would not invade northern Syria even in the absence of US troops. The question is, in other words, did Trump made up his mind about Erdoğan’s intentions to invade northern Syria because, or despite the conclusions of his own Intelligence Community?

Author: Joseph Fitsanakis | Date: 15 October 2019 | Permalink

Mossad chief comments on policy of assassinations in rare interview

Yossi CohenYossi Cohen, the chief of the Mossad —Israel’s main external intelligence agency— said he has authorized “more than a few” assassinations during his tenure and warned that more may be on the way. Cohen, 57, who took command of the Mossad in 2016, spoke last week to Mishpacha, a magazine aimed at ultra-orthodox Jews. His comments were covered widely by Israeli media over the weekend.

Cohen was asked to respond to recent allegations made by the Iranian government that Israel worked with “Arab countries” to assassinate General Qassem Suleimani, the head of the Quds Force, an elite paramilitary unit in Iran’s Islamic Revolutionary Guard Corps (IRGC). Suleimani claimed that several individuals were arrested last month in connection with the alleged plot. He also said that Israel tried to kill him and Hassan Nasrallah, leader of the Lebanese Hezbollah group, in 2006.

The head of the Mossad told Mishpacha that Suleimani had not “necessarily committed the mistake yet that would place him on the prestigious list of Mossad’s assassination targets”. However, “he knows very well that his assassination is not impossible” because “the infrastructure he built presents a serious challenge for Israel”, said Cohen. Regarding Nasrallah, Cohen said that the Hezbollah strongman “knows we have the option of eliminating him”. When asked why the Mossad had not exercised that option, Cohen said he preferred not to answer.

In regards to Hamas, the Palestinian militant group that controls the Gaza Strip, Cohen admitted that the Mossad has been behind a string of assassinations of Hamas officials around the world in recent years. “If there is one target that we eliminate without hesitation, it is Hamas officials abroad. [These range] from local agents to those who manage acquisitions of weapons pointed towards Israel”, said Cohen. He added that there had been “more than a few assassinations” in recent years, but not all were admitted to by Hamas. “The enemy has changed tactics. It is not quick to attribute assassination to us, for its own reasons”, said the Mossad chief.

Author: Joseph Fitsanakis | Date: 14 October 2019 | Permalink