Ukraine war prompts European Union to overhaul counter-surveillance practices

European Commission buildingTHE POLITICAL FALLOUT OF the Russian invasion of Ukraine is prompting the European Union (EU) to radically upgrade the security of its facilities, according to a series of internal memoranda. On July 14, the EUObserver, an EU-focused news agency based in Brussels, said it had seen an internal EU document that describes the creation of a new anti-surveillance unit. The unit’s mission will reportedly center on providing security for closed-door EU meetings, using counter-measures standards employed by the North Atlantic Treaty Organization (NATO).

According to EUObserver, EU member states have agreed to establish a so-called “CSC-TSCM Expert Group,” which will spearhead the formation of this new unit. In security parlance, TSCM stands for technical security counter-measures, a method of counter-surveillance. In their most basic form, TSCM operations are carried out by teams of technical experts trained in the use of anti-bugging equipment. These are able to detect radio emissions, which are generated by most surveillance devices —commonly referred to as ‘bugs’.

The internal memorandum stipulates that the “CSC-TSCM Expert Group” will be officially set up after July 25. It will consist of experts from several EU states. The resulting unit’s mission will be to “prevent, detect and potentially neutralise eavesdropping of information in any physical or electronic form,” the memorandum states. Counter-measures operations will include regular inspections of “facilities and vehicles and the protection of classified meetings” in buildings that house the EU Council, EU Parliament, and the European Commission.

The forthcoming formation of the “CSC-TSCM Expert Group” appears to be closely linked to news, published earlier this month, relating to the construction of a new facility. The new facility is described in the media as an EU “secure bunker.” According to the EUObserver, the €8 million ($8.07 million) enclosed space will operate as a designated EU sensitive compartmented information facility (SCIF). The term denotes a secure area within a larger building, which is used to discuss sensitive topics and process classified information. Read more of this post

Newspaper discloses names of Russian alleged spies expelled from Belgium

Russian embassy in BelgiumA BRUSSELS-BASED NEWSPAPER has publicized the names and backgrounds of nearly two dozen Russian diplomats, who were recently expelled by the Belgian government on suspicion of espionage. A total of 21 Russian diplomats were expelled from Belgium in April, in co-ordination with dozens of European governments. The move was part of a broader European wave of diplomatic expulsions of Russian diplomatic personnel, in response to the Russian invasion of Ukraine.

Like other governments in Europe, the Belgians carried out the expulsions of Russian diplomats in secret, and employed a “no comment” policy in response to media requests. Such an approach is customary when it comes to diplomatic expulsions. It allows the government ordering the expulsions to expect a similar level of discretion if and when its own diplomats are expelled in a possible tit-for-tat move by an adversary. It is therefore highly unusual for information concerning expelled diplomatic personnel to be made public. And yet that is precisely what happened earlier this week, when the EUObserver, an English language newspaper based in Brussels, published information about the names and backgrounds [PDF] of the 21 expelled Russian diplomats. The paper said the information was leaked by a source, but did not elaborate.

According to the newspaper, all 21 expelled diplomats were men. It further alleged that 10 of them were intelligence personnel of the Main Directorate of the Russian Armed Forces’ General Staff. A further nine diplomats worked for the Foreign Intelligence Service (SVR, Russia’s equivalent to the United States Central Intelligence Agency), while two were employees of the external service of the Russian Federal Security Service (FSB). Most were in their 40s, though at least one was in his early 60s and one was in his late 20s. The EUObserver said that some of the information about the alleged spies was unearthed by The Dossier Center, a British-based open-source information outlet, which is similar to Bellingcat. The Dossier Center is funded by the oligarch Mikhail Khodorkovsky, who is a critic of the Russian President Vladimir Putin. Read more of this post

The secret behind al-Shabaab’s longevity: A formidable spy wing

Al-Shabaab SomaliaMORE THAN HALF OF all terrorist groups fail within a year, while 95 percent of them are extinct within a decade. Yet al-Shabaab, Somalia’s al-Qaeda-affiliated terrorist outfit, has been projecting strength in the Horn of Africa for over 15 years, despite having faced much stronger opponents. Today, with an operational presence in both Somalia and Kenya, the group maintains a force of between 5,000 and 10,000 full-time fighters. Pointing to its longevity, some observers view it as the most successful terrorist group of the 21st century.

What accounts for al-Shabaab’s endurance? According to a recent article by researcher Zakarie Ahmed Nor kheyre, the secret rests with the group’s sophisticated intelligence wing, the Amniyat. Nor kheyre’s article, entitled “The Evolution of the Al-Shabaab Jihadist Intelligence Structure”, was published on Friday in the peer-reviewed journal Intelligence and National Security. The author argues that counter-terrorism researchers have been focusing on al-Shabaab’s operational, logistical and financial capabilities, to the detriment of its formidable intelligence wing. The latter, Nor kheyre claims, has been a priority of al-Shabaab for years, and is today more efficient that the Somali federal government’s own intelligence agency, the National Intelligence and Security Agency (NISA). He quotes one Somali insider who exclaims that “without Amniyat, al-Shabaab would be nothing”. Read more of this post

An assessment of Russia’s espionage network in Switzerland

Russian embassy SwitzerlandSINCE LATE FEBRUARY, WHEN Russian troops invaded Ukraine, over 500 Russian diplomats have been expelled from Western countries. Even former Russian allies have contributed to the growing list of expulsions —most recently Bulgaria, which ousted a near-unprecedented 70 Russian diplomats last week, citing espionage concerns. Amidst that sea of expulsions, Switzerland remains an island. It is among the few European countries that have yet to officially expel Russian diplomats. Abiding by its centuries-old policy of neutrality, it has resisted calls to take sides in the intelligence war between the West and Russia.

“No-Questions-Asked” Approach to Espionage

Russia has been able to take advantage of Switzerland’s neutrality policy since February. Instead of returning to Moscow, at least some of the expelled Russian diplomats have been reposted to Switzerland. They continue to operate there under a “no-questions-asked” policy, which has prevailed since the days of the Cold War. For this and other reasons (i.e. proximity to prime intelligence targets, safety, advanced telecommunications systems), Switzerland has been a major intelligence hub for decades. According to the Nachrichtendienst des Bundes (NDB), Switzerland’s Federal Intelligence Service, the past few years have witnessed higher levels of activity by foreign intelligence services than any other period since the Cold War.

Russia’s Intelligence Presence in Switzerland

During that time, Russia has been able to build a pan-European espionage hub in the small alpine state. That is the conclusion of a report by Jonas Roth, which was published last week in the Neue Zürcher Zeitung (NZZ), Switzerland’s newspaper of record. The report, entitled “So Spioniert Russland in der Schweiz” (“How Russian spies operate in Switzerland”), features commentary by several experts and government officials. One source tells Roth that, despite the intense diplomatic pressure Russia has faced globally since February, its espionage structures in Swiss cities like Geneva and Bern “are still intact”.

How many Russian intelligence officers are currently operating in Switzerland? According to the report, at least a third of Russia’s 220-strong diplomatic presence in the country consists of intelligence officers. These 70 or so intelligence officers represent all three of Russia’s primary intelligence agencies, namely the Foreign Intelligence Service (SVR), the Main Directorate of the Armed Forces’ General Staff (GRU), and the Federal Security Service (FSB). Officers from these agencies handle an unknown number of informants and agents; these are Swiss or third-country nationals, who provide the Russians with intelligence on a regular basis. Special activities are carried out by Russian intelligence personnel who travel to Switzerland on an ad hoc basis. Read more of this post

Despite expectations, a cyber-blitz has not occurred in Ukraine. Experts explain why

Russian invasion of Ukraine IN THE OPENING STAGES of the Russian invasion of Ukraine, there was a widespread expectation among security experts that the world would witness a new chapter in the history of cyber-warfare: something akin to carpet-bombing in cyberspace. These fears, however, have not materialized. Although cyber-attacks have occurred on both sides, their scale has remained markedly modest. Consequently, their effect has been limited and has had no traceable strategic impact on the conflict.

Why is that? According to two experts, Nadiya Kostyuk, assistant professor at Georgia Tech’s School of Cybersecurity and Privacy, and Aaron Brantly, assistant professor and director of Virginia Tech’s Tech4Humanity Lab, the reasons partly relate to how nation-states form cyber-alliances, as well as to Russia’s overall approach to this war. The two experts attempt to forensically analyze this topic in their article entitled “War in the Borderland Through Cyberspace: Limits of Defending Ukraine Through Interstate Cooperation”, which was published on June 29 in Contemporary Security Policy.

Does the Improved Cyber-Defense Argument Stand to Reason?

In their article, Kostyuk and Brantly systematically scrutinize a number of reasons that other experts have proposed to explain the absence of a major cyber-war campaign by Russia. Among them is the view that Ukraine significantly improved its cyber-defenses after 2015, when it began collaborating closely with Western countries —notably the United States and the United Kingdom. Specially designated “cyber-warfare teams” from these countries have been helping Ukraine in tasks ranging from “the synchronization of [its] cyber-related legislation” with Western standards, as well as aligning them with NATO standards, so that Ukrainian cyber-warfare units can make use of advanced technologies and systems. Could it be, therefore, that Ukraine has improved its cyber-security posture enough to be able to defend itself against relentless Russian cyber-attacks?

That is unlikely, say the authors, given that “Ukraine’s cyber capabilities are still organizationally and operationally under- developed” in comparison to Russia’s. That is exacerbated by the endemic corruption and clientelism (the creation of patronage networks) in Ukraine, as well as by the bitter in-fighting between government agencies —notably the Ministry of Defense and the Security Service of Ukraine. It should not go without notice, Kostyuk and Brantly note, that the Ukrainian government sought frantically to develop a “volunteer cyber-army” on an ad hoc basis to defend the nation in the first days of the Russian invasion. That did not exactly instill trust in the country’s level of preparation to withstand a cyber-campaign by Moscow. Read more of this post

Can one ever truly leave the Russian intelligence services? It depends, says expert

Kremlin, RussiaRUSSIANS ARE AWARE OF the phrase “there is no such thing as a former chekist”. The term “chekist” dates from the Bolshevik-era All-Russian Extraordinary Commission (VChK, pronounced “cheka”), which was formed in 1917 as the first Soviet-era state security agency. By the 1940s, intelligence posts had come to be seen as life-long relationships between chekists and the Soviet government, which continued even after one’s retirement. In the words of Joseph Stalin, “[a] chekist has only two paths: toward promotion or to prison”. Is that still the case? It depends on who you ask, says Dr. Kevin Riehle, a 30-year counterintelligence veteran with the United States government, who now teaches at the University of Mississippi’s Center for Intelligence and Security Studies.

Riehle, author of Soviet Defectors: Revelations of Renegade Intelligence Officers, 1924-1954 (Edinburgh University Press, 2022), discusses this topic in an article published earlier this month in The International Journal of Intelligence and CounterIntelligence. The article, entitled “Post-KGB Lives: Is There Such a Thing as a Former Chekist?”, examines this concept with reference to three Russian intelligence agencies, all of which trace their origins to the Soviet-era Cheka —namely the Foreign Intelligence Service (SVR), the Federal Security Service (FSB), and the Federal Protective Service (FSO).

The author explains that the history of chekist organizations is replete with examples of officers, especially those with military backgrounds, who “received post-separation jobs with no apparent obligation to continue cooperation with the [intelligence] service[s]”. However, since the rise of Vladimir Putin to the Russian presidency, the Kremlin has imposed tight restrictions on the post-retirement activities of former intelligence personnel. As of 2019, such former personnel are not permitted to leave Russia for any reason for five years following their retirement. There is another category of Putin-era intelligence retirees, who enter careers in business or politics. Many of them maintain their intelligence contacts and “continue to fulfil service requirements” while displaying a sense of pride for their government service. This often results in business or political advantages, notes Riehle. Read more of this post

Analysis: HUMINT insights from the Muller/Cherkasov case

AIVD HollandAT A TIME WHEN dozens of countries are routinely expelling record numbers of Russian intelligence officers, news of the unmasking of yet another Russian spy is barely newsworthy. However, the case of Sergey Cherkasov/Victor Muller is different. That is because, unlike the vast majority of Russian spies with blown covers, he did not operate under diplomatic protection. This is not necessarily uncommon —in fact, there are probably dozens of Russian case officers operating internationally without diplomatic cover. What is unusual is that one of them has been publicly unmasked. What is more, the case offers some interesting pointers for those interested in contemporary human intelligence (HUMINT).

The Facts

According to the Netherlands General Intelligence and Security Service (AIVD), which publicized the case last week, a man using a Brazilian passport attempted to enter Holland in April of this year. His passport had been issued under the name Victor Muller Ferreira, allegedly born to an Irish father and a Spanish-speaking mother in Niteroi (near Rio de Janeiro) on April 4, 1989. However, according to the AIVD, the man’s real name is Sergey Vladimirovich Cherkasov, a citizen of Russia, who was born on September 11, 1985. Based on the information released by Dutch intelligence, Cherkasov is an intelligence officer of the Main Directorate of the Russian Armed Forces’ General Staff, which is commonly known as the GRU.

The AIVD claims that the reason for Cherkasov’s visit to the Netherlands was to join the International Criminal Court (ICC) in The Hague, as a paid intern. He eventually planned to transition into full-time employment in the ICC, where he “would be highly valuable to the Russian intelligence services”. The AIVD reportedly notified the Dutch Immigration and Naturalization Service, which detained Cherkasov upon his arrival at Amsterdam’s Airport Schiphol. The Dutch government declared the alleged GRU officer persona non grata and promptly expelled him back to Brazil “on the first flight out”.

Cherkasov’s Cover and Legend

Cherkasov arrived in Holland with a cover, a term that refers to a fake operational identity used for purposes of espionage. It is unlikely that his cover was natural, meaning that he is probably not Brazilian by birth —though it is possible that at least one of his parents was/is not Russian by birth. What is more likely is that Cherkasov’s cover is contractual, meaning that it was crafted especially for him by the GRU after he was hired as an intelligence officer. This likely happened as many as 10 years ago, when Cherkasov was in his early 20s. Read more of this post

Dutch intelligence disrupts Russian effort to infiltrate International Criminal Court

International Criminal CourtON JUNE 16, THE Dutch General Intelligence and Security Service (AIVD) announced that it prevented a Russian military intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The ICC is of interest to the GRU because it investigates possible war crimes committed by Russia in the Russo-Georgian War of 2008 and more recently in Ukraine.

The GRU officer reportedly traveled from Brazil to Schiphol Airport in Amsterdam in April 2022, using a Brazilian cover identity, making him a so-called “illegal”. This means the intelligence operative was not formally associated with a Russian diplomatic facility. He allegedly planned to start an internship with the ICC, which would have given him access to the ICC’s building and systems. This could have enabled the GRU to collect intelligence, spot and recruit sources, and possibly influence criminal proceedings inside the ICC.

On his arrival at Schiphol, the AIVD informed the Dutch Immigration and Naturalization Service (IND), after which the officer was refused entry to the Netherlands and put on the first plane back to Brazil as persona non grata. The AIVD assessed the officer as a “potentially very serious” threat to both national security and the security of the ICC and Holland’s international allies, due to his access to the organization.

In a first-ever for the AIVD, the agency also released the contents of a partially redacted 4-page document that describes the “extensive and complex” cover identity of the officer. It was originally written in Portuguese, “probably created around mid-2010” and “likely written” by the officer himself. According to the AIVD, the information provides valuable insight into his modus operandi. The cover identity hid any and all links between him and Russia. According to the AIVD, the construction of this kind of cover identity “generally takes years to complete”.

In the note accompanying the document, the AIVD says that Russian intelligence services “spend years” on the construction of cover identities for illegals, using “information on how other countries register and store personal data”. Alternatively, they illegally procure or forge identity documents. Information in the cover identity “can therefore be traceable to one or more actual persons, living or dead” as well as to forged identities of individuals “who only exist on paper or in registries of local authorities”.

AuthorMatthijs Koot | Date: 17 June 2022 | Permalink

Is there such a thing as female HUMINT? New research highlights understudied topic

Female Engagement TeamALTHOUGH INTELLIGENCE IS A traditionally male-dominated profession, the integration of women into the field has grown exponentially in our time. The area of human intelligence (HUMINT), i.e. the use of human handlers to extract secrets through the use of human agents, is among the areas of the profession that remain most resistant to the incorporation of women. Now new research from Germany is shedding light into the understudied topic of female approaches to HUMINT.

In an article published earlier this month in the International Journal of Intelligence and CounterIntelligence, Stephan Lau and Farina Bauer ask a number of important questions about the effective inclusion of women in HUMINT. The article is entitled “What About Her? Increasing the Actionability of HUMINT in Paternalistic Cultures by Considering Female Intelligence”. Lau is a member of the Faculty of Intelligence at the Federal University of Administrative Sciences in Berlin. Bauer, who holds a Master’s degree from the University of the Armed Forces in Munich, is a female HUMINT practitioner with Germany’s Bundeswehr (Federal Defense).

The article contains insights from Bauer’s experience as a HUMINT operative. It also shares data from surveys and interviews with 40 military HUMINT operatives in the Bundeswehr, who have served in male-dominated collection environments, such as Afghanistan, Iraq and Kosovo. A central question the authors focus on is “whether there is a gender-sensitive perspective regarding women as targets as well as females as operators in these theaters”. In attempting to answer that question, Lau and Bauer elaborate on the concept of “female intelligence collection”, namely “a gender-sensitive perspective in intelligence collection planning that not only recognizes females as targets of collection but also considers females as operatives”. This concept was partly behind the creation of female engagement teams (FETs), which have been pioneered in Afghanistan by American and other Western Special Operations Forces units in order to engage with local women.

The authors conclude that, despite the growth of FETs in the past decade, female targets in paternalistic societies remain “both untapped (i.e., not yet a standardized part of mission planning) and harder for operators to access”. Moreover, they recommend that FETs should not be the centerpiece of female intelligence collection, because it isolates women in the broader HUMINT environment and fails to combine male and female collection capabilities. They argue that “[f]emale-only teams are not the right answer to reform a male-dominated profession”. Instead, they propose the “integration of female and male operators in the same units by creating and supporting mixed teams”. These teams, they argue, would “increase the actionability of intelligence collection entities, even beyond military intelligence”.

Author: Joseph Fitsanakis | Date: 13 June 2022 | Permalink

Many see Israel behind May 22 killing of Iranian paramilitary leader in Tehran

IRGC IranA GROWING NUMBER OF security observers point to Israel as the most likely culprit behind the assassination of a leading member of the Islamic Revolutionary Guard Corps (IRGC), Iran’s powerful paramilitary force. Brigadier General Hassan Sayyad Khodaei, who was killed in broad daylight in Tehran on May 22, served as deputy director of the Quds Force, a major branch of the IRGC. The mission of the Quds Force is to carry out unconventional warfare, especially in support of IRGC operations against adversaries abroad.

Observers regularly describe the IRGC as a ‘praetorian guard’ that operates inside Iran’s governing apparatus. Today the IRGC is a military force with a command structure that is distinct from Iran’s regular Armed Forces. It maintains its own army, navy and air force, has its own paramilitary and political protection units, and oversees Iran’s nuclear program. The IRGC’s weapons development falls under the duties of the Quds Force, in which Khodaei was a leading figure. He was also known to have been closely mentored by IRGC Commander Qasem Soleimani, who was assassinated by the United States in 2020.

Kodaei was assassinated in broad daylight on May 22, as he was heading home from his office in downtown Tehran, located a few blocks from the main building of Iran’s Consultative Assembly. According to eyewitness reports, Kodaei’s vehicle was rapidly approached by two individuals riding on a motorbike. They sped away seconds after shooting Kodaei five times, killing him almost instantly. The entrance to the street where Kodaei was attacked was allegedly blocked by a white van, which also sped away following the shooting.

Israel is known for carrying out assassinations of Iranian officials using motorbikes, which can move with relative ease in the congested streets of Tehran. IntelNews regulars will recall that Israeli intelligence claimed last month to have detained and interrogated an alleged Iranian assassin named Mansour Rasouli. A video of his alleged testimony emerged, which was reportedly filmed at a Mossad safehouse somewhere in Iran. Meanwhile, Kodaei’s assassins remain at large.

Author: Joseph Fitsanakis | Date: 25 May 2022 | Permalink

In rare move, Israel identifies special operations officer killed in Gaza Strip raid

IDF Gaza Strip HamasIN A RARE MOVE, Israel released the identity last weekend of a special operations officer who was killed by Islamic Hamas during a 2018 covert mission in the Gaza Strip. As intelNews reported at the time, an undercover team of Israeli operatives was exfiltrated by helicopter from Gaza on November 11, 2018. The exfiltration took place after the Israelis were spotted by members of the Izz ad-Din al-Qassam Brigades, which is part of Hamas’ armed wing.

The incident was followed by a barrage of nearly 500 rockets and mortars fired from the Gaza Strip into Israel. The Israelis responded by firing more than 160 missiles that fell throughout the Palestinian enclave. Hostilities were halted on November 13, when Hamas declared a unilateral ceasefire brokered by Egypt. The incident prompted the resignation of Israel’s Defense Minister, Avigdor Liberman. At the time, the Israel Defense Forces, which were behind the botched operation, refused to comment on the team’s mission, admitting only that its troops “operated […] in the Gaza Strip”.

It was said at the time that the members of the undercover team were dressed in civilian clothes and that at least two of them were disguised as women. After entering Gaza in a civilian Volkswagen vehicle, they drove to Khan Yunis, a city in the south of the Strip, near the Egyptian border. It was there that they were discovered by the al-Qassam Brigades, who stopped them at a checkpoint, asking for identification. The Israeli team opened fire using a silenced gun. Following a high-speed car chase, the Israelis left via helicopter. Their abandoned Volkswagen car was then blown up by an Israeli fighter jet.

On Sunday, the IDF declassified the name of the fallen officer. It also released a photograph of the man, who has been identified as Lt. Col. Mahmoud Kheir el-Din, 41, from Galilee. A member of Israel’s Druze community, el-Din served in the Mista’arvim, a counter-terrorism unit of the IDF’s Special Operations division that is trained to capture or assassinate targets in enemy territory. El-Din joined the IDF’s Special Operations division in 2002, after having served as a platoon commander.

The IDF also provided limited details about the botched operation that led to el-Din’s death. It claims that el-Din “physically confronted” one of the Hamas operatives, thus giving another one of the Israeli soldiers the opportunity to open fire and kill seven Hamas members. El-Din was killed during the shootout, according to the IDF. The Israeli government said the decision to release el-Din’s identity was coordinated with his family. It added, however, that it does not plan to release further details about the botched operation.

Author: Ian Alen | Date: 17 May 2022 | Permalink

West German intelligence infiltrated Adolf Eichmann trial in Israel, documents show

BND GermanyWEST GERMAN SPIES INFILTRATED the trial of Adolf Eichmann, one of the architects of the Holocaust, in order to limit its damage on the reputation of senior West German politicians who had a Nazi past. Eichmann was the lead author of the system of mass deportation of Jews from ghettos in Nazi-occupied Europe to extermination camps, where millions of them were brutally killed. In 1960, after years of hiding, he was captured in Argentina by agents of the Mossad, Israel’s covert-action agency, and secretly transported to Israel, where he was put to trial and eventually hanged.

Since 2011, new files on the West German response to Eichmann’s abduction and trial have been uncovered by the Independent Commission of Historians to Research the History of the Federal Intelligence Service, 1945-1968. The Independent Commission consists of professional historians, who have been granted near-complete access into the archives of Germany’s Federal Intelligence Service (BND). Known as Bundesnachrichtendienst, the BND conducts foreign intelligence, making it Germany’s equivalent of the United States Central Intelligence Agency. The project has been praised as a rare case of openness and transparency in historical research into the activities and operations of a still-functioning intelligence agency.

Led by Professor Klaus-Dietmar Henke, the Independent Commission has published 15 volumes of research on the BND. The latest release concerns (among other things) Hans Globke, a senior official in Germany’s Nazi-era Ministry of the Interior, who was eventually appointed to the Office for Jewish Affairs. From that post, Globke helped draft the legislation, known as the Nuremberg Race Laws of 1935. These laws gave legal sanctuary to the exclusion of Germany’s Jewish population from political, commercial and other social activity. The same laws were eventually used to confiscate assets belonging to Jewish German citizens.

After the war, Globke closely aligned himself with the British forces and became testified as a witness in the prosecution of senior Nazi war criminals. He rebuilt his political career, initially on the local level, and eventually as Chief of Staff to the Office of the Chancellor of West Germany. He also served as West Germany’s Secretary of State, promoting a pro-Atlanticist foreign policy that closely aligned Western Germany with the United States.

According to the latest release by the Independent Commission, Globke tasked the BND with infiltrating Eichmann’s trial, in order to limit the details exposed about the Nazi government during the trial proceedings. The primary goal of the operation, according to the new information, was to prevent even the mention of Globke’s name during Eichmann’s trial. If that was not achieved, the aim was to protect Globke’s reputation and shield the public from details about his Nazi past, especially relating to the Holocaust.

When asked about the revelation, a spokesperson for the BND refused to comment on it, saying only that “the draft results of the independent historical commission speak for themselves”. A spokesperson for the German federal government appeared to reject a call to withdraw a number of civilian medals and other honors that Globke was bestowed prior to his death. According to the spokesperson, German law does not have provisions for “posthumous withdrawal” of awards.

Author: Joseph Fitsanakis | Date: 16 May 2022 | Permalink

In rare speech, Australian intelligence chief stresses urgent need to recruit more spies

Paul SymonAUSTRALIAN INTELLIGENCE MUST recruit foreign spies with more urgency than at any time since the opening years of the Cold War, according to the head of Australia’s main foreign intelligence agency. Paul Symon, director of the Australian Secret Intelligence Service (ASIS), was speaking at a public event to mark the 70th anniversary of the organization’s history. It was a rare public speech by the head of Australia’s secretive main foreign intelligence service.

Symon’s talk was hosted in Sydney by the Lowy Institute, an independent Australian think-tank that focuses on international affairs. During his talk, which was made available afterwards on the Lowy Institute’s website, Symon spoke about a range of issues relating to Australia’s geopolitical priorities and their connection to intelligence operations. He told the audience that the primary task of ASIS, which is to recruit foreign subjects to spy on behalf of Australia, remained as crucial as ever.

He added, however, that a growing number of pressing concerns made “the need to recruit new spies” more essential than ever before. According to Symon, ASIS needs to “recruit and work with even more vigor and urgency than at any other point in our 70-year history”. In this task, China remains a strategic focus for ASIS, given its role in the region. Symon claimed there were signs that increasing numbers of Chinese state “officials [and] individuals” were “interested in a relationship” with ASIS. This was because many Chinese are becoming concerned about what he described as the rise of “an enforced monoculture” in China, and wish to stop it, said Symon.

Later in his speech, the ASIS director touched in broad terms on the challenge posed by technology on human intelligence (HUMINT) operations, in which ASIS specializes. He described these challenges as “extraordinary”, and said they resulted from an interaction between “a complex strategic environment [and] intensified counter-intelligence efforts” by Australia’s adversaries, as well as a host of “emergent and emerging technologies”. These technologies are in many ways posing “a near-existential” risk to the types of HUMINT operations carried out by ASIS, as the organization’s collection activities run the risk of becoming “increasingly discoverable”, said Symon.

Author: Joseph Fitsanakis | Date: 10 May 2022 | Permalink

Mystery blasts, fires, prompt rumors of sabotage campaign inside Russia (updated)

Kremlin, RussiaA SERIES OF LARGE-scale incidents of destruction, which have been occurring across Russia in recent days, are prompting speculation that the county may be experiencing a wave of attacks against its strategic infrastructure. The incidents include enormous fires at power plants, munition depots and state-owned storage facilities. The collapse of at least one railway bridge has also been reported. There are additional reports of massive wildfires raging across Siberia, which are imposing heavy demands on Russia’s emergency response infrastructure.

On April 21, a massive blaze engulfed the Central Research Institute for Air and Space Defense of the Russian Defense Ministry in Tver, a city located around 120 miles northwest of Moscow. According to Associated Press, which reported the news about the fire, the institute “was involved in the development of some of the state-of-the-art Russian weapons systems, reportedly including the Iskander missile”. By next morning, at least 17 people were believed to have died as a result of the fire.

Late last week, the Sakhalinskaya GRES-2 power station, a vast 120-megawatt coal-fired power plant in Russia’s far-eastern Sakhalin province, went up in flames, giving rise to persistent rumors of sabotage. On May 1, Russian state-owned news agencies reported that a railway bridge in the western province of Kursk, 70 miles from the Ukrainian border, had been destroyed. Analysts at the Washington-based Atlantic Council think tank claimed that the bridge had been used extensively by the Russian military to transport equipment to eastern Ukraine. Later on the same day, a cluster of fuel-oil tanks in Mytishchi, a mid-size city located northeast of Moscow, were completely destroyed by a fast-spreading fire.

On May 2, a munitions factory in Perm, a major urban center in western Siberia, was hit by a “powerful” explosion. Ukrainian government officials hinted at sabotage in social media posts, though no proof has been provided, and the Kremlin has not commented on the matter. On the following day, the Prosveshchenie publishing house warehouse in Bogorodskoye, northeast of Moscow, was destroyed by a massive fire. The warehouse belongs to Russia’s state-owned publisher of school textbooks. The fire occurred almost simultaneously as another fire engulfed a polyethylene waste storage facility in the central Siberian city of Krasnoyarsk.

Meanwhile, the sprawling forests that surround Krasnoyarsk and other Siberian urban centers are experiencing seasonal wildfires of near-unprecedented scale. Some early reports claimed that the Russian government was finding it difficult to contain these fires, because the country’s emergency response personnel has been sent to the frontlines of the war in Ukraine. But these reports were denied by Russia’s Ministry of Emergency Situations, which claimed earlier this week that the fires were mostly under control.

Author: Joseph Fitsanakis | Updated: 09 May 2022 | Research credit: M.R. | Permalink

Newly discovered cyber-espionage group spies for money using state-actor methods

Computer hackingA NEWLY DISCOVERED CYBER-espionage group appears to target the senior leadership of private corporations involved in large-scale financial transactions, but employs skills and methods that are usually associated with state-sponsored threat actors. The group has been termed “UNC3524” by the American cybersecurity firm Mandiant, which says it discovered it in December of 2019. In a detailed blog post published earlier this week, a team of cyber-security researchers at Mandiant say they have been studying the group for over two years, and have been surprised by their findings.

Given its targets, as well as the information it goes after, there is little doubt that UNC3524 is interested in financial gain. However, its operational profile differs markedly from those of other financially oriented hacker groups, according to Mandiant. Its sophisticated approach to espionage demonstrates aspects that are typically associated with government-sponsored intelligence operations. Notably, UNC3524 operatives take their time to get to know their targets, and are not in a hurry to exploit the online environments they penetrate. Mandiant reported that UNC3524 attacks can take up to 18 months to conclude. In contrast, the average financially-motivated cyber-espionage attack rarely lasts longer than three weeks.

Additionally, UNC3524 operatives make a point of maintaining an extremely stealthy and low-key online profile, and have even developed a series of novel exploitation techniques, which Mandiant has termed “QuietExit”. The latter appear to focus on exploiting Internet of Things (IoT) devices that are typically found in corporate settings, but are not protected by traditional anti-virus systems. Once they penetrate the digital environment of their target, UNC3524 operatives meticulously build sophisticated back-doors into the system, and are known to return sometimes within hours after they are detected and repelled.

Interestingly, UNC3524 operatives do not waste time on low-level employees of targeted corporations. Once inside, they go straight for executive-level targets, including those in corporate strategy and development, mergers and acquisitions, and even information security. Mandiant says a few other actors, notably Russian-linked groups like Cozy Bear, Fancy Bear, APT28 or APT29, are also known to operate with such high-level targets in mind. However, there is little other operational overlap between them and UNC3524, the blog post claims.

Author: Joseph Fitsanakis | Date: 04 May 2022 | Permalink

%d bloggers like this: