Main suspect in potentially momentous hacker-for-hire case seeks plea deal in NY

Computer hacking

IN A DRAMATIC CASE, described by observers as “unusual”, a suspect in a hacker-for-hire scheme of potentially global proportions has told United States government prosecutors he is ready to discuss a plea deal. The case centers on Aviram Azari, a highly sought-after private detective who served in an Israeli police surveillance unit in the 1990s before launching a private career in investigations.

Azari was arrested in Florida in 2019 during a family vacation, and was shortly afterwards indicted in New York on charges of aggravated identity theft, conspiracy to commit computer hacking, and wire fraud. These charges reportedly date back to 2017 and 2018. Azari’s alleged objective was to target carefully selected individuals in order to steal their personal information, including email usernames and passwords. Last year, The New York Times reported that the case against Azari is connected with a potentially massive hacker-for-hire scheme code-named DARK BASIN.

Further information about DARK BASIN was published by Citizen Lab, a research unit of the University of Toronto’s Munk School of Global Affairs and Public Policy, which focuses on information technology, international security and human rights. It said DARK BASIN was orchestrated by an India-based firm called BellTroX InfoTech Services. It also claimed that the company is one of a number of hacker-for-hire firms based in India. These companies are said to be employed by private detectives in Western countries, who are usually hired by large multinationals or wealthy individuals.

Accordingly, the targets of DARK BASIN activities appear to have been investment firms based in the US and elsewhere, as well as government officials, pharmaceutical companies, lawyers, large banks, and even environmental activists who campaign against large multinationals. Additionally, some of DARK BASIN’s thousands of targets appear to be people involved in high-stakes divorce proceedings. Perhaps more alarmingly, among DARK BASIN’s targets are journalists around the world, who seem to have been targeted systematically in efforts to reveal their sources of information.

Azari has pleaded not guilty. But the fact that he his lawyer has now communicated his client’s desire to seek a plea deal with US government prosecutors may be a major game-changer in this case, which may have global ramifications. The Reuters news agency, which reported the latest developments on this case this week, said it reached out to the US Attorney’s Office in Manhattan, but spokesmen there declined to provide any information on Azari’s case.

Author: Joseph Fitsanakis | Date: 02 July 2021 | Permalink

Senior Serb intelligence officials given prison sentences for war crimes

Jovica Stanisic Franko Simatovic

TWO SENIOR FORMER OFFICIALS in the now defunct domestic security apparatus of Serbia have been given prison sentences totaling 24 years, after being found guilty of war crimes by a United Nations court. The crimes of the two officials stem from the Yugoslav Wars, a series of bloody ethnic conflicts that followed the breakup of the former Yugoslavia in 1991.

The two former officials, Jovica Stanišić, 70, and Franko “Frenki” Simatović, 71, deny that they trained Serbian elite police units in methods of exterminating non-Serb populations in various regions of the former Yugoslavia. The two men were initially acquitted of all charges against them by the International Criminal Tribunal for the former Yugoslavia (ICTY). But the initial ruling was quashed, and the two men were tried again, this time by United Nations Mechanism for International Criminal Tribunals, which took over ICTY’s operations after its mandate ended.

Stanišić directed the State Security Service (SDB), which operated under the Ministry of Internal Affairs of Serbia as the country’s primary domestic security agency. Simatović was an intelligence officer who, from 1991 until 1998, commanded the feared Special Operations Unit, known as JSO. The JSO was an elite police force that operated under Stanišić’s SDB. Prosecutors accused the two men of working under direct orders by Serb President Slobodan Milošević, with the aim of ethnically cleansing non-Serbian populations. Milošević died in 2006 in prison at The Hague, Netherlands, where he was held facing charges of genocide and crimes against humanity.

On Wednesday, each of the two men were given 12 years in prison. Simatović has already served eight years in prison, and Stanišić close to five. Both continue to deny the charges against them, and their lawyers said they would appeal the convictions.

Author: Joseph Fitsanakis | Date: 01 July 2021 | Permalink

Secret recordings show Peru’s jailed ex-spy chief trying to change election results

Vladimiro MontesinosAUDIO RECORDINGS RELEASED LAST week appear to show Peru’s imprisoned former spy chief, Vladimiro Montesinos, trying to organize bribes for judges in an effort to alter the outcome of the recent presidential election. From 1990 to 2000, Montesinos headed Peru’s intelligence service, Servicio de Inteligencia Nacional (SIN). He worked in close cooperation with his political patron, Alberto Fujimori, who is currently serving a lengthy prison sentence for corruption and human-rights abuses. Like his boss, Montesinos is currently serving a 25-year prison sentence for setting up a sophisticated network of illegal activities during his SIN tenure. The crimes he committed include drug trafficking, bribing, extortion, as well as embezzlement.

Despite his dramatic fall from power, Fujimori remains popular in Peru. Earlier this month, his daughter, Keiko Fujimori, a rightwing populist, fought a neck-and-neck election contest with leftist school teacher and trade unionist Pedro Castillo. Castillo was provisionally declared the winner of the second and final round of the general election, with 50.12 percent of the votes cast, having received 44,263 more votes than Fujimori. The United States, the European Union and the Organization of American States declared the election as free and fair. But Fujimori, who has vowed to pardon her father and release him from prison if she wins, claims that Castillo’s victory was the result of widespread fraud. Now the National Jury of Elections, set up by the National Office of Electoral Processes, is auditing the election results across the nation.

The plot thickened on Saturday, when a veteran lawmaker, Fernando Olivera, released over a dozen recordings of conversations between the jailed Montesinos and a retired military commander, Pedro Rejas, who is a political ally of Fujimori. In the recordings, Montesinos is heard instructing Rejas to arrange monetary bribes for judges who staff the National Jury of Elections. The purpose of the bribes, says Montesinos, is to secure a victory for Fujimori. He also warns Rejas that if Fujimori does not win the election, she will probably end up in prison for corruption, like her father.

The prison authority of the Peruvian Navy, which oversees the maximum security prison that houses Montesinos, has confirmed that the recordings released by Olivera are authentic, and says it has launched an investigation into the matter. There are also some who believe that Rejas’ involvement in Montesinos’ conspiracy may indicate willingness by the Peruvian Armed Forces to organize a coup, in case Castillo becomes Peru’s next president. Meanwhile, Fujimori has said she felt “indignation” when listening to the recordings of Montesinos’ attempts to secure her electoral victory. She described Montesinos as a “criminal” who “betrayed all Peruvians” as head of the SIN.

Author: Joseph Fitsanakis | Date: 30 June 2021 | Permalink

Kremlin spy participated in secret meeting to fund Italian separatist party

Kremlin, Russia

AN ALLEGED EMPLOYEE OF Russian intelligence was present during a secret meeting in Moscow, in which politicians and investors discussed a plan to fund a northern Italian separatist political party. The party, Lega Nord (Northern League, or LN) was established in 1991 as an amalgamation of northern Italian separatist groups whose members seek greater autonomy and are opposed to Italy’s membership in the European Union. Under its current leader, Matteo Salvini, the LN has adopted an hard-line anti-immigration stance and has associated itself with United Russia, the political home of Russian President Vladimir Putin.

In July of 2019, the investigative news website BuzzFeed released audio recordings of a secret meeting that allegedly took place in Moscow’s Hotel Metropol, between members of the LN and Russian emissaries of the Kremlin. The discussion reportedly concerned a plan to sell Russian oil to an Italian firm connected to the LN at a markedly discounted price, which would allow it to compete with Italy’s state-owned energy supplier and at the same time enrich the LN’s election campaign coffers by nearly $70 million.

According to an investigation by Italian authorities, participants at that meeting were Salvini’s former spokesperson, Gianluca Savoini, as well as two other Italians, who managed investment banks and were also supporters of the LN. There were also three Russian participants, including a Kremlin lawyer who works for the Russian Ministry of Energy, and a Russian former banker and tycoon with clsoe ties to President Putin. But the third Russian had not been identified. Until now.

The Italian newspaper L’Espresso, which has led the investigative reporting into the alleged scandal, reports that the Milan Prosecutor’s Office has identified the third Russian participant as Andrey Yuryevich Kharchenko, an alleged employee of Russian intelligence. The paper said that Kharchenko’s identity was supplied to the Italian government by “another Western state” that has been targeted by Russian intelligence in recent years. The investigation into the alleged scandal continues.

Author: Joseph Fitsanakis | Date: 29 June 2021 | Permalink

Sensitive UK defense documents found in bus stop by member of the public

UK Ministry of DefenceSensitive documents belonging to the British Ministry of Defense were found by a member of the public behind a bus stop last week, in what the BBC described as “a major embarrassment” for the British government. The documents number 50 pages; most are marked “official sensitive”, which is a low level of classification, but it means they are still subject to security requirements.

The BBC said it was contacted by “a member of the public, who wishes to remain anonymous”, after he or she found the documents dumped behind a bus stop in the southeastern county of Kent, which borders greater London,. The papers were reportedly in a deteriorated state, as they had been exposed to the elements -including rain- for several days.

According to the BBC, the sensitive documents most likely originated in the office of a senior Ministry of Defense official. They include printouts of email exchanges, as well as a number of PowerPoint slides concerning several timely topics. Among them is a presentation about HMS Defender, a Type 45 Destroyer belonging to the Royal Navy. It is followed by a presentation on the tense maritime incident that took place between Britain and Russia off the coast of Crimea last week.

Another document concerns the defense priorities of the administration of United States President Joe Biden, especially as they relate to the Indo-Pacific region and China. Several emails concern the future of the British military presence in Afghanistan, following the pending withdrawal of US forces from there in September. Yet another set of documents addresses British defense contracts that may irk some of the former European Union member state’s European allies.

The British Defense Ministry said last week it was investigating the details of “an incident” in which sensitive papers were “recovered by a member of the public”. It added that one of its employees, who had been entrusted with the documents, had reported them missing in the days prior to their recovery.

Author: Joseph Fitsanakis | Date: 28 June 2021 | Permalink

US court rejects challenge of pre-publication review by ex-intelligence employees

4th US Circuit Court of Appeals in Richmond, Virginia

A COURT OF APPEALS in the United States state of Virginia has rejected a lawsuit by former intelligence employees who claimed that the system of pre-publication review violated their freedom of speech. The case centered on the requirement for current and former employees of American intelligence agencies to submit for review any material they intend to publish in the unclassified domain, in case it contains government secrets.

The lawsuit originated in 2019, when it was brought before a court by five former employees of the Central Intelligence Agency, the National Security Agency, the Office of the Director of National Intelligence, and the Department of Defense. All five plaintiffs intended to publish books on topics including the history of the CIA, government surveillance, as well as the prevalence of sexual violence and racism in the US armed forces.

The plaintiffs claimed that the pre-publication review system is unclear and confusing, that its scope is too broad, and that the process takes too long. They also claimed that many of the edits made on their manuscripts aimed to protect government agencies from embarrassment and criticism, rather than protect national security. Furthermore, they claimed that many of the alleged secrets that were edited out of manuscripts referred to information that was already available in the open domain. All five plaintiffs were represented by lawyers from the Knight First Amendment Institute at Columbia University and the American Civil Liberties Union. The government was represented by the US Department of Justice.

Last year, a US District Court in the US state of Maryland dismissed the claim on the grounds that the government was justified in wanting to protect its secrets, and that the pre-publication system was intricate but unambiguous. On Wednesday, the 4th US Circuit Court of Appeals in Richmond, Virginia, upheld the District Court’s ruling. In a unanimous vote, the court’s three judges concluded that, by voluntarily agreeing to submit to the pre-publication review system, the plaintiffs had waived their right to challenge the system’s legality under the 1st Amendment of the US Constitution.

Author: Ian Allen | Date: 24 June 2021 | Permalink

Afghans who spied for CIA say they fear retaliation once US forces withdraw

Antony Blinken

AFGHAN CIVILIANS WHO WERE recruited by the United States Central Intelligence Agency as local assets say they fear retaliation by a resurgent Taliban once American forces withdraw from Afghanistan in September. Last April, US President Joe Biden announced that American troops would leave Afghanistan by September 11. The date will mark the 20th anniversary of the terrorist attacks of September 11, 2001, which caused Washington to send troops to Afghanistan in response.

The CIA has been a major component of America’s presence in Afghanistan over the past two decades. When operating in the Central Asian country, CIA officers have routinely relied on local people to collect intelligence, provide translation services, and guard its facilities and personnel. These local assets were typically paid in cash for their services, which were secret in nature and often life-threatening.

Now many of these local assets —possibly thousands— are apprehensive of the pending withdrawal of their American protectors from Afghanistan, and fear retaliation from a resurgent Taliban. According to The Wall Street Journal, these local CIA assets say that “their lives are now at risk”. A large number of them have submitted applications for a US Special Immigrant Visa. This is a State Department program that aims to offer protection to local people who have carried out “sensitive and trusted activities” on behalf of American government personnel abroad.

But the Special Immigrant Visa process is complicated and expensive, and is currently plagued by major delays. The Wall Street Journal reports that, even though the law stipulates Special Immigrant Visa requests must be processed within nine months, applications are currently taking between three to five years to be adjudicated. The Department of State says it is currently working through a backlog of 18,000 applications from around the world. The situation is particularly dire for Afghan CIA assets, says the paper, because many find it difficult to prove they ever worked for the CIA. The spy agency’s record-keeping was minimal throughout its time in Afghanistan, especially in the opening years of the conflict, according to the report. Furthermore, some local assets may not even be named in CIA documentation, so as to protect their identity.

In response to calls for faster processing of Special Immigrant Visa requests, US Secretary of State Antony Blinken (pictured) said earlier this month: “We’re determined to make good on our obligation to those who helped us, who put their lives on the line, put their families’ lives on the line working with our military, working with our diplomats”.

Author: Joseph Fitsanakis | Date: 23 June 2021 | Permalink

Germany arrests Russian PhD student on suspicion of spying for Moscow

University of Augsburg

A RUSSIAN DOCTORAL STUDENT in mechanical engineering, who is studying in a Bavarian university, has been arrested by German police on suspicion of spying for Moscow, according to official statements and reports in the German media. According to a press statement issued by the Federal Public Prosecutor General’s office in the city of Karlsruhe, the PhD student was arrested on Friday, June 18.

The student was subsequently identified by the German authorities only as “Ilnur N.”, in accordance with German privacy laws. On Monday, however, local media identified the suspected spy as Ilnur Nagaev, a doctoral candidate at the University of Augsburg, which is located 50 miles northwest of Munich. Nagaev reportedly works as a research assistant there, while pursuing his doctoral studies in mechanical engineering.

German authorities maintain that the suspect began working “for a Russian secret service” in early October of 2020, and possibly earlier. He is also accused of having met with an unidentified “member of a Russian foreign secret service” at least three times between October 2020 and June of this year. According to German federal prosecutors, Nagaev shared unspecified information with his alleged Russian handler, and received cash in return at the end of each meeting.

German police reportedly searched Nagaev’s home and work office looking for further clues about the case. In the meantime, a judge at the Bundesgerichtshof (Federal Court of Justice) in the Federal Court of Justice in Karlsruhe, which is Germany’s highest court on matters of ordinary jurisdiction, ordered that Nagaev be kept in pre-trial detention, pending a possible indictment. Neither the Russian nor the German federal governments have commented on this case.

Author: Joseph Fitsanakis | Date: 22 June 2021 | Permalink

No prison for Australian former spy who disclosed controversial espionage operation

Bernard Collaery

A FORMER AUSTRALIAN SPY, who prompted international outcry by revealing a controversial espionage operation by Canberra against the impoverished nation of East Timor, has been given a suspended prison sentence. The case against the former spy, known only as “Witness K.”, first emerged in 2013. It is believed that Witness K. served as director of technical operations in the Australian Secret Intelligence Service (ASIS), Australia’s foreign-intelligence agency.

In 2013, Witness K. revealed an espionage operation that targeted the impoverished Pacific island nation of Timor-Leste, also known as East Timor. He alleged that ASIS officers, disguised as a renovation crew, bugged an East Timorese government complex. The information gathered from the spy operation allegedly allowed the Australian government to gain the upper hand in a series of complex negotiations that led to the 2004 Certain Maritime Arrangements in the Timor Sea (CMATS) treaty. The treaty awards Australia a share from profits from oil exploration in the Greater Sunrise oil and gas field, which is claimed by both Australia and East Timor.

In 2013, the East Timorese government took Australia to the Permanent Court of Arbitration in The Hague, claiming that the Australian government was in possession of intelligence acquired through illegal bugging. The claim was supported by Witness K., who argued that ASIS’ espionage operation was both “immoral and wrong” because it was designed to benefit the interests of large energy conglomerates and had nothing to do with Australian national security. It is worth noting that Witness K. said he decided to reveal the ASIS bugging operation after he learned that Australia’s former Minister of Foreign Affairs, Alexander Downer, had been hired as an adviser to Woodside Petroleum, an energy company that was directly benefiting from the CMATS treaty.

Read more of this post

Analysis: The mysterious case of IDF ‘Officer X’ who died in an Israeli prison

Aviv Kochavi

The State of Israel has been in turmoil for several weeks, after it became known that an outstanding officer in one of the elite technological units of the Israel Defense Forces (IDF) Intelligence Division (Israel Military Intelligence, or IMI) was found dead while in custody in a military prison. He had been serving an eight-month sentence on suspicion of causing serious security damage to a critical intelligence technological system. The IDF’s chief of staff, Major General Aviv Kochavi (pictured), said in relation to the case: “The officer from the IMI committed very serious offenses. He committed them on purpose, for reasons I cannot describe. He almost [revealed] a big secret and we stopped it in the [last] minute”.

After the officer’s death, it was revealed by the IDF that his arrest was not a case of treason, or espionage and that he acted for personal, rather than for ideological, nationalistic or financial motives. Following public pressure about IDF’s handling of the matter and the unclear circumstances of the officer’s death, the IDF has provided some more details.

Officer X, who, according to an American website was named Tomer Aiges, was a 25-year-old captain with three honorary awards by the IMI. He had graduated from high school while simultaneously receiving a BSc in computer sciences at the age of 18. Before enlisting in the IDF, he worked in several hi-tech companies in Israel. People who worked with him there testified that he was a young man with extraordinary technical abilities, which is why he was recruited to the technology unit of the IMI.

There are two main issues of concern among the Israeli public. One is how the officer was held in custody for a long time without being brought to trial, even though a serious indictment —the details of which are not known— was filed against him, and when no one except his parents knew about it. To the young man’s acquaintances it seemed that he had mysteriously disappeared. What is more, much of his page on Facebook was deleted and no further updates appeared following his arrest. It was reported that during his arrest, there was a process of criminal mediation, in which the State of Israel sought to sentence him to ten years in prison.

The second problematic issue concerns the circumstances of his death. There are many questions about to how he could have died when his detention cell was under non-stop surveillance by closed-circuit cameras. Further questions remain as to why the investigation into the circumstances of his death has yet to be completed. There have been demands by Israeli former intelligence officers to hand over the investigation to a civilian inquiry committee headed by a Supreme Court judge, as there is grave concern that the IDF could be hiding information that could demonstrate it was negligent in protecting the officer’s life.

The publication of additional details about this case is subject to a strict ban by the Israeli military censorship —it should be noted that Israel is the only Western country that exercises security censorship. The Israeli public is eagerly awaiting the publication of further details about the circumstances of the death of the intelligence officer, Officer X.

Dr. Avner Barnea is research fellow at the National Security Studies Center of the University of Haifa in Israel. He served as a senior officer in the Israel Security Agency (ISA).

Author: Avner Barnea | Date: 18 June 2021 | Permalink

Russian actors had access to Dutch police computer network during MH17 probe

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

FBI warns some QAnon online supporters plan to transition to ‘real-world violence’

QAnon - IA

A NEW INTELLIGENCE REPORT warns that some supporters of the QAnon conspiracy theory, who in the past have limited their activities to the online domain, may now be transitioning to “real-world violence”. The unclassified report (pdf) was co-produced by the Federal Bureau of Investigation and the Department of Homeland Security. It was released on Monday by Senator Martin Heinrich (D-NM), who called for coordinated action to protect national security from QAnon militants.

Adherents of the QAnon conspiracy theory view former President Donald Trump as a central figure in a behind-the-scenes battle against a sinister cabal of enemies, known as the “deep state”. According to the QAnon theory, Trump’s first term in office would culminate in a victory against this “deep state”. The latter is believed by QAnon conspiracy theorists to consist of Satan-worshiping cannibals who traffic children for sex. These cannibals would be routed during “The Storm”, a final reckoning between Trump and the “deep state”, which would result in the arrest and execution of all “deep state” officials.

When Trump failed to get re-elected last year, some QAnon adherents attempted to bring about “The Storm” by joining the mob who attached the US Capitol Complex —an unprecedented violent action that resulted in the death of five people. According to the Associated Press, at least 20 QAnon adherents have so far been charged with federal crimes relating to the January 6 attack on the US Capitol.

The new intelligence report by the FBI and the DHS warns that, frustrated by Trump’s departure from the office of the presidency, some QAnon adherents, including leading figures in the movement, are now promoting a new conspiracy theory. According to this new theory, Trump is now operating as a “shadow president” who is continuing his secret battle against the Satan-worshiping cannibals. The latter purportedly include President Joe Biden and most senior Democrats in office, who will eventually be unseated by Trump and his movement.

Not all QAnon adherents believe in this new theory, according to the report. Indeed, some supporters of QAnon are feeling disillusioned and are now “pulling back”, after realizing that they can no longer “trust the plan” spelled out by Q —the mysterious figure that supposedly is at the center of the QAnon theory. This is not necessarily good news, however, according to the report. This is because some disillusioned QAnon supporters are now deciding that, rather than waiting for Q’s promised actions to occur, they should act to make them happen.

These QAnon supporters believe that they must no longer limit their role in the movement to simply being “digital soldiers” in support of Q. Instead, they are now “pivoting” toward “engaging in real-world violence”, the report suggests. This newfound role includes planning actions that aim to physically harm “perceived members of the ‘cabal’ such as Democrats and other political opposition”, the report warns.

Author: Ian Allen | Date: 15 June 2021 | Permalink

FBI thanks French police for high-profile arrest of Luxembourg’s former top spy

Luxembourg City

AGENTS OF THE UNITED States Federal Bureau of Investigation visited the northeastern French city of Nancy last week, reportedly to thank its local police force for arresting a former senior officer in Luxembourg’s spy agency. The case is said to be connected to a notorious cyptocurrency-based fraud scheme, which some claim may be the largest in history.

Frank Schneider headed the operations directorate of the Service de Renseignement de l’État Luxembourgeois (SREL), Luxembourg’s intelligence agency. Although he left the service in 2008, his name came up frequently in the context of a spy scandal that eventually brought down Luxembourg’s prime minister, Jean-Claude Juncker. The former spy was eventually acquitted of illegal conduct in that case —but he now appears to be in legal trouble of a different kind.

According to reports, US authorities have been looking for a man referred to in French media as “Frank S.” in connection to a massive Ponzi scheme that allegedly involves OneCoin, a Bulgarian-based cyptocurrency firm. British newspaper The Times has described the scheme as “one of the biggest scams in history”. It is believed that the OneCoin scheme defrauded victims around the world of over $4 billion.

Schneider was reportedly arrested on April 29 in Audun-le-Tiche, a small town on the French-Luxembourg border and not far from the Belgian and German borders. His arrest took place pursuant to an international warrant, which was later confirmed to have been issued by authorities in New York. It was reported at the time that Schneider’s arrest involved the deployment of members of Brigade de recherche et d’intervention —France’s equivalent of the Special Weapons And Tactics (SWAT) teams in the US.

The former spy is currently being held in detention at the Nancy-Maxéville prison, and is highly likely to be extradited to the US. American authorities have until June 28 to submit a formal extradition request to the Nancy office of the prosecutor.

Author: Joseph Fitsanakis | Date: 14 June 2021 | Permalink

Chinese state-linked cyber actor allegedly behind attack on global airline industry

Air India

A GROUP OF COMPUTER hackers with close links to the Chinese state are allegedly behind a wide-scale attack on the global airline industry, which includes espionage, as well as financial motives, according to a new report. If confirmed, the attack would constitute a global campaign against a single industry that is unprecedented in size, according to experts.

The most recent victim of this series of worldwide attacks is Air India, India’s government-owned flagship air carrier. In May of this year, the company was targeted by what officials described as “a highly sophisticated attack” that had begun over two months earlier. It was indeed in early February that the hackers had begun to collect information about Air India and trying to infiltrate its networks through a combination of methods, including spear-phishing. The resulting compromise affected the data of some 4.5 million of Air India’s passengers. Stolen information included passengers’ credit card details, as well as passport information, such as names and dates of birth.

But in a new report issued on Thursday, the Singapore-based cybersecurity firm Group-IB said that the methodology used by the perpetrators of the Air India attack resembled those used to hack other airline carriers around the world. Other victims have included Singapore Airlines, Malaysia Airlines, Finnair, as well as SITA, a Swiss-based provider of information technology services to airline operators in over 200 countries and territories around the world.

What is more, the Group-IB report claims “with moderate confidence” that the attacks on the global airline industry are being perpetrated by APT41. Also known as BARIUM, APT41 is a highly prolific group of computer hackers that is widely believed to be connected with the Chinese government. Since first appearing on the scene in 2006, APT41 has amassed a list of victims that include firms from almost every imaginable industry, including manufacturing, telecommunications, transportation, healthcare and defense. Some of its strikes are clearly financially motivated and include ransomware attacks. Others are espionage-related and point to the information needs of a nation-state —allegedly China.

In 2020, the United States Federal Bureau of Investigation added five members of APT41 to its “Most Wanted” list. The accompanying press statement accusing the five men of conducting “supply chain attacks to gain unauthorized access to networks throughout the world”, and attacking a host of companies on nearly every continent, including the Americas.

Author: Joseph Fitsanakis | Date: 11 June 2021 | Permalink

France suspends aid to Central African Republic over espionage charges

Juan Remy Quignolot

THE GOVERNMENT OF FRANCE has suspended all civilian and military aid to the Central African Republic (CAR), after authorities there charged a French national with espionage and conspiracy to overthrow the state. The charges were announced approximately a month after the arrest of Juan Remy Quignolot, 55 (pictured), who was arrested in CAR capital Bangui on May 10 of this year. Following Quignolot’s arrest, CAR police said they found more than a dozen cell phones, machine guns, ammunition and foreign banknotes in his hotel room.

Speaking to reporters in Bangui on Wednesday, the CAR’s attorney general, Eric Didier Tambo, said that Quignolot had been charged with espionage, illegal weapons possession, as well as conspiracy against the security of the state. According to CAR authorities, Quignolot has been providing training and material support to anti-government rebel groups for nearly a decade. However, CAR authorities have not specified for which country or group Quignolot performed his alleged activities.

The French Ministry of Foreign Affairs and the French embassy in Bagnui have not commented on Quignolot’s charges. When the French national was arrested in May, French Foreign Affairs Ministry officials said the move was part of “an anti-French campaign” orchestrated by Russia. Paris has been competing with Moscow for influence in this former French colony —a diamond- and gold-producing country of nearly 5 million people— which remains highly volatile following a bloody civil war that ended in 2016.

Earlier this week, France said it would immediately suspend its $12 million-a-year civilian and military aid to the CAR. The reason is that the African nation’s government had allegedly failed to take measures against “massive disinformation campaigns”, purportedly originating from Russia, which have “targeted French officials” in the CAR and the broader central African region. Despite suspending financial aid, France continues to maintain approximately 300 soldiers in the CAR. In recent years, however, France’s military presence in its former colony has been dwarfed by contingents of Russian military instructors, who are now training government forces.

Quignolot’s trial is expected to take place by December. Speaking about the Frenchman’s possible sentence, attorney general Tambo said on Wednesday that, “in cases of harming domestic security, you’re talking about lifetime forced labor”.

Author: Joseph Fitsanakis | Date: 10 June 2021 | Permalink