Year in review: The biggest spy-related stories of 2018, part I

End of Year ReviewSince 2008, when we launched intelNews, it has been our end-of-year tradition to take a look back and highlight what we believe were the most important intelligence-related stories of the past 12 months. In anticipation of what 2019 may bring in this highly unpredictable field, we present you with our selection of the top spy stories of 2018. They are listed below in reverse order of significance. This is part one in a three-part series; Part two is available here. Part three is here.

10. Taiwan admits that Chinese general Liu Liankun was one of its spies. In April, the government of Taiwan acknowledged publicly for the first time that Liu Liankun, a Chinese major general who was executed by Beijing in 1999 for espionage, was indeed one of its spies. Liu, who headed the Department of General Logistics of the Chinese People’s Liberation Army, was accused by the Chinese government of having spied for Taiwan for five years, in exchange for nearly $2 million in bribes. He was eventually executed by lethal injection in a Beijing prison. He was 58. At the time of his conviction, Liu was the most senior Chinese military officer to have ever been convicted of spying for Taiwan. The island nation denied that Liu spied on its behalf and refused to acknowledge that it had any role in his espionage activities. But in April Taiwan’s Military Information Bureau unveiled its renovated memorial at its headquarters in Taipei City. Among the plaques, visitors to the memorial saw one dedicated to Liu for the first time.

09. Israel charges former cabinet minister with spying for Iran. In 1992, when he was 35, Gonen Segev, was elected as one of the Knesset’s youngest members, representing the conservative Tzomet party. Initially an opposition Knesset member, Segev eventually left Tzomet and joined a governing coalition with the Labor Party, in which he served as Minister of Energy and Infrastructure. In 2004, after exiting politics, Segev was arrested on a flight from Holland while reportedly trying to smuggle several thousand ecstasy pills into Israel. He was jailed for five years but was released from prison in 2007, after a commendation for good conduct. Shortly after his release, Segev moved to the Nigerian city of Abuja, where he practiced medicine. It was there, the Shin Bet claims, that he was recruited by Iranian intelligence. He was reportedly detained in May of this year during a trip to Equatorial Guinea, following a request by Israeli officials. He was then extradited to Israel and arrested as soon as he arrived in Tel Aviv. Israel’s Shin Bet security service said that Segev admitted being in regular contact with Iranian intelligence agents in Nigeria, where he lived after 2007, and other countries around the world. He also said that he was given a fake passport by his handlers, which he used to visit Iran on two separate occasions in order to hold secret meetings with Iranian intelligence officers.

08. European Union agrees to establish joint intelligence training school. In November, 25 members of the European Union agreed to establish a joint intelligence training academy, a move interpreted by some as a concrete effort to deepen inter-European security cooperation following Brexit. The announcement came just hours after leading EU heads of state spoke in favor of establishing a joint EU defense force. Calls for tighter cooperation between EU members in the areas of defense and security have been issued for decades. But the upcoming departure of Britain from the EU —popularly known as Brexit— appears to have prompted Germany and France to propose deeper integration as a response to the rise of anti-EU sentiment across the continent. The new intelligence academy initiative will be led by Greece —an EU member since 1981— and will be headquartered in Cyprus, which joined the EU in 2004. It will work in cooperation with the individual intelligence agencies of the 25 co-signatory states, along with NATO and with other regional security bodies.

This is part one in a three-part series; Part two is available here. Part three is here.

Authors: Joseph Fitsanakis and Ian Allen | Date: 27 December 2018 | Permalink

Advertisements

Barcelona on high alert after US State Department terrorism warning

Las Ramblas BarcelonaPolice in Barcelona have intensified security checks in some of the Spanish city’s most recognizable landmarks, following a security warning from the United States Department of State. The surprise warning came in the form of a post on the popular social networking site Twitter on Sunday, December 23. In the tweet, the Department of State advised travelers to “exercise heightened caution around areas of vehicle movement, including buses”. It added that terrorists could “attack with little or no warning, targeting tourist locations, transportation hubs, and other public areas”. It is rare for the Department of State to issue warnings for specific locations, unless the US government is in possession of critical intelligence pointing to the possibility of a terrorist attack.

Hours after the Department of State’s warning, Miquel Buch, Minister of the Interior for Spain’s Catalonia region, told a radio station in Barcelona that local authorities were “engaged in assessing the warning” by the US authorities. Local media reported that increased police presence was visible around bus, minibus, train and metro stations throughout the Catalonian capital. Heavily armed police presence was also notable in Barcelona’s most popular tourist landmarks, including the Sagrada Familia Cathedral, the Gothic Quarter, and the mile-long Las Ramblas pedestrian Boulevard at the city’s center. There was no information about the precise nature of the US warning, but there were reports in Catalonian media on Tuesday that the alert notice involved the possibility of a vehicular attack by Islamists during the Christmas holiday season.

In August of 2017, Younes Abouyaaqoub, a 22-year-old Moroccan-born Islamist drove a van into large crowds of tourists at Las Ramblas, killing 14 and injuring nearly 150 people. Abouyaaqoub’s attack was followed by another assault by five men in Cambrils, a small seaside town south of Barcelona, who drove a car into a crowd of pedestrians, killing one and injuring six more. All six men were members of the Islamic State. They were shot and killed by police and security forces.

Author: Ian Allen | Date: 26 December 2018 | Permalink

China seeks clarification over alleged spy equipment ordered by US embassies

US embassy Berlin GermanyThe Chinese government says it is seeking explanations from Washington after a leaked procurement database showed that American embassies purchased data forensics software and various tactical spy equipment. The purported database was published on December 21 by the international anti-secrecy website WikiLeaks, founded by Julian Assange, who is accused by some in the United States of having violated its espionage laws. WikiLeaks has dubbed the database the “US Embassy Shopping List” and says that it contains over 16,000 procurement requests from officials at American embassies located all over the world.

Most procurement requests included in the WikiLeaks database appear to be for commonplace items or services, such as passenger transportation, heating oil, outdoor freezers, or garage gates maintenance and repair. But there are some requests for so-called “tactical spy equipment”, such as those ordered by the US embassies in Colombia and El Salvador. These appear to be for miniature surveillance cameras hidden into everyday objects, such as buttons, baseball caps, watches and ties. Nearly 100 such items were requested for procurement by the US embassy in San Salvador. Several embassies ordered hardware and software for forensic examination of mobile phones. For example, the US embassy in Yerevan, Armenia, ordered a “Cell Phone Analyzer”, which allows users to access data from cell phones while bypassing security measures such as passwords. Similar devices were ordered by the US embassies in Berlin (pictured), and Kiev, capital of Ukraine, where fears were expressed on Monday about a possible military action by Russian troops during the holidays.

On Monday, China’s Ministry of Foreign Affairs said it was seeking “clarifications” from Washington about the documents made public by WikiLeaks. Speaking to reporters in Beijing, Ministry spokesman Hua Chunying said that the US owed “the rest of the world an explanation […] for what has recently been revealed by WikiLeaks”. Chunying also spoke about prior WikiLeaks revelations, including the so-called “PRISM-gate” in 2013, which revealed extensive intelligence-collection activities by the US on numerous countries, including some if its allies, such as Germany and France. She went on to ask, “why do American embassies buy so much secret surveillance equipment?”. Authorities in Washington had made no comment on the WikiLeaks revelation as of Tuesday morning.

Author: Ian Allen | Date: 25 December 2018 | Permalink

Islamic State issues drone bomb warning following London airport chaos

Islamic State dronesOn the heels of chaotic scenes at Britain’s Gatwick Airport, which remained closed for three days due to reported sightings of drones, the Islamic State has released images on social media showing drones carrying packages to large Western cities. The images, which appear to be PhotoShopped, have reignited concerns that the group may be close to launching attacks on civilian targets around the world using drones. Known formally as unmanned aerial vehicles (UAVs), drones have become increasingly accessible to private consumers in recent years. They range from miniature toy models that can be controlled via smartphone applications to highly sophisticated models that can carry significant loads to high altitudes.

In recent years, it has been reported that several militant groups, such as Hezbollah in Lebanon and al-Qaeda-affiliated groups in Pakistan, have made use of drone technology for surveillance and combat purposes. But observers believe that the Islamic State may have the most advanced drone arsenal of any non-state group in the world. The militant Sunni-Muslim organization launched an experimental armed drone campaign in Iraq in 2016. A year earlier, Islamic State fighters had been seen making use of commercially purchased drones for surveillance purposes in the battlefields of Iraq and Syria. In 2016, the Islamic State built several workshops to modify commercially purchased drones, and eventually to build its own models. In January 2017, the group announced the establishment of a new unit called “Unmanned Aircraft of the Mujahideen”, which operated a sizeable fleet of modified combat drones. The following month, the Islamic State claimed to have killed with the use of drones nearly 40 Iraqi soldiers in a single week. The militant group said it did so by using drones to drop three-pound mortar shells on Iraqi troop positions.

Counterterrorism specialists are concerned about what they see as the Islamic State’s “growing ambition” to use drones in the battlefield. But they doubt that the use of drones can by itself affect the outcome of battles. A much larger concern is the possibility that the Islamic State could transfer its drone knowledge outside the battlefield. It has long been confirmed that Islamic State militants have systematically discussed the possibility of deploying drones in civilian areas to drop explosives or even weaponized chemical substances. In October of this year, Federal Bureau of Investigation director Christopher Wray told the United States Congress that the threat of the use of drones by a group like the Islamic State against American tarets was “steadily escalating”. Wray said that the FBI assessed drones “will be used to facilitate an attack in the United States against a vulnerable target, such as a mass gathering”. He added that his assessment was based on several factors, such as the retail availability of the devices, the “lack of verified identification requirement to procure” drones, their ease of use, as well as the experience in the use of drones that militant groups have been amassing abroad.

Author: Joseph Fitsanakis | Date: 24 December 2018 | Permalink

Saudi royal suspected of ordering Khashoggi murder leads spy reform body

King Salman with Crown Prince MohammedThe Saudi royal who is suspected by the international community of having ordered the state-sponsored murder of journalist Jamal Khashoggi is now leading a committee to reform the Kingdom’s spy services. Khashoggi, 59, was a Saudi government adviser who became critical of the Kingdom’s style of governance. He moved to the United States and began to criticize Saudi Arabia from the pages of The Washington Post. He was killed on October 2 by a 15-member Saudi hit-squad while visiting the Saudi consulate in Istanbul, Turkey, in order to be issued a document certifying his divorce from his former wife in Saudi Arabia. After several weeks of vehemently denying any role in Khashoggi’s killing, the Saudi government eventually admitted that he was killed while inside the Saudi consulate in Istanbul.

After conceding that Khashoggi was murdered inside its consulate in Istanbul, the Saudi monarchy pledged to punish those responsible and reform the Kingdom’s intelligence services. But reports in the international press have disclosed that nearly every major Western intelligence agency believes that Khashoggi’s murder was authorized by none other than Muhammad Bin Salman, Saudi Arabia’s Crown Prince and heir-presumptive to the Saudi throne. In late October it was disclosed that Britain’s intelligence services had prior knowledge of a plot to target Khashoggi at the highest echelons of the Saudi government, and allegedly warned Riyadh not to proceed with the plan. And earlier this month it was reported by The Wall Street Journal that, according to the United States Central Intelligence Agency, bin Salman had exchanged text messages with the head of the 15-member hit-team in the hours prior to and following Khashoggi’s brutal murder in Istanbul.

However, not only has the Kingdom’s ruler, King Salman, rejected reports about the crown prince’s alleged involvement in Khashoggi’s murder, but he has also appointed the controversial royal as the head of a ministerial committee to “restructure the General Intelligence Presidency”. The term refers to the primary intelligence agency of Saudi Arabia, which is also known as the General Intelligence Directorate (GID). The ministerial committee has reportedly met several times since October 19, when it was established by royal decree “in pursuit of achieving best international practices” in intelligence operations. On Thursday, Saudi media announced that the ministerial committee had drafted a document recommending “short-, medium-, and long-term development solutions” for restructuring the GID. Several measures were presented by the media as “urgent”. They center on creating a “department for strategy and development” whose task will be to ensure that intelligence operations are in line with the GID’s strategy and the Kingdom’s national security strategy. Another proposed measure involves creating a “general department for legal affairs” that will assess the compatibility of proposed intelligence operations with “international laws and charters and with human rights”. The committee also proposed the creation of a “general department for performance evaluation and internal review” to verify that intelligence operations have been carried out in a legal fashion.

Saudi media reports on Thursday made no mention of the controversy surrounding bin Salman’s presidency of the ministerial committee. For the past two months, the Kingdom has dismissed reports of the crown prince’s involvement in Khashoggi’s murder as “fake news” promoted by its rival Qatar. It has also warned that any social media posts that promote “fake news” about the Saudi government’s involvement in the murder will result in up to five years’ imprisonment. Last month, Prince Turki al-Faisal, the former director of the GID, rejected calls for an international inquiry into Khashoggi’s murder and said that Saudi Arabia would never agree to an international investigation into the case.

Author: Joseph Fitsanakis | Date: 21 December 2018 | Permalink

Cyber spies accessed thousands of European Union diplomatic cables

European Commission buildingA group of hackers, allegedly working for the Chinese military, accessed thousands of classified diplomatic cables from the European Union during a protracted cyber-espionage operation, a report has revealed. Over 100 organizations are believed to have been targeted in the multi-year cyber-espionage campaign, including the United Nations, international labor groups, as well as government ministries from dozens of countries. The operation was revealed on Tuesday by Area 1, a cyber-security company founded by former officials of the United States National Security Agency, and reported by The New York Times.

The compromised cables come primarily from the European Union’s COREU communication network, a Telex-based network that uses teleprinters to exchange text-based messages. The European Union uses the COREU network to transmit information that is classified “limited” or “restricted” between officials representing the executive governments of the European Union’s member states, members of the European Commission, foreign-ministry officials, and other approved parties. Top-secret information (“tres secret” in European Union parlance) is typically not shared on the COREU network. Consequently, the hacked cables contain mostly low-level information. That does not mean, however, that their access by at least one adversary power does not represent a serious security breach. Area 1 said that its forensic examination of the method used by the hackers reveals a set of cyber-espionage techniques that are closely associated with the Chinese People’s Liberation Army (PLA). These clues, in association with the PLA’s long history of attacking Western diplomatic targets, point to Beijing as a very likely culprit behind the attacks, according to Area 1.

The American cyber-security firm said it was able to access the compromised European Union cables and made over 1,100 of them available to The New York Times. The paper reported on Tuesday that the cables reflect increasing tension between Brussels and Washington, as European Union diplomats attempt to get a handle on the unpredictability of United States President Donald Trump. A series of diplomatic cables discusses the whether the European Union should bypass the White House and work directly with the Republican-controlled US Congress, which is viewed as more reliable and responsible. Another set of diplomatic exchanges describes the frustration of the Beijing’s leadership with Trump, which Chinese President Xi Jinping is said to have described to European Union officials as “a bully [engaged in a] no-rules freestyle boxing match”.

The Times said that it notified the European Union of the breach of its diplomatic cables and was told that officials were “aware of allegations regarding a potential leak of sensitive information and [were] actively investigating the issue”. The paper also contacted the White House National Security Council but did not get a response.

Author: Ian Allen | Date: 20 December 2018 | Permalink

Details of Albania’s clandestine operatives posted online due to admin error

Albanian State Intelligence Service Sensitive information about the identities and activities of Albania’s intelligence operatives appeared online, apparently due to an administrative blunder. The incident has reportedly alarmed officials at the North Atlantic Treaty Organization (NATO), of which Albania has been a member since 2009. British newspaper The Independent, which reported the incident earlier this month, described it as “a dangerous breach that could have international consequences”. The paper quoted a former officer in the United States Central Intelligence Agency who described the breach as “the type of bureaucratic catastrophe that could put lives at risk”.

Until the end of the Cold War, Albania was a communist state aligned with China. Since 1991, however, the former communist country has tried to align itself with the West. As part of this strategy, successive Albanian administrations have tried to combat widespread nepotism and government corruption. A significant aspect of this ongoing anti-corruption campaign involves the daily publication of the financial activities of Albanian government agencies. This information is available in searchable spreadsheets on the website of Albania’s Ministry of Finance and Economy. Recently, however, Vincent Triest, a researcher with British-based investigative website Bellingcat, noticed that the publicly available spreadsheets contained information about the State Intelligence Service, Albania’s spy agency, known as SHISH. In reading through the spreadsheets, Triest was able to find the names, official job titles, salaries and monthly expenses of at least eight senior members of SHISH. Most of them, said Triest, serve under official (diplomatic) cover at Albanian embassies and consulates in Greece, Italy, Belgium, Serbia, and elsewhere in Europe.

In a follow-up article posted yesterday on Bellingcat’s website, Triest said that the spreadsheets on the website of the Albanian Finance Ministry contain names and national identification records of SHISH officers, the agency field offices where they are serving, and even the make and model of the vehicles they drive along with their license plate numbers. A separate spreadsheet lists the construction contractors, plumbers and electricians used by various SHISH field offices, as well as the mechanics that are contracted to service the agency’s vehicles. Remarkably, at least two of the exposed SHISH officers are serving in “sensitive posts at NATO headquarters in Brussels”, writes Triest. This has raised alarms at NATO, as Albanian intelligence officers with access to NATO’s secrets could now become susceptible to possible recruitment by adversary spy agencies, said The Independent. The paper added that it notified the Albanian government of the security breach, and was told that the sensitive data would be promptly removed from government websites.

Author: Joseph Fitsanakis | Date: 19 December 2018 | Permalink