Holland expels two Iranian diplomats, but stays silent on reasons

Iran embassy HagueHolland has expelled two Iranian diplomats without saying why, leading to speculation that the expulsions may be related to the arrests of members of an alleged Iranian sleeper cell in Belgium, Germany and France last week. On Friday, a spokesperson from Holland’s General Intelligence and Security Service (AIVD) told reporters that “two persons accredited to the Iranian embassy” in the Hague “were expelled from the Netherlands on June 7”. The spokesperson continued saying that, although the AIVD was able to confirm that the two unnamed persons had been expelled from the country, they would “not provide any further information”. When journalists contacted Holland’s Ministry of Foreign Affairs, they were told that there would be no comment on the matter from the Dutch government.

Late on Friday, the Reuters news agency cited an unnamed “European government official and a Western intelligence source” who said that the two Iranian embassy personnel were expelled from Holland “up to two months ago”. But Holland’s state-owned Dutch Broadcast Foundation (NOS) reported that the expulsions took place on June 7. No further information appears to be publicly available. However, assuming that the expulsions took place last week, and not two months ago, they appear to have coincided with the arrests of members of an alleged Iranian sleeper cell on June 30 and July 1. As intelNews reported last week, the arrests began on June 30, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria. On the same day, a fourth person, who has not been named, was arrested by authorities in France, reportedly in connection with the three other arrests.

All four individuals appear to have been charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a Marxist militant group that has roots in radical Islam and Marxism. Until a few years ago, the MEK was designated as a terrorist group by the European Union and the United States, but has since been reinstated in both Brussels and Washington. There is also speculation that last week’s expulsions in Holland may be related to the assassinations of dissident Iranian expatriates in Holland in 2015 and 2017, which have been blamed on the government in Tehran.

On Saturday, the Iranian Ministry of Foreign Affairs summoned the Dutch ambassador to protest against the expulsions of its diplomats, while a ministry spokesperson warned that “the Islamic Republic reserves the right to retaliate”. Reuters quoted an unnamed “senior Iranian official” who said that “all these arrests and expulsions are part of our enemies’ attempts to harm efforts to salvage the nuclear deal”, a reference to the Joint Comprehensive Plan of Action.

Author: Joseph Fitsanakis | Date: 09 July 2018 | Research credit: M.K. | Permalink

Advertisements

Dutch spies identified Russian hackers who meddled in 2016 US election

Cozy BearDutch spies identified a notorious Russian hacker group that compromised computer servers belonging to the Democratic Party of the United States and notified American authorities of the attack, according to reports. In 2016, US intelligence agencies determined that a Russian hacker group known as Cozy Bear, or APT29, led a concerted effort to interfere in the US presidential election. The effort, which according to US intelligence agencies was sponsored by the Russian government, involved cyber-attacks against computer systems in the White House and the Department of State, among other targets. It also involved the theft of thousands of emails from computer servers belonging to the Democratic National Committee, which is the governing body of the Democratic Party. The stolen emails were eventually leaked to WikiLeaks, DCLeaks, and other online outlets. Prior descriptions of the Russian hacking in the media have hinted that US intelligence agencies were notified of the Russian cyber-attacks by foreign spy agencies. But there was no mention of where the initial clues came from.

Last Thursday, the Dutch current affairs program Nieuwsuur, which airs daily on Holland’s NPO 2 television, said that the initial tipoff originated from the AIVD, Holland’s General Intelligence and Security Service. On the same day, the Dutch newspaper De Volkskrant published a detailed account of what it described as AIVD’s successful penetration of Cozy Bear. According to these reports, AIVD was able to penetrate Cozy Bear in mid-2014, before the hacker group intensified its campaign against political targets in the US. Citing “six American and Dutch sources who are familiar with the material, but wish to remain anonymous”, De Volkskrant said that the AIVD was able to detect the physical base of the Cozy Bear hackers. The latter appeared to be working out of an academic facility that was adjacent to Moscow’s Red Square. The AIVD team was then able to remotely take control of security camera networks located around the facility. Eventually, the Dutch team hacked into another security camera network located inside the buildings in which the hackers worked. They soon began to collect pictures and footage of Cozy Bear members, which they then compared with photos of “known Russian spies”, according to De Volkskrant.

The paper said that the AIVD team continued to monitor Cozy Bear’s activities until at least 2017, while sharing intelligence with the Central Intelligence Agency and the National Security Agency in the US. The intelligence was allegedly instrumental in alerting US spy agencies about Russian government-sponsored efforts to meddle in the 2016 presidential election. Several newspapers, including The Washington Post in the US and The Independent in Britain, contacted the AIVD and the MIVD —Holland’s military intelligence agency— over the weekend. But the two agencies said they would not comment on reports concerning Cozy Bear.

Author: Joseph Fitsanakis | Date: 29 January 2018 | Research credit: E.J. & E.K. | Permalink

Dutch crime investigator charged with spying for organized criminals

AIVD HollandA 28-year-old criminal investigator of the Dutch National Crime Squad was arrested by Dutch police on September 29 over allegations of corruption, neglect of duty, and money laundering. The man, named as Mark M., applied for a job at the Dutch police in 2009. According to an online résumé, M. dropped out of professional college in journalism after several years of being self-employed as a freelance reporter covering crime issues.

According to Dutch media, M. did not pass the security screening carried out by the General Intelligence and Security Service (AIVD) as part of the job application. But he was hired nonetheless as trainee in a less sensitive position that is not subject to security screening by the AIVD. The reported reason for M.’s failure to pass the screening process is that he is married to a Ukrainian woman. The AIVD has no intelligence-sharing relationship with its Ukrainian counterpart agency concerning security screenings.

M. is reported to have access to the files “of all large national criminal investigations”, and allegedly sold information on a large scale to drug organizations and criminal biker gangs. He is reported to have close ties with leaders of the biker gangs Satudarah and No Surrender.

Newspaper NRC Handelsblad, which first reported about M., states that the screening involved an investigation into M.’s social environment and personal finances. Television news service RTL Nieuws, which was the first to publicly name the man, reports that M. stood out for his luxurious lifestyle: driving a Porsche Cayenne, frequenting Curaçao and the Dominican Republic for holidays, and wearing expensive watches. During a search of his residence, the police found €235.000 ($266,266), as well as confidential police information that M. allegedly intended to sell.

The police is investigating the extent of the damage caused by M., as well as the precise investigations that he may have compromised. The question of why M. was hired despite not having passed the security screening is part of the investigation. It is, so far, believed that M. acted alone.

Addendum, Nov. 4, 2015: Pending a security clearance from the AIVD, M. was granted access to BlueView, a confidential police data search engine. When the AIVD refused to issue a security clearance, M. was transferred to the traffic department, but superiors failed to revoke his access to BlueView. In 2007, BlueView contained 55 million documents containing data about suspects, transcripts of interrogations and police reports. M.’s authorization level included access to information from the Criminal Intelligence Unit (CIE), that works with informants. M. was able to access BlueView for close to four years.

Author: Matthijs Koot | Date: 20 October 2015 | Permalink

Analysis: New Dutch spy bill proposes changes in approval, oversight

AIVD HollandOn July 2, 2015, the Dutch government released for public consultation a long-awaited bill that overhauls the Dutch Intelligence and Security Act of 2002. Known also as Wiv2002, the Act is the legal framework for the operations of the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). The bill is a complete rewrite of the present law, and includes expansions of power, as well as changes to the approval regime and oversight. The below provides a brief overview focused on the interception and hacking powers.

The services’ special powers, such as interception and hacking, can only be used for a subset of their legal tasks. That subset includes national security,
foreign intelligence and military intelligence. The government annually determines the intelligence needs of itself and other intelligence consumers; the outcome is used to focus and prioritize strategic and operational plans and activities.

The services have and hold a specific interception power, i.e., interception of communication of a specified person, organization and/or technical characteristic (e.g. IMEI, phone number, IP address, email address). This requires approval from the minister in charge. The services also have and hold a non-specific interception power —i.e., ‘bulk’ interception— but the bill expands that power from ether-only to “any form of telecommunications or data transfer”, thus including cable networks. Furthermore, the bill no longer limits the non-specific power to communication that has a foreign source and/or foreign destination, meaning that domestic communication is in scope. Like the specific power, the non-specific power requires approval from the minister in charge. The services can retain raw bulk intercepts not just for one year, as is presently the case, but for three years. Encrypted raw intercepts can be stored indefinitely, as is presently the case; the three year retention period is triggered when bulk-intercepted encrypted data is decrypted.

Certain categories of “providers of communication services” will be required, in consultation with the services, to provide access to their networks, if so requested by the services on the basis of approval from the minister. Those categories will be determined by governmental decree. The term “provider of a communication service” is derived from the term “service provider” in the Budapest Convention on Cybercrime of 2001, and is defined so as to include public telecommunication networks, non-public telecommunications networks, hosting providers and website operators. The services have and hold the right to, under certain conditions and after approval from the Minister, compel “anyone” to decrypt data or hand over keys. The approval request for that must include an indication of the conversations, telecommunications or data transfers that are targeted.

Read more of this post

News you may have missed #747

Israeli athletes at the 1972 Munich OlympicsBy TIMOTHY W. COLEMAN | intelNews.org |
►►Dutch media reportedly spied on China. Dutch media participated in a clandestine intelligence collection effort on behalf of the Netherlands General Intelligence and Security Service (AIVD) during the 2008 Summer Olympic Games in Beijing. According to Dutch sources, at least seven reporters attending the Olympics were coaxed into, and were paid for, collecting information and taking photos of targeted Chinese officials interested in speaking with Dutch company and industry representatives. The AIVD did not comment on the allegations but did remark that Dutch law allows them to contact anyone who could provide or has access to intelligence.
►►Nicaragua arrests Colombian national for espionage. According to the Spanish-language weekly newspaper Semana, General Julio Cesar Aviles, the head of Nicaragua’s Army, announced the arrest of Colombian national Luis Felipe Rios, for seeking to “obtain Nicaraguan state documents about defense and national security”. The 34-year old Rios was apparently captured in Managua on Tuesday after having been under the surveillance of Nicaraguan counterintelligence officials for over a year. Rios was in Nicaragua under the guise of being a Spanish national working for a media outlet. The lead prosecutor in Nicaragua, Armando Juarez, claimed that there was “sufficient proof” to prosecute Rios. Colombian officials, including President Juan Manuel Santos, have stated they are investigating the matter.
►►Neo-Nazi linked to 1972 Munich Olympic terrorists. Recently released files by Germany’s security service, the Federal Office for the Protection of the Constitution (BfV), links neo-Nazi Willi Pohl to forged passports provided to Black September terrorists who perpetrated the 1972 attack at the Munich Olympics. The attack resulted in the deaths of 11 Israeli athletes. According to German magazine Der Spiegel, over 2,000 documents were released in which the BfV asserts that Pohl assisted and even chauffeured one Black September member around Germany in the weeks leading up to the attack. German police arrested Pohl in 1972 for “unauthorized possession of firearms” and sentenced him to two years’ incarceration for possessing grenades and weapons. He was released only a few days after his conviction and he fled the country, ending up in Lebanon.

Turkey expelled Dutch spy posing as diplomat, says newspaper

AIVD headquarters in AmsterdamBy JOSEPH FITSANAKIS | intelNews.org |
The government of Turkey secretly deported a Dutch intelligence officer posing as a diplomat, according to a leading Dutch newspaper. According to Amsterdam-based De Volkskrant, the unnamed Dutch spy held a diplomatic post at the embassy of the Netherlands in Turkish capital Ankara. In reality, however, he was an intelligence officer in the General Intelligence and Security Service (AIVD), Holland’s domestic intelligence agency. He was quietly expelled last year, says the paper, and is currently serving at another Dutch embassy in the Middle East. De Volkskrant notes that the reason why the Turkish government decided to expel the AIVD officer remains unclear. The paper quotes one unnamed member of the Dutch Ministry of Foreign Affairs who, when questioned about the expulsion, said simply: “sorry but that’s a no go zone […]; I love my career and my family”. However, the article hints that the intelligence spat may have been sparked by differences between Ankara and Amsterdam over Turkey’s Kurdish minority and its nationalist organizations, including the Kurdistan Workers Party (PKK). Founded in the 1970s, the PKK leads Kurdish secessionist aspirations for a Kurdish homeland incorporating parts of Turkey’s far-eastern Anatolia region, as well as parts of Iraq and Syria. According to De Volkskrant, in 2006 the AIVD stationed for the first time a liaison officer at the Dutch embassy in Ankara, whose mission was to collaborate with Turkey’s MİT intelligence service in collecting intelligence on Kurdish secessionist groups. However, the collaboration appears to have turned sour after Turkey accused the Dutch government of allowing many Kurdish activists, which it accuses of inciting terrorism, to claim political asylum in Holland. Moreover, Ankara has accused Dutch authorities of turning a blind eye to PKK recruiting and fundraising operations in Holland, organized by the sizeable Kurdish expatriate community in the country. Read more of this post

News you may have missed #337

  • Another Iranian nuclear researcher reportedly defects. An academic linked with Iran’s nuclear program has defected to Israel, according to Ayoub Kara, Israel’s deputy minister for development in the Negev and Galilee. Kara said it “is too soon to provide further details”, adding that the defector is “now in a friendly country”.
  • Dutch spies to become more active abroad. The Dutch secret service, the AIVD, has announced a shift in strategy, deployed increasingly more officers abroad: “in Yemen, Somalia, and the mountains between Afghanistan and Pakistan”.
  • Why did the CIA destroy waterboarding evidence? It has been established that Porter J. Goss, the former director of the CIA, in 2005 approved the destruction of dozens of videotapes documenting the brutal interrogation of two terrorism detainees. But why did he do it? Former CIA officer Robert Baer examines the question.

Bookmark and Share