Analysis: HUMINT insights from the Muller/Cherkasov case

AIVD HollandAT A TIME WHEN dozens of countries are routinely expelling record numbers of Russian intelligence officers, news of the unmasking of yet another Russian spy is barely newsworthy. However, the case of Sergey Cherkasov/Victor Muller is different. That is because, unlike the vast majority of Russian spies with blown covers, he did not operate under diplomatic protection. This is not necessarily uncommon —in fact, there are probably dozens of Russian case officers operating internationally without diplomatic cover. What is unusual is that one of them has been publicly unmasked. What is more, the case offers some interesting pointers for those interested in contemporary human intelligence (HUMINT).

The Facts

According to the Netherlands General Intelligence and Security Service (AIVD), which publicized the case last week, a man using a Brazilian passport attempted to enter Holland in April of this year. His passport had been issued under the name Victor Muller Ferreira, allegedly born to an Irish father and a Spanish-speaking mother in Niteroi (near Rio de Janeiro) on April 4, 1989. However, according to the AIVD, the man’s real name is Sergey Vladimirovich Cherkasov, a citizen of Russia, who was born on September 11, 1985. Based on the information released by Dutch intelligence, Cherkasov is an intelligence officer of the Main Directorate of the Russian Armed Forces’ General Staff, which is commonly known as the GRU.

The AIVD claims that the reason for Cherkasov’s visit to the Netherlands was to join the International Criminal Court (ICC) in The Hague, as a paid intern. He eventually planned to transition into full-time employment in the ICC, where he “would be highly valuable to the Russian intelligence services”. The AIVD reportedly notified the Dutch Immigration and Naturalization Service, which detained Cherkasov upon his arrival at Amsterdam’s Airport Schiphol. The Dutch government declared the alleged GRU officer persona non grata and promptly expelled him back to Brazil “on the first flight out”.

Cherkasov’s Cover and Legend

Cherkasov arrived in Holland with a cover, a term that refers to a fake operational identity used for purposes of espionage. It is unlikely that his cover was natural, meaning that he is probably not Brazilian by birth —though it is possible that at least one of his parents was/is not Russian by birth. What is more likely is that Cherkasov’s cover is contractual, meaning that it was crafted especially for him by the GRU after he was hired as an intelligence officer. This likely happened as many as 10 years ago, when Cherkasov was in his early 20s. Read more of this post

Dutch intelligence disrupts Russian effort to infiltrate International Criminal Court

International Criminal CourtON JUNE 16, THE Dutch General Intelligence and Security Service (AIVD) announced that it prevented a Russian military intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The ICC is of interest to the GRU because it investigates possible war crimes committed by Russia in the Russo-Georgian War of 2008 and more recently in Ukraine.

The GRU officer reportedly traveled from Brazil to Schiphol Airport in Amsterdam in April 2022, using a Brazilian cover identity, making him a so-called “illegal”. This means the intelligence operative was not formally associated with a Russian diplomatic facility. He allegedly planned to start an internship with the ICC, which would have given him access to the ICC’s building and systems. This could have enabled the GRU to collect intelligence, spot and recruit sources, and possibly influence criminal proceedings inside the ICC.

On his arrival at Schiphol, the AIVD informed the Dutch Immigration and Naturalization Service (IND), after which the officer was refused entry to the Netherlands and put on the first plane back to Brazil as persona non grata. The AIVD assessed the officer as a “potentially very serious” threat to both national security and the security of the ICC and Holland’s international allies, due to his access to the organization.

In a first-ever for the AIVD, the agency also released the contents of a partially redacted 4-page document that describes the “extensive and complex” cover identity of the officer. It was originally written in Portuguese, “probably created around mid-2010” and “likely written” by the officer himself. According to the AIVD, the information provides valuable insight into his modus operandi. The cover identity hid any and all links between him and Russia. According to the AIVD, the construction of this kind of cover identity “generally takes years to complete”.

In the note accompanying the document, the AIVD says that Russian intelligence services “spend years” on the construction of cover identities for illegals, using “information on how other countries register and store personal data”. Alternatively, they illegally procure or forge identity documents. Information in the cover identity “can therefore be traceable to one or more actual persons, living or dead” as well as to forged identities of individuals “who only exist on paper or in registries of local authorities”.

AuthorMatthijs Koot | Date: 17 June 2022 | Permalink

Dutch intelligence service warns public about online recruitment by foreign spies

AIVD HollandLAST WEEK, THE DUTCH General Intelligence and Security Service (AIVD) launched an awareness campaign dubbed ‘Check before connecting’. The purpose of the campaign is to inform the Dutch public about risks of foreign actors using fake accounts on social media, in efforts to acquire sensitive business information. According to the AIVD, such online campaigns frequently target and recruit employees of Dutch private sector companies. The awareness campaign is carried out via Twitter, Instagram and LinkedIn. It is aimed at raising awareness in society at-large. The AIVD will publish a number of fictitious practical examples over time, in order to educate the public.

AIVD director-general Erik Akerboom told Dutch newspaper Het Financieele Dagblad that Dutch and other Western secret services have been surprised by the sheer number of cases in which private sector employees disclosed sensitive information, after being blackmailed or enticed with money to share information. After foreign intelligence operatives make initial contact with their target via LinkedIn, the relationship quickly turns more “personal”, according to Akerboom. The new contact acts flatteringly about the unsuspecting target’s knowledge and competence. “You are asked to translate something. This can be followed by a physical meeting”, he says.

Potential targets are “ranked” by their position in an organization, position in a business network, and level of access to sensitive information. “The rankings determine which persons are prioritized for recruitment attempts”, according to Akerboom. This sometimes involves the creation of fake human resource recruitment agencies, as British, Australian and American intelligence agencies have warned about in the past.

While not a new phenomenon, the scope and effectiveness of foreign infiltration attempts have now reached a scale that has prompted the AIVD to warn the public. China and Russia have made attempts to acquire advanced technology in Western countries, including the Netherlands, via corporate takeovers, digital espionage, and human intelligence operations. Last year, the Netherlands expelled two Russian spies who successfully recruited employees at a number of Dutch high-tech companies. One of the Russians created fake profiles posing as a scientist, consultant and recruiter. The AIVD did not disclose the names of these companies. Read more of this post

Hacker behind attack on popular booking site has ties to US intelligence, paper claims

Booking.comA HACKER WHO TARGETED a major Dutch-based reservations website has ties to intelligence agencies in the United States, according to a new report. The claim was made on Wednesday by three Dutch investigative journalists, Merry Rengers, Stijn Bronzwaer and Joris Kooiman. In a lengthy report published in NRC Handelsblad, Holland’s newspaper of record, the three journalists allege that the attack occurred in 2016. Its target was Booking.com, a popular flight and hotel reservations website, which is jointly owned by Dutch and American venture firms.

The authors argue that the interest Booking.com poses for security services is “no surprise”. The website’s data includes valuable information about “who is  staying where and when, where diplomats are, who is traveling to suspicious countries or regions, where top executives book an outing with their secretary —all valuable information for [the world’s intelligence] services”.

According to the report, the hacker was able to penetrate an insufficiently secured server belonging to Booking.com, and gain access to the accounts of customers, by stealing their personal identification numbers, or PINs. Accordingly, the hacker stole “details of hotel [and flight] reservations” of thousands of Booking.com customers in the Middle East. The report claims that targeted customers included Middle East-based foreign diplomats, government officials and other “persons of interest” to American intelligence.’’

After detecting the breach, Booking.com allegedly conducted an internal probe, which verified that the hacker —nicknamed “Andrew”— had “connections to United States spy agencies”, according to the report. The company then sought the assistance of the Dutch General Intelligence and Security Service (AIVD). At the same time, however, Booking.com consulted with a British-based law firm, which advised it that it was not obligated to make news of the hacker attack public. It therefore chose not to publicize the incident, according to the NRC article.

Author: Joseph Fitsanakis | Date: 12 November 2021 | Permalink

Russian actors had access to Dutch police computer network during MH17 probe

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

Holland expels two Russian diplomats, summons Kremlin envoy to issue protest

AIVD HollandOn 10 December 2020, the Dutch Minister of the Interior and Kingdom Relations, Kajsa Ollongren, sent a letter to the House of Representatives to inform them about the disruption of a Russian espionage operation in the Netherlands by the Dutch General Intelligence and Security Service (AIVD).

In connection with Ollongren’s revelations, two Russians using a diplomatic cover to commit espionage on behalf of the Russian Foreign Intelligence Service (SVR) were expelled from the Netherlands. The Russian ambassador to the Netherlands was summoned by the Dutch ministry of Foreign Affairs, which informed him that the two Russians have been designated as persona non grata (unwanted persons). In an unusual move, the AIVD also issued a press statement about this incident in English. The AIVD also released surveillance footage (see 32nd minute of video) of one of the two Russian SVR officers meeting an asset at a park and exchanging material.

The two expelled persons were officially accredited as diplomats at the Russian embassy in The Hague. Minister Ollongren says one of the two SVR intelligence officers built a “substantial” network of sources working in the Dutch high-tech sector. He pursued unspecified information about artificial intelligence, semiconductors, and nano technology that has both civilian and military applications. The Netherlands has designated “High Tech Systems and Materials” (HTSM) as one of 10 “Top Sectors” for the Dutch economy.

In some cases the sources of the SVR officers received payments for their cooperation. According to Erik Akerboom, Director-General of the AIVD, said the agency had detected “relatively intensive” contact between sources and the SVR officers in ten cases. The case involves multiple companies and one educational institute, whose identities have not been revealed. The minister states in her letter that the espionage operation “has very likely caused damage to the organizations where the sources are or were active, and thereby to the Dutch economy and national security”.

The minister announced that the Immigration and Naturalization Service (IND) will take legal action against one source of the two Russians, on the basis of immigration law. The minister also announced that the government will look into possibilities to criminalize the act of cooperating with a foreign intelligence service. Currently, that act on and by itself is not a punishable offense. Under current Dutch and European law, legal possibilities do exist to prosecute persons for violation of confidentiality of official secrets or company secrets.

This newly revealed espionage operation follows other incidents in the Netherlands, including a GRU operation in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in The Hague, and a case in 2015 involving a talented Russian physicist working on quantum optics at the Eindhoven University of Technology. In the latter case, no information was made public about what information the physicist sold to Russian intelligence services. And in 2012, a senior official of the Dutch Ministry of Foreign Affairs was arrested for intending to sell classified official information to a Russian couple in Germany who spied for Russia. He was eventually given an eight year prison sentence.

Author: Matthijs Koot | Date: 14 December 2020 | Permalink

Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

AIVD HollandAn Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink

ISIS using Turkey as strategic base to reorganize, Dutch intelligence report says

Turkey ISISIslamic State cells are using Turkey as a strategic base in which to recuperate, rebuild, and plan an underground war in Europe, according to a new report by Dutch intelligence. This assessment is featured in a report published on Monday by Holland’s General Intelligence and Security Service, known as AIVD. The document, which is available in the Dutch language on the website of the AIVD, is entitled The Legacy of Syria: Global Jihadism Remains a Threat to Europe.

The 22-page report argues that the government of Turkey does not see Sunni Islamist groups, such as al-Qaeda and the Islamic State (also known as the Islamic State of Iraq and Syria, or ISIS), as a pressing national security threat. Instead, Turkish security services are far more concerned with the ethnic Kurdish insurgents of the Kurdistan Workers’ Party (PKK) in Turkey and the People’s Protection Units (YPG) in Syria. Therefore, although Turkish authorities do sometimes take action to combat al-Qaeda and ISIS, “Turkish interests do not always correspond with European priorities on the field of counter-terrorism”, says the report. For that reason, Turkey served as a large transit center of tens of thousands of foreign fighters who poured into Syria to fight for Sunni Islamist groups during the height of the Syrian Civil War. At least 4,000 of those fighters are believed to be Turkish citizens, according to the AIVD report.

Today Turkey is home to tens of thousands of sympathizers of both al-Qaeda and ISIS —two organizations that maintain an active presence throughout the country— claims the report. The hands-off approach of the Turkish government is giving these groups “enough breathing space and freedom of movement” to operate relatively freely on Turkish soil. Additionally, al-Qaeda and ISIS members exploit the relative peace and stability of Turkey to forge plans to attack Western target, claims the AIVD report. It is from Turkey, it argues, that the Islamic State plans to shape and direct its pending underground war on the European continent.

Author: Joseph Fitsanakis | Date: 08 November 2018 | Permalink

Holland expels two Iranian diplomats, but stays silent on reasons

Iran embassy HagueHolland has expelled two Iranian diplomats without saying why, leading to speculation that the expulsions may be related to the arrests of members of an alleged Iranian sleeper cell in Belgium, Germany and France last week. On Friday, a spokesperson from Holland’s General Intelligence and Security Service (AIVD) told reporters that “two persons accredited to the Iranian embassy” in the Hague “were expelled from the Netherlands on June 7”. The spokesperson continued saying that, although the AIVD was able to confirm that the two unnamed persons had been expelled from the country, they would “not provide any further information”. When journalists contacted Holland’s Ministry of Foreign Affairs, they were told that there would be no comment on the matter from the Dutch government.

Late on Friday, the Reuters news agency cited an unnamed “European government official and a Western intelligence source” who said that the two Iranian embassy personnel were expelled from Holland “up to two months ago”. But Holland’s state-owned Dutch Broadcast Foundation (NOS) reported that the expulsions took place on June 7. No further information appears to be publicly available. However, assuming that the expulsions took place last week, and not two months ago, they appear to have coincided with the arrests of members of an alleged Iranian sleeper cell on June 30 and July 1. As intelNews reported last week, the arrests began on June 30, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria. On the same day, a fourth person, who has not been named, was arrested by authorities in France, reportedly in connection with the three other arrests.

All four individuals appear to have been charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a Marxist militant group that has roots in radical Islam and Marxism. Until a few years ago, the MEK was designated as a terrorist group by the European Union and the United States, but has since been reinstated in both Brussels and Washington. There is also speculation that last week’s expulsions in Holland may be related to the assassinations of dissident Iranian expatriates in Holland in 2015 and 2017, which have been blamed on the government in Tehran.

On Saturday, the Iranian Ministry of Foreign Affairs summoned the Dutch ambassador to protest against the expulsions of its diplomats, while a ministry spokesperson warned that “the Islamic Republic reserves the right to retaliate”. Reuters quoted an unnamed “senior Iranian official” who said that “all these arrests and expulsions are part of our enemies’ attempts to harm efforts to salvage the nuclear deal”, a reference to the Joint Comprehensive Plan of Action.

Author: Joseph Fitsanakis | Date: 09 July 2018 | Research credit: M.K. | Permalink

Dutch spies identified Russian hackers who meddled in 2016 US election

Cozy BearDutch spies identified a notorious Russian hacker group that compromised computer servers belonging to the Democratic Party of the United States and notified American authorities of the attack, according to reports. In 2016, US intelligence agencies determined that a Russian hacker group known as Cozy Bear, or APT29, led a concerted effort to interfere in the US presidential election. The effort, which according to US intelligence agencies was sponsored by the Russian government, involved cyber-attacks against computer systems in the White House and the Department of State, among other targets. It also involved the theft of thousands of emails from computer servers belonging to the Democratic National Committee, which is the governing body of the Democratic Party. The stolen emails were eventually leaked to WikiLeaks, DCLeaks, and other online outlets. Prior descriptions of the Russian hacking in the media have hinted that US intelligence agencies were notified of the Russian cyber-attacks by foreign spy agencies. But there was no mention of where the initial clues came from.

Last Thursday, the Dutch current affairs program Nieuwsuur, which airs daily on Holland’s NPO 2 television, said that the initial tipoff originated from the AIVD, Holland’s General Intelligence and Security Service. On the same day, the Dutch newspaper De Volkskrant published a detailed account of what it described as AIVD’s successful penetration of Cozy Bear. According to these reports, AIVD was able to penetrate Cozy Bear in mid-2014, before the hacker group intensified its campaign against political targets in the US. Citing “six American and Dutch sources who are familiar with the material, but wish to remain anonymous”, De Volkskrant said that the AIVD was able to detect the physical base of the Cozy Bear hackers. The latter appeared to be working out of an academic facility that was adjacent to Moscow’s Red Square. The AIVD team was then able to remotely take control of security camera networks located around the facility. Eventually, the Dutch team hacked into another security camera network located inside the buildings in which the hackers worked. They soon began to collect pictures and footage of Cozy Bear members, which they then compared with photos of “known Russian spies”, according to De Volkskrant.

The paper said that the AIVD team continued to monitor Cozy Bear’s activities until at least 2017, while sharing intelligence with the Central Intelligence Agency and the National Security Agency in the US. The intelligence was allegedly instrumental in alerting US spy agencies about Russian government-sponsored efforts to meddle in the 2016 presidential election. Several newspapers, including The Washington Post in the US and The Independent in Britain, contacted the AIVD and the MIVD —Holland’s military intelligence agency— over the weekend. But the two agencies said they would not comment on reports concerning Cozy Bear.

Author: Joseph Fitsanakis | Date: 29 January 2018 | Research credit: E.J. & E.K. | Permalink

Dutch crime investigator charged with spying for organized criminals

AIVD HollandA 28-year-old criminal investigator of the Dutch National Crime Squad was arrested by Dutch police on September 29 over allegations of corruption, neglect of duty, and money laundering. The man, named as Mark M., applied for a job at the Dutch police in 2009. According to an online résumé, M. dropped out of professional college in journalism after several years of being self-employed as a freelance reporter covering crime issues.

According to Dutch media, M. did not pass the security screening carried out by the General Intelligence and Security Service (AIVD) as part of the job application. But he was hired nonetheless as trainee in a less sensitive position that is not subject to security screening by the AIVD. The reported reason for M.’s failure to pass the screening process is that he is married to a Ukrainian woman. The AIVD has no intelligence-sharing relationship with its Ukrainian counterpart agency concerning security screenings.

M. is reported to have access to the files “of all large national criminal investigations”, and allegedly sold information on a large scale to drug organizations and criminal biker gangs. He is reported to have close ties with leaders of the biker gangs Satudarah and No Surrender.

Newspaper NRC Handelsblad, which first reported about M., states that the screening involved an investigation into M.’s social environment and personal finances. Television news service RTL Nieuws, which was the first to publicly name the man, reports that M. stood out for his luxurious lifestyle: driving a Porsche Cayenne, frequenting Curaçao and the Dominican Republic for holidays, and wearing expensive watches. During a search of his residence, the police found €235.000 ($266,266), as well as confidential police information that M. allegedly intended to sell.

The police is investigating the extent of the damage caused by M., as well as the precise investigations that he may have compromised. The question of why M. was hired despite not having passed the security screening is part of the investigation. It is, so far, believed that M. acted alone.

Addendum, Nov. 4, 2015: Pending a security clearance from the AIVD, M. was granted access to BlueView, a confidential police data search engine. When the AIVD refused to issue a security clearance, M. was transferred to the traffic department, but superiors failed to revoke his access to BlueView. In 2007, BlueView contained 55 million documents containing data about suspects, transcripts of interrogations and police reports. M.’s authorization level included access to information from the Criminal Intelligence Unit (CIE), that works with informants. M. was able to access BlueView for close to four years.

Author: Matthijs Koot | Date: 20 October 2015 | Permalink

Analysis: New Dutch spy bill proposes changes in approval, oversight

AIVD HollandOn July 2, 2015, the Dutch government released for public consultation a long-awaited bill that overhauls the Dutch Intelligence and Security Act of 2002. Known also as Wiv2002, the Act is the legal framework for the operations of the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). The bill is a complete rewrite of the present law, and includes expansions of power, as well as changes to the approval regime and oversight. The below provides a brief overview focused on the interception and hacking powers.

The services’ special powers, such as interception and hacking, can only be used for a subset of their legal tasks. That subset includes national security,
foreign intelligence and military intelligence. The government annually determines the intelligence needs of itself and other intelligence consumers; the outcome is used to focus and prioritize strategic and operational plans and activities.

The services have and hold a specific interception power, i.e., interception of communication of a specified person, organization and/or technical characteristic (e.g. IMEI, phone number, IP address, email address). This requires approval from the minister in charge. The services also have and hold a non-specific interception power —i.e., ‘bulk’ interception— but the bill expands that power from ether-only to “any form of telecommunications or data transfer”, thus including cable networks. Furthermore, the bill no longer limits the non-specific power to communication that has a foreign source and/or foreign destination, meaning that domestic communication is in scope. Like the specific power, the non-specific power requires approval from the minister in charge. The services can retain raw bulk intercepts not just for one year, as is presently the case, but for three years. Encrypted raw intercepts can be stored indefinitely, as is presently the case; the three year retention period is triggered when bulk-intercepted encrypted data is decrypted.

Certain categories of “providers of communication services” will be required, in consultation with the services, to provide access to their networks, if so requested by the services on the basis of approval from the minister. Those categories will be determined by governmental decree. The term “provider of a communication service” is derived from the term “service provider” in the Budapest Convention on Cybercrime of 2001, and is defined so as to include public telecommunication networks, non-public telecommunications networks, hosting providers and website operators. The services have and hold the right to, under certain conditions and after approval from the Minister, compel “anyone” to decrypt data or hand over keys. The approval request for that must include an indication of the conversations, telecommunications or data transfers that are targeted.

Read more of this post

News you may have missed #747

Israeli athletes at the 1972 Munich OlympicsBy TIMOTHY W. COLEMAN | intelNews.org |
►►Dutch media reportedly spied on China. Dutch media participated in a clandestine intelligence collection effort on behalf of the Netherlands General Intelligence and Security Service (AIVD) during the 2008 Summer Olympic Games in Beijing. According to Dutch sources, at least seven reporters attending the Olympics were coaxed into, and were paid for, collecting information and taking photos of targeted Chinese officials interested in speaking with Dutch company and industry representatives. The AIVD did not comment on the allegations but did remark that Dutch law allows them to contact anyone who could provide or has access to intelligence.
►►Nicaragua arrests Colombian national for espionage. According to the Spanish-language weekly newspaper Semana, General Julio Cesar Aviles, the head of Nicaragua’s Army, announced the arrest of Colombian national Luis Felipe Rios, for seeking to “obtain Nicaraguan state documents about defense and national security”. The 34-year old Rios was apparently captured in Managua on Tuesday after having been under the surveillance of Nicaraguan counterintelligence officials for over a year. Rios was in Nicaragua under the guise of being a Spanish national working for a media outlet. The lead prosecutor in Nicaragua, Armando Juarez, claimed that there was “sufficient proof” to prosecute Rios. Colombian officials, including President Juan Manuel Santos, have stated they are investigating the matter.
►►Neo-Nazi linked to 1972 Munich Olympic terrorists. Recently released files by Germany’s security service, the Federal Office for the Protection of the Constitution (BfV), links neo-Nazi Willi Pohl to forged passports provided to Black September terrorists who perpetrated the 1972 attack at the Munich Olympics. The attack resulted in the deaths of 11 Israeli athletes. According to German magazine Der Spiegel, over 2,000 documents were released in which the BfV asserts that Pohl assisted and even chauffeured one Black September member around Germany in the weeks leading up to the attack. German police arrested Pohl in 1972 for “unauthorized possession of firearms” and sentenced him to two years’ incarceration for possessing grenades and weapons. He was released only a few days after his conviction and he fled the country, ending up in Lebanon.

Turkey expelled Dutch spy posing as diplomat, says newspaper

AIVD headquarters in AmsterdamBy JOSEPH FITSANAKIS | intelNews.org |
The government of Turkey secretly deported a Dutch intelligence officer posing as a diplomat, according to a leading Dutch newspaper. According to Amsterdam-based De Volkskrant, the unnamed Dutch spy held a diplomatic post at the embassy of the Netherlands in Turkish capital Ankara. In reality, however, he was an intelligence officer in the General Intelligence and Security Service (AIVD), Holland’s domestic intelligence agency. He was quietly expelled last year, says the paper, and is currently serving at another Dutch embassy in the Middle East. De Volkskrant notes that the reason why the Turkish government decided to expel the AIVD officer remains unclear. The paper quotes one unnamed member of the Dutch Ministry of Foreign Affairs who, when questioned about the expulsion, said simply: “sorry but that’s a no go zone […]; I love my career and my family”. However, the article hints that the intelligence spat may have been sparked by differences between Ankara and Amsterdam over Turkey’s Kurdish minority and its nationalist organizations, including the Kurdistan Workers Party (PKK). Founded in the 1970s, the PKK leads Kurdish secessionist aspirations for a Kurdish homeland incorporating parts of Turkey’s far-eastern Anatolia region, as well as parts of Iraq and Syria. According to De Volkskrant, in 2006 the AIVD stationed for the first time a liaison officer at the Dutch embassy in Ankara, whose mission was to collaborate with Turkey’s MİT intelligence service in collecting intelligence on Kurdish secessionist groups. However, the collaboration appears to have turned sour after Turkey accused the Dutch government of allowing many Kurdish activists, which it accuses of inciting terrorism, to claim political asylum in Holland. Moreover, Ankara has accused Dutch authorities of turning a blind eye to PKK recruiting and fundraising operations in Holland, organized by the sizeable Kurdish expatriate community in the country. Read more of this post

News you may have missed #337

  • Another Iranian nuclear researcher reportedly defects. An academic linked with Iran’s nuclear program has defected to Israel, according to Ayoub Kara, Israel’s deputy minister for development in the Negev and Galilee. Kara said it “is too soon to provide further details”, adding that the defector is “now in a friendly country”.
  • Dutch spies to become more active abroad. The Dutch secret service, the AIVD, has announced a shift in strategy, deployed increasingly more officers abroad: “in Yemen, Somalia, and the mountains between Afghanistan and Pakistan”.
  • Why did the CIA destroy waterboarding evidence? It has been established that Porter J. Goss, the former director of the CIA, in 2005 approved the destruction of dozens of videotapes documenting the brutal interrogation of two terrorism detainees. But why did he do it? Former CIA officer Robert Baer examines the question.

Bookmark and Share

%d bloggers like this: