Chinese cybersecurity firm accuses CIA of 11-year cyberespionage campaign

CIA headquartersA leading Chinese cybersecurity firm has accused the United States Central Intelligence Agency of using sophisticated malicious software to hack into computers belonging to the Chinese government and private sector for over a decade.

The accusation against the CIA comes from Qihoo 360, a prominent cybersecurity firm headquartered in Beijing. On Monday, company published a report of its investigation on its website, written in both Chinese and English. The report identifies the hackers as “the CIA Hacking Group (APT-C-39)”, and says that the group has carried out activities against “China’s critical industries” for at least 11 years.

The report claims that APT-C-39 targets included China’s energy and civilian aviation sectors, Internet service providers, scientific research universities and organizations, and various government agencies —which it does not name. The majority of the hacker group’s targets were located in Beijing, and also in China’s Zhejiang and Guangdong provinces.

According to Qihoo 360, APT-C-39 must be a “state-level hacking organization”, judging by the hacking tools that it used. These tools, such malware named by forensics experts as Grasshopper and Fluxwire, are believed to have been designed by the CIA. They were leaked in 2017 by the international whistleblower website WikiLeaks. American authorities have charged a former CIA programmer, Joshua Schulte, with leaking the malware. Schulte denies the charges.

The Qihoo 360 report also claims that the hours during which APT-C-39 hackers appear to be active correspond to the working hours of the East Coast of the United States. It also suggests that one goal behind the hacking operations against airline industry targets was to access the travel itineraries of senior figures in China’s political and industrial circles.

Author: Ian Allen | Date: 04 March 2020 | Permalink

Swiss government files criminal complaint over Crypto AG scandal involving CIA

Crypto AGSwitzerland’s Federal Department of Finance has filed a criminal complaint “against persons unknown” over media reports that a leading Swiss-based cryptological equipment manufacturer was secretly owned by the United States Central Intelligence Agency (CIA).

The complaint relates to Crypto AG, the world’s leading manufacturer of cryptologic equipment during the Cold War, whose clients included over 120 governments around the world. Last month, The Washington Post and the German public broadcaster ZDF appeared to confirm reports that had been circulating since the early 1980s, that Crypto AG was a front for American intelligence. According to the revelations, the CIA and West Germany’s Federal Intelligence Service (BND) secretly purchased the Swiss company in the 1950s and paid off most of its senior executives in order to buy their silence. The secret deal, dubbed Operation RUBICON, allegedly allowed the US and West Germany to spy on the classified government communications of several of their adversaries —and even allies, including Austria, Italy, Spain, Greece, Jordan, Saudi Arabia and the United Arab Emirates.

The revelation about the secret deal has shocked Swiss public opinion and embarrassed the government of a nation that bases its national identity and international reputation on the concept of neutrality. For this reason, the Swiss Federal Department of Finance has filed a criminal complaint about the case. The complaint was announced by the Office of the Swiss Attorney General on Monday, following reports in the Swiss media. It said that it received a criminal complaint by the State Secretariat for Economic Affairs (SECO), which is the part of the Finance Department that authorizes exports of sensitive software or hardware. SECO officials argue that they were deceived into authorizing the export of Crypto AG’s products without realizing they had been compromised by the company’s secret agreement with the CIA and the BND. Accordingly, the secret agreement violates Swiss federal law governing the regulation of exports, SECO officials claim.

The Office of the Attorney General said it would review the criminal complaint and decide whether it warrants criminal proceedings. Meanwhile, a probe into the alleged Crypto AG-CIA-BND conspiracy, which was launched by the Swiss government last month, is already underway, and is expected to conclude in June. The Swiss Federal Assembly (the country’s parliament) is also expected to launch its own investigation into the alleged affair.

Author: Joseph Fitsanakis | Date: 03 March 2020 | Permalink

Swiss neutrality ‘shattered’ as leading cryptologic firm revealed to be CIA front

Crypto AGSwitzerland is reeling from the shock caused by revelations last week that Crypto AG, the world’s leading manufacturer or cryptologic equipment during the Cold War, whose clients included over 120 governments around the world, was a front company owned by the United States Central Intelligence Agency.

The revelation, published last Tuesday by The Washington Post and the German public broadcaster ZDF, confirmed rumors that had been circulating since the early 1980s, that Crypto AG had made a secret deal with the US government. It was believed that the Swiss-based company had allowed the US National Security Agency to read the classified messages of dozens of nations that purchased Crypto AG’s encoding equipment. These rumors were further-substantiated in 2015, when a BBC investigation unearthed evidence of a “gentleman’s agreement”, dating to 1955, between a leading NSA official and Boris Hagelin, the Norwegian-born founder and owner of Crypto AG.

But the reality of this alleged secret pact appears to have been even more controversial. According to last week’s revelations, the CIA and West Germany’s Federal Intelligence Service (BND) secretly purchased the Swiss company and paid off most of its senior executives in order to buy their silence. The secret deal allegedly allowed the US and West Germany to spy on the classified government communications of several of their adversaries —and even allies, including Italy, Spain and Greece, as well as Austria, Jordan, Saudi Arabia and the United Arab Emirates.

What is more, the secret CIA/BND partnership with Crypto AG was known to senior British and Israeli officials, and information derived from it was routinely shared with them. Government officials in Switzerland and even Sweden were aware that Crypto AG had been compromised, but remained silent.

American and German authorities have not commented on the revelations. But the story has monopolized Swiss media headlines for several days. Some news outlets have opined that the traditional Swiss concept of political neutrality has been “shattered”. Meanwhile, a Swiss federal judge has opened an investigation into the revelations, as the Swiss parliament is preparing to launch an official inquiry. Switzerland’s Prime Minister, Simonetta Sommaruga, said on Sunday that the government would discuss the issue “when we have the facts”.

Author: Joseph Fitsanakis | Date: 17 February 2020 | Permalink

Saudi king hosts CIA director a day after US charges two Saudis with espionage

Gina HaspelA day after the United States Department of Justice charged two Saudi citizens with engaging in espionage on American soil, Saudi officials hosted the director of the Central Intelligence Agency in Riyadh, reportedly to discuss “the longstanding Saudi-US partnership”.

According to the Federal Bureau of Investigation, two Saudi men, both employees of the US-based company Twitter, were instructed by a member of the Saudi royal family to surrender the personal information of at least 6,000 Twitter users who posted criticism of the Saudi government on social media. As intelNews reported on Thursday, one of the men is under arrest, while the other managed to evade US authorities and is thought to be sheltered by the Saudi government.

It is believed that the member of the Saudi royal family who instructed the two men to carry out espionage was no other than Mohammed bin Salman, the oil kingdom’s crown prince. Wednesday’s developments marked the first time that US authorities have publicly filed espionage charges against Saudi nationals in America.

A day after the charges were filed in the US state of California, Gina Haspel, the director of the Central Intelligence Agency, was reportedly hosted by Saudi Arabia’s king Salman in Riyadh. In addition to Salman and Haspel, the meeting was attended by several senior Saudi officials, including Khalid al-Humaidan, who directs the kingdom’s General Intelligence Directorate. Saudi Arabia’s foreign minister, Prince Faisal bin Farhan, was also present at the meeting.

A tweet by the Saudi Arabian embassy in Washington said that the meeting between Haspel and the Saudi officials revolved around “the longstanding Saudi-US partnership”. It also said that participants discussed “a number of regional and international developments”, but gave no further information. The state-owned Saudi Press Agency said simply that the meeting focused on “a number of topics of mutual interest”, but did not elaborate.

Author: Joseph Fitsanakis | Date: 08 November 2019 | Permalink

Former CIA officer connected with abduction of Muslim cleric flees Europe

Sabrina De SousaA former officer in the United States Central Intelligence Agency, who was convicted of involvement in the 2003 abduction of a Muslim cleric in Italy, says she fled Europe for the United States in fear of her safety. Sabrina De Sousa, 63, was a diplomat at the US consulate in Milan, Italy, when a CIA team abducted Hassan Mustafa Osama Nasr from a Milan street in broad daylight. Nasr, who goes by the nickname Abu Omar, is a former member of Egyptian militant group al-Gama’a al-Islamiyya, and was believed by the CIA to have links to al-Qaeda. Soon after his abduction, Nasr was renditioned to Egypt, where he says he was brutally tortured and raped, and held illegally for years before being released without charge.

Upon Nasr’s release from prison, Italian authorities prosecuted the CIA team that abducted him —apparently without Italy’s permission or consent. They were able to trace the American operatives through a substantial trail of evidence they left behind, including telephone records and bill invoices in luxury hotels in Milan and elsewhere. In 2009, De Sousa was among 22 CIA officers convicted in absentia in an Italian court for their alleged involvement in Nasr’s abduction. The US government has refused to extradite the 22 officers to Italy to serve prison sentences. However, those convicted are now classified as international fugitives and risk arrest by Interpol and other law enforcement agencies, upon exiting US territory.

De Sousa was arrested in Lisbon, Portugal, in 2015. Portuguese authorities threatened to extradite her to Italy, but in 2017 the Italian government partially commuted her sentence to house arrest and reduced it from seven to four years. There were reports at the time that Italy had bowed to diplomatic pressure from Washington. On Monday, however, Italian newspaper Il Corriere della Sera said that De Sousa had fled Europe and returned to the US in fear for her personal safety. The former CIA officer told the paper that she decided to return to the US after senior American officials, including CIA Director Gina Haspel and Secretary of State Mike Pompeo, visited Italy earlier this month. Pompeo traveled to Rome for an official visit on October 1, while Haspel met with senior Italian intelligence officials on October 9.

De Sousa told Il Corriere della Sera that Haspel’s visit to Italy “verified for the Italian government that the American administration had washed its hands of my situation”. For this reason, and “terrified of the consequences that I could face” in Italy, “I decided to leave”, said De Sousa. She did not elaborate on the precise connection between her partially commuted sentence and Pompeo and Haspel’s visit to Italy. She added that recent changes to the US Whistleblower Act made it possible for her to openly discuss further details on her case, but did not elaborate. Her Italian lawyer, Andrea Saccucci, spoke to the Reuters news agency and confirmed that his client had left Europe for the US.

Author: Joseph Fitsanakis | Date: 30 October 2019 | Permalink

White House whistleblower is a CIA officer, report claims

Donald TrumpThe individual who filed a report claiming that United States President Donald Trump sought help from a foreign country to win the 2020 election is believed to be a male employee of the Central Intelligence Agency. The man, who is legally classified as a whistleblower, filed the report on August 12. It was released for publication on Thursday and is now available [.pdf] online. It claims that Trump tried to “solicit interference from a foreign country” in the 2020 US presidential election. The basis of this claim refers to a telephone exchange between the US president and his Ukrainian counterpart, Volodymyr Zelensky, which took place on July 25.

The whistleblower’s report states that Trump asked Zelensky to investigate the business dealings of Democratic presidential hopeful Joe Biden and his son Hunter Biden in Ukraine. The implication of the whistleblower’s allegation is that Trump sought to subvert the election effort of one of his main rivals for the US presidency. The whistleblower report, along with transcripts and memoranda that describe the July 25 telephone conversation between the two heads of state, form the basis of an impeachment inquiry that has been launched by Trump’s political rivals in Congress.

On Thursday, The New York Times cited what it said were three people who knew the identity of the whistleblower. The paper said that the whistleblower is a male employee of the CIA. In the past, the man had been assigned to work in the White House, said The Times. The secondment of CIA personnel to the White House is a regular occurrence. CIA personnel are temporarily assigned to perform duties relating to National Security Council meetings, or manage the White House Situation Room. They also monitor and help manage the White House secure communications system. The paper said that the CIA officer’s White House secondment had ended and that he had returned to the CIA headquarters by the time the July 25 telephone call between Trump and Zelensky took place. In his report [.pdf], the whistleblower states that he was “not a direct witness to most of the events described”. However, he cites accounts of these events by “multiple officials” who shared the information with him “in the course of official interagency business”.

Some have criticized The Times for leaking information about the whistleblower’s place of employment and past assignments. They argue that the information could allow the White House to identify the source of the complaint. By law, whistleblowers in the US have the right to remain anonymous, and thus be protected from possible retaliation from those whom they accuse of abusing their power. But the paper claims that the American public has a right to information about the whistleblower’s “place in government”, so as to assess his credibility and evaluate the significance of his allegations.

Author: Joseph Fitsanakis | Date: 27 September 2019 | Permalink

CIA denies Trump’s mishandling led to alleged exfiltration of senior Russian asset

Trump CIA - JFThe United States Central Intelligence Agency has questioned the accuracy of a media report, which claimed that “repeated mishandling” of intelligence by President Donald Trump resulted in the exfiltration of a high-level source from Russia. According to the American news network CNN, the CIA carried out the exfiltration operation in 2017. Despite the success of the operation, the removal of the asset has left the US without this high-level source at a time when it is most needed, said CNN. The network cited “a person directly involved in the discussions” to exfiltrate the asset, but said it was withholding key details about the case in order to “reduce the risk of the person’s identification”.

According to CNN, the CIA asset was so highly placed inside the Kremlin that the US had “no equal alternative” inside the Russian government. The asset was in a position to provide “both insight and information” on Russia’s secretive President, Vladimir Putin. But by 2016, the sheer length of the asset’s cooperation with the CIA had caused some intelligence officials at Langley to consider exfiltrating him from Russia. Typically agents-in-place have short careers; they are either captured by their adversaries or are exfiltrated once their handlers start to believe that they are burned out or that their life may be in danger. But exfiltration operations in so-called “denied areas” —regions or countries with formidable counterintelligence resources that make it difficult for the CIA to operate there— are rare.

The CNN report claims that the decision to exfiltrate the high-level source was taken after a May 2017 meeting between Trump and Putin, with the participation of senior American and Russian officials. The latter included Foreign Minister Sergei Lavrov and then-Ambassador to Washington Sergey Kislyak. Citing an American “former senior intelligence official”, CNN alleges that Trump “repeatedly mishandled classified intelligence” at that meeting, which could have led to the exposure of the CIA’s asset. At that time, the CIA decided that it was time to exfiltrate the asset and proceeded to do so successfully.

But the CIA disputed the accuracy of CNN’s story. The agency’s Director of Public Affairs, Brittany Bramell, dismissed what she called “CNN’s narrative” as “inaccurate”. She added that the agency’s judgements about exfiltrations of agents are “life-or-death decisions” that are based solely on “objective analysis and sound collection”, not on “misguided speculation that the President [mishandled] our nation’s most sensitive intelligence —which he has access to each and every day”. CNN said on Monday that Trump and “a small number of senior officials” were told about the exfiltration in advance. The news network also said that it was not privy to details about the extraction operation or about the current whereabouts of the exfiltrated asset.

Author: Joseph Fitsanakis | Date: 10 September 2019 | Permalink