News you may have missed #585 [updated]

GCHQ

GCHQ

►►GCHQ recovers £300m worth of stolen information. Details stolen from more than a million credit cards across Europe, worth an estimated £300 million, have been recovered by Britain’s GCHQ signals intelligence spy agency, according to The Daily Telegraph.
►►Kuwait arrests alleged Iraqi spy. Kuwait security forces have arrested a man of Iraqi origin for alleged intelligence links with Iraq, a Kuwaiti daily said on Sunday. The man, who was arrested on Friday, and is referred to by the media as “Abu Ahmad”, was staying illegally in the country and allegedly provided Iraq with sensitive information about vital facilities in Kuwait. This is the third time in recent months that the government of Kuwait has pressed espionage charges against a spy suspect. [Update: Kuwait denies reports of spy’s arrest]
►►Hackers steal CIA and Mossad SSL certificates. The tally of digital certificates stolen from a Dutch company in July has exploded to more than 500, including ones for intelligence services like the CIA, the UK’s MI6, and Israel’s Mossad, a Mozilla developer said Sunday. According to some sources, the hackers were Iranian.

News you may have missed #566 (analysis edition)

Jeffrey Richelson

Jeffrey Richelson

►►Stuxnet virus opens new era of cyberwar. Well-argued article by quality German newsmagazine Der Spiegel on Stuxnet, the sophisticated computer virus that attacked the electronic infrastructure of Iran’s nuclear program last year. The article argues that, in terms of strategic significance, the virus, which is widely considered a creation of Israeli intelligence agency Mossad, is comparable to cracking Germany’s Enigma cipher machine by Polish and British cryptanalists during World War II.
►►The fallout from the Turkish Navy’s recent spy scandal. Recently, the Turkish High Criminal court indicted members of an alleged spy ring operating inside the Turkish Navy. According to the indictment, members of the ring stole more than 165,000 confidential documents and obtained dozens of surveillance records and classified military maps. Its biggest customers were allegedly the intelligence services of Israel, Greece and Russia.
►►New edition of classic intelligence handbook published. A new edition of Jeffrey Richelson’s encyclopedic work on Read more of this post

News you may have missed #564 (China/Taiwan edition)

China & Taiwan

China & Taiwan

►►Taiwan opposition party alleges Chinese hacking. Taiwan’s pro-independence Democratic Progressive Party (DPP) says it has been the target of a Chinese hacking campaign that since March has made daily incursions into its computers, complicating its preparations for presidential elections in January. A DPP spokesman said the hackers had downloaded the party’s research reports, schedules and meeting notes, but hadn’t stolen any sensitive information.
►►Taiwanese businessman sentenced for spying for China. Taiwan’s High Court has sentenced 35-year-old Lai Kun-chieh to 18 months in prison for spying for China. Taiwan’s Defense Ministry says Lai was recruited by Chinese intelligence agents while working in China. But apparently a Taiwanese military officer approached by Lai and asked to share classified information, reported the incident to the authorities.
►►Taiwanese ex-spy arrested in China. There are reports in Southeast Asian news outlets of an arrest in China of a retired Taiwanese intelligence official, who was allegedly vacationing in the country. The former spy, who is identified simply as “Wu” in Chinese-language media, was arrested four months ago, soon after he arrived in China “as a tourist”. It is worth noting that, in 2010, the Deputy Director of Taiwan’s National Security Bureau Secret Service Center, Chang Kan-ping, warned retired intelligence officers to avoid visiting China, “because of the risk of arrest or interrogation there”.

Ex-CIA counterterrorist chief says al-Qaeda to turn to computer hacking

Cofer Black

Cofer Black

By JOSEPH FITSANAKIS | intelNews.org |
The strategic retreat currently being experienced by al-Qaeda will force the group to concentrate on inflicting damage on its enemies through the Internet. This is the opinion of Cofer Black, the straight-talking CIA veteran who retired in 2002 as Director of the Agency’s Counterterrorism Center. Black, who is known for his hawkish views on Washington’s ‘war on terrorism’, gave the keynote speech on Wednesday at the Black Hat Technical Security Conference in Las Vegas, Nevada. He told an audience of nearly 7,000 conference participants that “the natural thing” would be for al-Qaeda in the post-bin-Laden age to continue to engage in terrorism by “fall[ing] back to things that are small and agile”, with computer hacking being an ideal candidate. Black, who since 2002 has worked for private contractors, including Blackwater/Xe, illustrated his point by referring to Stuxnet, the elaborately programmed computer virus that targeted electronic hardware in Iran’s nuclear energy program in July of 2010. “The Stuxnet attack is the Rubicon of our future”, said the former CIA official, adding that it was the computer virus designed to cause “physical destruction of a national resource”. Black is rightly revered by intelligence observers for having warned US government officials of a large-scale terrorist attack in August of 2001, one month prior to the September 11 hijackings. Having said this, it is not exactly prophetic to state, as he did, that “cyber will be a key component of any future conflict”. Read more of this post

Computer hacking reveals Italian spying on Russia, India

CNAIPIC emblem

CNAIPIC emblem

By JOSEPH FITSANAKIS | intelNews.org |
Documents posted online by an anonymous hacker group point to extensive Italian espionage against Russian and Indian defense and energy deals. The hacked documents contain raw data and intelligence reports authored by officials in Italy’s National Anti-Crime Computer Center for Critical Infrastructure Protection (CNAIPIC), an electronic security outfit operating under the auspices of the Italian National Police. It appears that Italian National Police servers were recently hacked by a group of international hackers calling itself Anonymous Hackers for Antisec Operation. On July 26, the group published over eight gigabytes of hacked CNAIPIC documents on various subjects, ranging from reports on Egypt’s Ministry of Transportation to information about the Vietnam Oil and Gas Group (PetroVietnam). Among the documents are reports that seem to point to systematic intelligence-gathering operations by CNAIPIC against Russia’s government-owned energy and defense industries. Some of the information contained in the reports appears to have been stolen from the embassy of India in Moscow, probably through cyberespionage. The stolen information would suggest that CNAIPIC has had access since late 2009 to confidential correspondence between the Indian embassy and a number of Russian military aircraft industries, including Aviazapchast, Ilyushin Aircraft, and NPO Saturn. Read more of this post

News you may have missed #548 (China edition)

NIS HQ

By IAN ALLEN | intelNews.org |
►►China detains Korean spy officers. It emerged last week that Chinese authorities have kept in detention for nearly a year two South Korean NIS intelligence officers, who were caught collecting information about North Korea on Chinese soil. It appears that the Chinese did share the information with the North Koreans, because usually the North Korean news agency would have announced this when the officers were first arrested. Of course, NIS denied the Chinese report. ►►US intelligence on China declassified. George Washington University’s National Security Archive has published a series of declassified US intelligence reports on China, spanning the period from 1955 until 2010. In one report authored in 2005, US intelligence analysts speculate that Beijing might be trying to develop a capability to incapacitate Taiwan through high-power microwave and electromagnetic radiation, so as not to trigger a nuclear retaliation from the US. ►►IMF investigators see China behind computer hacking. Back in June, intelNews reported on a massive and sophisticated cyberattack on the computer systems of the International Monetary Fund, which experts claimed was “linked to a foreign government”. Read more of this post

News you may have missed #546

Thomas Drake

Thomas Drake

By IAN ALLEN | intelNews.org |
►►Whistleblower says NSA mismanagement continues. Former US National Security Agency employee Thomas Drake was recently sentenced to a year’s probation for leaking secrets about the agency to a journalist. The presiding judge did not sentence him to prison, recognizing that his genuine intention was to expose mismanagement. Soon after his sentencing, Drake told The Washington Times that mismanagement continues at the NSA, which he compared to “the Enron of the intelligence world”. He also told the paper that NSA’s accounts were “unauditable”, like those of most of the other agencies operating under the Pentagon. ►►Taliban claim phones hacked by NATO. The Afghan Taliban have accused NATO and the CIA of hacking pro-Taliban websites, as well as personal email accounts and cell phones belonging to Taliban leaders, in order to send out a false message saying that their leader, Mullah Mohammad Omar, had died. Taliban spokesman Zabihullah Mujahid told the Reuters news agency that the hacking was “the work of American intelligence” and that the Taliban would “take revenge on the telephone network providers”. ►►Rumsfeld memo says ‘US can’t keep a secret’. “The United States Government is incapable of keeping a secret”. This was opined in a November 2, 2005 memo authored by Donald Rumsfeld. The memo by the then-Defense Secretary continues: Read more of this post

News you may have missed #538

Wali Karzai

Wali Karzai

By IAN ALLEN | intelNews.org |
►►Egyptian diplomat dead in London after bizarre suicide attempt. Police in London are trying to solve the mysterious apparent suicide of Ayman Mohammed Fayed, a 41-year-old employee of the Egyptian embassy, who plunged to his death from one of the embassy’s third-floor windows last week. Embassy officials said he did so after hurriedly signing a brief suicide note to his family. Interestingly, one witness saw him trying to get back into the building from the window, apparently having changed his mind about killing himself. But, says The Daily Mail, he seems to have “lost control and fell”. The death does not seem to be related to the political changes that have taken place in Egypt this year. ►►CIA agent Wali Karzai dead in Afghanistan. Another death, that of Afghan President Hamid Karzai’s brother, has featured all over the news media in the past few days. Ahmed Wali Karzai, Afghan drug lord and influential strongman, was shot dead by his bodyguards last Tuesday. Wali Karzai’s role as a CIA agent is less widely advertised in obituaries (with a few notable exceptions). IntelNews readers will remember that, in October of 2009, The New York Times revealed that Wali Karzai had been financially sustained by the CIA ever since the initial US invasion of Afghanistan, in 2001, and that he was still —as of 2009— receiving “regular payments” from the Agency.  Read more of this post

News you may have missed #530

  • Another spy ring reportedly busted in Kuwait. Kuwait has allegedly busted another spy ring, working for the intelligence services “of an Arab country [that] is currently embroiled in political turmoil”, reports Al-Jaridah daily. The paper also said that information gathered by the spy ring was sent to a liaison officer in the embassy of that country. Last April, two Iranians and a Kuwaiti national, all serving in Kuwait’s army, were sentenced to death for belonging to an Iranian spy ring.
  • How defectors come in from the cold. Interesting historical account of how defectors adjust to their new lives, from the BBC’s News Magazine. Sadly, much of the article is about –you guessed it– the Cambridge Five, which the British seem unable to get over, half a century later.
  • UK report says hackers should fight cyber spies. Britain faces losing its position at the leading edge of technology unless new ideas are developed to fight cyber attacks, including recruiting computer hackers to help fight organized cyber crime and espionage by foreign powers. This is the conclusion of a new report by the University College London’s Institute for Security and Resilience Studies.

News you may have missed #525

  • Hacker group LulzSec to disband after attacks on CIA. The publicity-seeking hacker group that has left a trail of sabotaged websites over the last two months, including attacks on law enforcement and releases of private data, said unexpectedly on Saturday it is dissolving itself.
  • NSA veteran publishes book on secretive listening base. Good book review of Inside Pine Gap: The Spy Who Came in From the Desert, written by 23-year US National Security Agency veteran David Rosenberg, who worked for 18 years at the joint US-Australian intelligence facility at Pine Gap, a small technical encampment outside Alice Springs in the Australian outback.
  • Aussie spy agencies feeling budget cuts effect. Australia’s Federal Government has been urged, in a report by the Parliamentary Joint Committee on Intelligence and Security, to review the effects of its cost-saving drive on the country’s intelligence community.

News you may have missed #523

  • Archbishop of Canterbury branded ‘subversive’ by MI5. A senior officer of MI5, Britain’s domestic intelligence agency, labeled Rowan Williams ‘a subversive’ in the 1980s, over his involvement with a group of leftwing campaigners.
  • Pakistan ambassador defends arrest of bin Laden informants. Pakistan Ambassador to the United States Husain Haqqani has defended his country’s decision to round up more than 30 people, some of whom may have helped US intelligence track down Osama bin Laden. Meanwhile, the US government is still bankrolling the Pakistani intelligence services. No changes there.
  • US weighs harsher penalties in wake of CIA/FBI hacker attacks. Under a new White House proposal, the 10-year maximum sentence for potentially endangering national security would double, and so would the five-year sentence for computer thefts up to $5,000. Also, the one year maximum for accessing a government computer —either to deface it or download an unimportant file— could become a three-year sentence.

Massive IMF cyberattack ‘was state-backed’, say sources

International Monetary Fund seal

IMF seal

By JOSEPH FITSANAKIS | intelNews.org
A massive and sophisticated cyberattack that targeted the computer systems of the International Monetary Fund last month was “linked to a foreign government”, according to sources familiar with the incident. The IMF, an international institution which oversees financial crises around the world, revealed the security breach in an internal email sent last week, but has yet to make a public announcement about the incident. Although the cyberattack was not publicly announced, it was revealed last weekend by The New York Times, which cited a “security expert […] familiar with the incident”. The paper notes that IMF’s computer databases function as “a repository of highly confidential information about the fiscal condition of many nations”, and that they contain “potentially market-moving information”. British daily The Independent adds that “internal political opponents and foreign intelligence services could […] find [in the IMF databases] explosive information about government dealings with the fund”. Intriguingly, the attack occurred in the weeks prior to the arrest of the Fund’s Director, Dominique Strauss-Kahn, who was detained on American soil on charges of sexually assaulting a female worker at his luxury New York hotel. Read more of this post

One in four US hackers is FBI informant, says report

2600 magazine

2600 magazine

By JOSEPH FITSANAKIS | intelNews.org
Experienced observers with strong links in the American computer hacker community estimate that around 25 percent of its members are working as informants for the Federal Bureau of Investigation and other US government agencies. This according to an investigative report published in British quality broadsheet The Guardian, which claims that the large numbers of government operatives have spread unprecedented “paranoia and mistrust” inside the US computer hacker underground. According to the report, the authorities have made significant inroads, not by training their officers in hacking skills, but by employing the threat of lengthy prison sentences as a means of convincing captured hackers to turn into government informants. This technique is largely responsible for the creation of an “army of informants” operating “deep inside the hacking community” in the US. An example provided in the report is the infiltration of online forums used by the cybercriminal community as marketplaces for credit card, bank account, and other stolen identity information, which are often traded in bulk around the world. Read more of this post

Did compromised laptop prompt Israel to bomb Syrian nuclear reactor?

Al-Kibar reactor

Al-Kibar reactor

By JOSEPH FITSANAKIS | intelNews.org |
One of the Middle East’s biggest mysteries in recent years concerns Operation ORCHARD, the September 6, 2007, attack by Israeli fighter jets on a site deep in the Syro-Arabian Desert. Many observers, including former CIA Director, General Michael Hayden, have called for the secrecy surrounding the covert operation to be finally lifted. But it has been more-or-less confirmed that the attack targeted a plutonium production reactor, which was part of Syria’s secret nuclear weapons program. And officials in Tel Aviv have repeatedly hinted that Israel was behind the operation. The burning question, however, is how did Israel learn of the existence of Syria’s nuclear reactor at Al-Kibar, a secret and isolated site deep in the Syro-Arabian Desert? The authoritative account of the operation, which appeared in German newsmagazine Der Spiegel in 2009, suggested that the initial tip came from the US National Security Agency, which “detected a suspiciously high number of telephone calls between Syria and North Korea”. But it also alleged that the Mossad managed to acquire vital clues about the Al-Kibar building site by installing a stealth “Trojan horse” program on the laptop of a Syrian government official, while the latter was visiting Britain. Read more of this post

News you may have missed #489

  • Russian spies want their stuff back from the FBI. Two of the ten Russians deported from the United States in a spy row last July have demanded that some of the property they were forced to leave behind be returned to them. The claim was lodged on behalf of Vladimir and Lidia Guryev, better known as Richard and Cynthia Murphy.
  • Kuwait sentences three to death for espionage. Two Iranians and a Kuwaiti national, all serving in Kuwait’s army, were condemned to death yesterday for belonging to an Iranian spy ring, which allegedly passed on information to the Iran’s Islamic Revolutionary Guards. A Syrian and a stateless Arab, who are also members of the alleged spy ring, were handed life terms.
  • ‘Foreign spies’ hacked Australian leader’s computer. Chinese hackers seeking information on commercial secrets are suspected of having broken into a computer used by Julia Gillard, the Australian prime minister. Her computer was among 10 machines used by senior government ministers which were compromised by the hackers. According to one source, the Australians were tipped off to the hacking by the CIA and the FBI.