CIA suffered ‘catastrophic’ compromise of its spy communication system

CIAThe United States Central Intelligence Agency suffered a “catastrophic” compromise of the system it uses to communicate with spies, which caused the death of “dozens of people around the world” according to sources. This is alleged in a major report published on Friday by Yahoo News, which cites “conversations with eleven former US intelligence and government officials directly familiar with the matter”. The report by the online news service describes the compromise of an Internet-based covert platform used by the CIA to facilitate the clandestine communication between CIA officers and their sources —known as agents or spies— around the world.

According to Yahoo News, the online communication system had been developed in the years after 9/11 by the US Intelligence Community for use in warzones in the Middle East and Central Asia. It was eventually adopted for extensive use by the CIA, which saw it as a practical method for exchanging sensitive information between CIA case officers and their assets in so-called ‘denied areas’. The term refers to regions of the world where face-to-face communication between CIA case officers and their assets is difficult and dangerous due to the presence of ultra-hostile intelligence services or non-state adversaries like the Taliban or al-Qaeda. However, it appears that the system was flawed: it was too elementary to withstand sustained scrutiny by Internet-savvy counterintelligence experts working for state actors like Iran, China or Russia.

In September of 2009, Washington made a series of impressively detailed revelations about the advanced status of Iran’s nuclear program. These angered Tehran, which redoubled its efforts to stop the US and others from acquiring intelligence information about the status of its nuclear program. Some sources told Yahoo News that one of the CIA assets inside Iran’s nuclear program was convinced by the Iranians to become a double spy. He proceeded to give Tehran crucial information about the CIA’s online communication system. Based on these initial clues, the Iranians allegedly used Google-based techniques “that one official described as rudimentary” to identify an entire network of CIA-maintained websites that were used to communicate with assets in Iran and elsewhere. The Iranians then kept tabs on these websites and located their users in order to gradually unravel an entire network of CIA agents inside their country. Around that time, Iranian media announced that the Islamic Republic’s counterintelligence agencies had broken up an extensive CIA spy ring consisting of more than 30 informants.

The Yahoo News report says that the CIA was able to successfully exfiltrate some of its assets from Iran before the authorities were able to apprehend them. The agency also had to recall a number of undercover officers, after they were identified by the Iranians. The effects of the compromise, however, persisted on a global scale, according to former US intelligence officials. In 2011 and 2012, another network of CIA spies was busted in China, leading to the arrest and execution of as many as three dozen assets working for the US. Many, says Yahoo News, believe that the Iranians coached the Chinese on how to use the CIA’s online communication system to identify clandestine methods and sources used by the agency.

Along with other specialist websites, IntelNews monitored these developments as they took place separately in Iran and China. However, the Yahoo News report is the first to piece together these seemingly disparate developments and suggest that they were likely triggered by the same root cause. What is more, the report suggests that the CIA had been warned about the potential shortcomings of its online communication system before 2009, when the first penetrations began to occur. In response to the compromise, the CIA has reportedly modified, and at times completely abandoned, its online communication system. However, the implications of the system’s compromise continue to “unwind worldwide” and the CIA is “still dealing with the fallout”, according to sources. The effects on the agency’s operational work are likely to persist for years, said Yahoo News.

Author: Joseph Fitsanakis | Date: 05 November 2018 | Permalink

Advertisements

Czech spy agency says it neutralized Hezbollah cyberespionage network

Czech Security Information ServiceOfficials in the Czech Republic have announced that the country’s spy agency headed an operation in several countries, aimed at neutralizing a cyberespionage network operated by the Lebanese militant group Hezbollah. Early last week, the Security Information Service (BIS), the primary domestic national intelligence agency of the Czech Republic, issued a short statement saying that it “played a big part in helping to identify and disconnect Hezbollah servers in the Czech Republic, other EU member states and the US”. But it did not elaborate. On Tuesday, however, ZDNet’s Zero Day security blog published more information from the Czechs about the BIS operation.

According to the BIS, its cyber security force discovered a number of servers located on Czech soil, which were “almost certainly” used by Hezbollah, the Shiite militant group that controls large swathes of territory in Lebanon. The servers were allegedly used in a wide-range cyberespionage operation that began in 2017 by a group of Hezbollah hackers based in Lebanon. It was there, said the BIS, where the command-and-control facilities of the operation were located. The servers located on Czech soil were used to download phone apps that contained malicious software. The hackers targeted individual phone users located mainly in the Middle East, according to the BIS, but other targets were in eastern and central Europe. It is believed that the majority of targets were Israeli citizens. Invariably, targeted individuals were approached online, mostly through fake Facebook profiles. Most of the targets were men, and the fake Facebook profiles featured pictures of attractive young women. After initial messages were exchanged via Facebook, the targets were convinced to download phone applications that would allow them to continue communicating with the ‘women’. These applications would install spyware on their phones, thus allowing Hezbollah hackers to capture the content of messages and calls made on the phones. The latter could also be used as eavesdropping devices.

According to BIS Director Michal Koudelka, the spy agency “played a significant role in identifying and uncovering the hackers’ system. We identified the victims and traced the attack to its source facilities. Hacker servers have been shut down”, he said. Koudelka added that some of the servers used by Hezbollah were located in other European Union countries and in the United States. These were shut down following a joint cyber operation by BIS and “partners”, said Koudelka, though he did not identify them.

Author: Joseph Fitsanakis | Date: 17 October 2018 | Permalink

US intelligence reevaluates safety of Russian defectors in light of Skripal poisoning

CIAIntelligence officials in the United States are feverishly reassessing the physical safety of dozens of Russian defectors, in light of the case of Russian double spy Sergei Skripal, who was poisoned in England last March. Skripal, a former military intelligence officer who spied for Britain, was resettled in the English town of Salisbury in 2010 by the British Secret Intelligence Service (MI6). But he and his daughter Yulia made international headlines in March, after they were poisoned by a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies that it had a role in it.

Like MI6, the US Central Intelligence Agency also has a protection program for foreign nationals whose life may be at risk because they spied for the US. The CIA’s protection division, called the National Resettlement Operations Center, helps resettle and sometimes hide and protect dozens of foreign agents, or assets, as they are known in CIA lingo. But following the Skripal case, some CIA resettlement officials have expressed concern that protection levels for some foreign assets may need to be significantly raised. The New York Times, which published the story last week, said that it spoke to “current and former American intelligence officials”, which it did not name. In light of those concerns, US counterintelligence officials have been carrying out what The Times described as “a wide-reaching review” of every Russian asset who has been resettled in the US. The purpose of the review is to assess the ease with which these former assets can be traced through their digital footprint on social media and other publicly available information.

According to the paper, several Russians who defected to the US after working for the CIA and other US intelligence agencies were tracked down by the Kremlin in recent years. In the mid-1990s, says The Times, the CIA actually found an explosive device placed under the car of a Russian defector living in the US. More recently, US intelligence traced the movements of a suspected Russian assassin who visited the neighborhood of a resettled Russian defector in Florida. In the past, Russian CIA assets who have been resettled in the US have voluntarily revealed their whereabouts by reaching out to relatives back in Russia out of homesickness. In some cases, they have left the US in order to meet a lover who may have been planted by the Russian spy services —with sometimes fatal consequences.

In addition to the US, at least one more country has initiated a thorough review of the way it protects former Russian assets living in its territory in light of the Skripal case. As intelNews reported in March, the British secret services tightened the physical security of dozens of Russian defectors living in Britain only a week after the attempted murder of Skripal. Britain’s security services reportedly viewed the attack on Skripal as an intelligence failure and launched a comprehensive review of the risk to British-based Russian double spies and defectors from “unconventional threats”. The latter included attacks with chemical and radiological weapons.

Author: Joseph Fitsanakis | Date: 18 September 2018 | Permalink

CIA informants inside Russia are going silent, say US sources

Kremlin, RussiaSecret informants inside the Russian government, which the United States has relied on in recent years for tips about Moscow’s strategy and tactics, have gone silent in recent months, according to sources. Over many years, US intelligence agencies have built networks of Russian informants. These consist of officials placed in senior positions inside the Kremlin and other Russian government institutions, who can help shed light on Russia’s political maneuvers. These informants were crucial in enabling the US Intelligence Community to issue warnings of possible Russian meddling in the American presidential elections of November 2016. Since then, US spy agencies have largely relied on these informants to produce detailed assessments of Russian intelligence activities targeting the US, and propose measures against those involved.

But on Friday, The New York Times said in an article that these vital sources of information in Moscow have been going silent in recent months. Citing “current and former officials”, the paper said that US officials did not believe that the informants have been captured or killed. Instead, they have voluntarily “gone underground” because of “more aggressive counterintelligence” practiced by Russian security agencies. Moscow has stepped up attempts to detect spies operating inside Russia since the Sergei Skripal incident, when relations between it and most Western countries sank to their lowest point since the Cold War. In turn, Western informants operating in Russia have “decided it is too dangerous to pass information” and have gone “silent for their own protection”, said The Times.

This situation, however, has left the Central Intelligence Agency and other US spy agencies “in the dark” about the intentions of Russian President Vladimir Putin, just as America is nearing its mid-term elections. The lack of information has been exacerbated by the expulsion of dozens of American diplomats from Russia in March of this year. Moscow announced the expulsions in response to Washington’s decision to expel 60 Russian diplomats in protest against the attempt —allegedly by Russia— to kill Sergei Skripal in England. Many of the diplomats who were expelled from Russia were in fact intelligence officers operating under diplomatic cover. Few of those are now left on Russian soil and, according to The Times, “are under incredible surveillance” by Russian counterintelligence agencies. Washington is still collecting information from Russia through other channels, including communication intercepts, which, according to The Times, “remain strong”. But the paper cited anonymous American officials who “acknowledged the degradation in the [overall flow of] information collected from Russia.

Author: Joseph Fitsanakis | Date: 27 August 2018 | Permalink

US fired Moscow embassy employee who may have spied for Russia

US embassy in RussiaA female Russian national who worked for the United States Secret Service in Moscow was quietly dismissed in 2017, amidst concerns that she was spying for Russia. British newspaper The Guardian, which broke the story last week, did not name the Russian woman. But it said that she had worked at the US Embassy in Moscow “for more than a decade”, most recently for the Secret Service –a federal law enforcement agency that operates within the Department of Homeland Security. The Secret Service has several missions, the most important of which is to ensure the physical safety of America’s senior political leadership.

Throughout her Secret Service career, the Russian woman is thought to have had access to the agency’s email system and intranet network, said The Guardian, citing “an intelligence source”. She could also potentially have had access to “highly confidential material”, said the paper, including the daily schedules of America’s past and current presidents and vice presidents, as well as their family members’ schedules.

The unnamed Russian national first came under suspicion in 2016, said The Guardian, during a routine security review conducted by two counterintelligence staff members at one of the Department of State’s Regional Security Offices (RSO). These reviews usually take place every five years and scan the background and activities of employees at American embassies abroad. The review showed that the unnamed Russian national was holding regular meetings with officers of the Federal Security Service (FSB), Russia’s domestic intelligence service. In January of 2017, the Department of State reportedly shared its findings with the Secret Service. But the latter waited until several months later to fire the Russian woman, having decided to do so quietly, said The Guardian.

According to the paper, instead of launching a major investigation into the State Department’s findings, the Secret Service simply dismissed the woman by revoking her security clearance. The paper said that the Russian national’s dismissal took place shortly before the US embassy in Moscow was forced to remove or fire over 750 employees as part of Russia’s retaliation against economic sanctions imposed on it by Washington. That coincidence helped the Secret Service “contain any potential embarrassment” arising from claims of espionage, said The Guardian. The paper contacted the Secret Service and was told that “all Foreign Service nationals” working for the agency “are managed accordingly to ensure that […US] government interests are protected at all times”. Their duties, therefore, are “limited to translation, interpretation, cultural guidance, liaison and administrative support. This is of particular emphasis in Russia”, said a Secret Service spokesman, who refused to discuss specific cases.

Author: Joseph Fitsanakis | Date: 07 August 2018 | Research credit: S.F. | Permalink

France arrests two intelligence officers on charges of spying for China

dgse franceFrance has confirmed the arrest of two French intelligence officers who are accused of spying for the Chinese government. It appears that the two officers were captured and charged in December. However, their arrests were not publicized at the time, because French counterintelligence officials wanted to avoid alerting more members of a possible spy ring, which some say may include up to five French citizens. It was only last Friday, a day after French media published leaked reports of the arrests, that the French government spoke publicly about the case.

France’s Minister of the Armed Forces, Florence Parly, told France’s CNews television on Friday that two French intelligence officers were “accused of extremely serious acts of treason” against the French state. The two officers had been charged with delivering classified information to a foreign power”, she said. Parly added that the spouse of one of the officers was also being investigated for participating in acts of espionage on behalf of a foreign country. When asked to identify the country that the two officers are accused of spying for, the minister refused to respond. But the Agence France Presse news agency cited an anonymous “security source”, who said that the two intelligence officers were being suspected of spying for China and that they had been captured following a sting operation by French counterintelligence officers.

French television station TFI1 said on Friday that both spy suspects are officers in the General Directorate of External Security (DGSE), France’s primary external intelligence agency. The station added that at least one of the two suspects was stationed at the embassy of France in Beijing when French counterintelligence became aware of the alleged espionage. According to some reports, the two suspects had retired from the DGSE by the time they were arrested, but committed their alleged espionage while still in the service of the spy agency. French government officials have refused to provide information about the length of the alleged espionage or the nature of the classified information believed to have been compromised. Additionally, no information is available about whether the two alleged spies were working in cooperation with each other. The BBC asked China last week about the arrests in France, but the Chinese Ministry of Foreign Affairs said it was not aware of the incident.

Author: Joseph Fitsanakis | Date: 28 May 2018 | Research credit: E.W. and P.C.  | Permalink

China gave ex-CIA officer “hundreds of thousands of dollars in cash” to spy on US

 Chinese Ministry of State SecurityChinese intelligence operatives gave a former officer of the United States Central Intelligence Agency “hundreds of thousands of dollars in cash” in exchange for carrying out espionage, according to court papers. The Federal Bureau of Investigation arrested Jerry Chun Shing Lee, 53, on January 15, accusing him of possessing classified information that included lists of real names of foreign assets and addresses of CIA safe houses. Lee, 53, was reportedly arrested after a lengthy FBI sting operation, which included creating a fictional job in the US in order to entice Lee to travel to New York from Hong Kong, where he had been living after leaving the CIA in 2007.

Lee is now scheduled to appear before a US circuit court judge on Friday morning, in order to be officially charged with one count of conspiracy to deliver national defense information to aid a foreign government and two counts of unlawfully retaining information pertaining to national defense. According to the indictment, in April of 2010 Lee met two officers of China’s Ministry of State Security. The meeting allegedly took place in Shenzhen, a city in southern China that borders Hong Kong. During that encounter, the indictment claims that Lee was offered “a gift of $100,000 in cash” in exchange of providing the Ministry of State Security with information about his career in the CIA. He was also told by the two Chinese intelligence officers that China would “take care of him for life” if he continued to cooperate with them.

In May of 2010, Lee deposited about $17,000 into one of his HSBC accounts in Hong Kong. Court documents allege that the deposit was the first of many that followed, and that they amounted to “hundreds of thousands of dollars”. These deposits continued to occurr until the end of 2013, when Lee made his last substantial cash deposit in Hong Kong. Throughout that time, Lee received regular written instructions from the Ministry of State Security, asking him to provide information about CIA operations. Lee did so at least 21 times, says the indictment. In one instance, he drew the floorplan of a CIA facility abroad and gave it to the Chinese, according to the indictment. Lee is expected to plead not guilty on Friday.

Author: Joseph Fitsanakis | Date: 16 May 2018 | Permalink