US government plans background checks on Chinese students over espionage fears

Chinese students in USAThe United States government plan to impose tighter visa restrictions and wider background checks on Chinese nationals studying at American universities, over espionage concerns. The news follows reports earlier this year that the administration of US President Donald Trump considered banning all Chinese nationals from studying at American universities. In October of this year, The Financial Times reported that the White House came close to imposing the ban, after it was allegedly proposed by Stephen Miller, speechwriter and senior advisor to Trump. Miller became known as the main architect of Executive Order 13769 —the travel ban imposed on citizens of several countries, most of them predominantly Muslim. According to The Financial Times, Trump was eventually dissuaded from imposing the Chinese student ban by Terry Branstad, US ambassador to China.

Now, however, the Trump administration is reportedly considering the possibility of imposing deeper background checks and additional vetting on all Chinese nationals wishing to study in the US. Citing “a US official and three congressional and university sources”, Reuters said on Thursday that the measures would apply to all Chinese students wishing to register in undergraduate and graduate academic programs in the US. The news agency quoted a “senior US official” as saying that “no Chinese student who’s coming [to the US] is untethered from the state […. They all have] to go through a party and government approval process”. Reuters reported that the proposed plan includes a comprehensive examination of the applicants’ phone records and their presence on social media platforms. The goal would be to verify that the applicants are not connected with Chinese government agencies. As part of the proposed plan, US law enforcement and intelligence agencies would provide counterintelligence training to university officials.

However, the plan has many American universities —including elite Ivy League schools— worried that they may be losing up to $14 billion in tuition and other fees spent annually by more than 350,000 Chinese nationals studying in the US. The fear is that the latter may be looking to study elsewhere, in countries such as Canada, Australia and the United Kingdom. Reuters said that many of America’s top universities are “regularly sharing strategies to thwart” plans by the Trump administration to make it more difficult for Chinese nationals to study in the US. The news agency said it contacted the Chinese ambassador to Washington, who called the White House’s fears of espionage by Chinese students “groundless” and “very indecent”.

Author: Joseph Fitsanakis | Date: 30 November 2018 | Permalink

Advertisements

French senior civil servant arrested on suspicion of spying for North Korea

Benoît QuennedeyA senior civil servant in the upper house of the French parliament has been arrested on suspicion of spying for North Korea, according to prosecutors. The news of the suspected spy’s arrest was first reported on Monday by Quotidien, a daily politics and culture show on the Monaco-based television channel TMC. The show cited “a judicial source in Paris” and said that France’s domestic security and counterintelligence agency, the General Directorate for Internal Security (DGSI), was in charge of the espionage case.

The senior administrator has been identified as Benoit Quennedey, a civil servant who liaises between the French Senate and the Department of Architecture and Heritage, which operates under France’s Ministry of Culture. Quennedey was reportedly detained on Sunday morning and his office in the French Senate was raided by DGSI officers on the same day. Quotidien said that he was arrested on suspicion of “collecting and delivering to a foreign power information likely to subvert core national interests”. The report did not provide specific information about the type of information that Quennedey is believed to have passed to North Korea. It did state, however, that a counterintelligence investigation into his activities began in March of this year.

Quennedey is believed to be the president of the Franco-Korean Friendship Association, the French branch of a Spanish-based organization that lobbies in favor of international support for North Korea. Korea Friendship Association branches exist in over 30 countries and are believed to be officially sanctioned by Pyongyang. They operate as something akin to the pre-World War II Comintern (Communist International), a Moscow-sanctioned international pressure group that advocated in favor of Soviet-style communism around the world. French media reported on Monday that Quennedey traveled extensively to the Korean Peninsula in the past decade and has written a French-language book on North Korea. News reports said that the French President Emmanuel Macron had been made aware of Quennedey’s arrest. The senior civil servant faces up to 30 years in prison if found guilty of espionage.

Author: Joseph Fitsanakis | Date: 27 November 2018 | Permalink

CIA suffered ‘catastrophic’ compromise of its spy communication system

CIAThe United States Central Intelligence Agency suffered a “catastrophic” compromise of the system it uses to communicate with spies, which caused the death of “dozens of people around the world” according to sources. This is alleged in a major report published on Friday by Yahoo News, which cites “conversations with eleven former US intelligence and government officials directly familiar with the matter”. The report by the online news service describes the compromise of an Internet-based covert platform used by the CIA to facilitate the clandestine communication between CIA officers and their sources —known as agents or spies— around the world.

According to Yahoo News, the online communication system had been developed in the years after 9/11 by the US Intelligence Community for use in warzones in the Middle East and Central Asia. It was eventually adopted for extensive use by the CIA, which saw it as a practical method for exchanging sensitive information between CIA case officers and their assets in so-called ‘denied areas’. The term refers to regions of the world where face-to-face communication between CIA case officers and their assets is difficult and dangerous due to the presence of ultra-hostile intelligence services or non-state adversaries like the Taliban or al-Qaeda. However, it appears that the system was flawed: it was too elementary to withstand sustained scrutiny by Internet-savvy counterintelligence experts working for state actors like Iran, China or Russia.

In September of 2009, Washington made a series of impressively detailed revelations about the advanced status of Iran’s nuclear program. These angered Tehran, which redoubled its efforts to stop the US and others from acquiring intelligence information about the status of its nuclear program. Some sources told Yahoo News that one of the CIA assets inside Iran’s nuclear program was convinced by the Iranians to become a double spy. He proceeded to give Tehran crucial information about the CIA’s online communication system. Based on these initial clues, the Iranians allegedly used Google-based techniques “that one official described as rudimentary” to identify an entire network of CIA-maintained websites that were used to communicate with assets in Iran and elsewhere. The Iranians then kept tabs on these websites and located their users in order to gradually unravel an entire network of CIA agents inside their country. Around that time, Iranian media announced that the Islamic Republic’s counterintelligence agencies had broken up an extensive CIA spy ring consisting of more than 30 informants.

The Yahoo News report says that the CIA was able to successfully exfiltrate some of its assets from Iran before the authorities were able to apprehend them. The agency also had to recall a number of undercover officers, after they were identified by the Iranians. The effects of the compromise, however, persisted on a global scale, according to former US intelligence officials. In 2011 and 2012, another network of CIA spies was busted in China, leading to the arrest and execution of as many as three dozen assets working for the US. Many, says Yahoo News, believe that the Iranians coached the Chinese on how to use the CIA’s online communication system to identify clandestine methods and sources used by the agency.

Along with other specialist websites, IntelNews monitored these developments as they took place separately in Iran and China. However, the Yahoo News report is the first to piece together these seemingly disparate developments and suggest that they were likely triggered by the same root cause. What is more, the report suggests that the CIA had been warned about the potential shortcomings of its online communication system before 2009, when the first penetrations began to occur. In response to the compromise, the CIA has reportedly modified, and at times completely abandoned, its online communication system. However, the implications of the system’s compromise continue to “unwind worldwide” and the CIA is “still dealing with the fallout”, according to sources. The effects on the agency’s operational work are likely to persist for years, said Yahoo News.

Author: Joseph Fitsanakis | Date: 05 November 2018 | Permalink

Czech spy agency says it neutralized Hezbollah cyberespionage network

Czech Security Information ServiceOfficials in the Czech Republic have announced that the country’s spy agency headed an operation in several countries, aimed at neutralizing a cyberespionage network operated by the Lebanese militant group Hezbollah. Early last week, the Security Information Service (BIS), the primary domestic national intelligence agency of the Czech Republic, issued a short statement saying that it “played a big part in helping to identify and disconnect Hezbollah servers in the Czech Republic, other EU member states and the US”. But it did not elaborate. On Tuesday, however, ZDNet’s Zero Day security blog published more information from the Czechs about the BIS operation.

According to the BIS, its cyber security force discovered a number of servers located on Czech soil, which were “almost certainly” used by Hezbollah, the Shiite militant group that controls large swathes of territory in Lebanon. The servers were allegedly used in a wide-range cyberespionage operation that began in 2017 by a group of Hezbollah hackers based in Lebanon. It was there, said the BIS, where the command-and-control facilities of the operation were located. The servers located on Czech soil were used to download phone apps that contained malicious software. The hackers targeted individual phone users located mainly in the Middle East, according to the BIS, but other targets were in eastern and central Europe. It is believed that the majority of targets were Israeli citizens. Invariably, targeted individuals were approached online, mostly through fake Facebook profiles. Most of the targets were men, and the fake Facebook profiles featured pictures of attractive young women. After initial messages were exchanged via Facebook, the targets were convinced to download phone applications that would allow them to continue communicating with the ‘women’. These applications would install spyware on their phones, thus allowing Hezbollah hackers to capture the content of messages and calls made on the phones. The latter could also be used as eavesdropping devices.

According to BIS Director Michal Koudelka, the spy agency “played a significant role in identifying and uncovering the hackers’ system. We identified the victims and traced the attack to its source facilities. Hacker servers have been shut down”, he said. Koudelka added that some of the servers used by Hezbollah were located in other European Union countries and in the United States. These were shut down following a joint cyber operation by BIS and “partners”, said Koudelka, though he did not identify them.

Author: Joseph Fitsanakis | Date: 17 October 2018 | Permalink

US intelligence reevaluates safety of Russian defectors in light of Skripal poisoning

CIAIntelligence officials in the United States are feverishly reassessing the physical safety of dozens of Russian defectors, in light of the case of Russian double spy Sergei Skripal, who was poisoned in England last March. Skripal, a former military intelligence officer who spied for Britain, was resettled in the English town of Salisbury in 2010 by the British Secret Intelligence Service (MI6). But he and his daughter Yulia made international headlines in March, after they were poisoned by a powerful nerve agent that nearly killed them. The attack has been widely blamed on the Russian government, though the Kremlin denies that it had a role in it.

Like MI6, the US Central Intelligence Agency also has a protection program for foreign nationals whose life may be at risk because they spied for the US. The CIA’s protection division, called the National Resettlement Operations Center, helps resettle and sometimes hide and protect dozens of foreign agents, or assets, as they are known in CIA lingo. But following the Skripal case, some CIA resettlement officials have expressed concern that protection levels for some foreign assets may need to be significantly raised. The New York Times, which published the story last week, said that it spoke to “current and former American intelligence officials”, which it did not name. In light of those concerns, US counterintelligence officials have been carrying out what The Times described as “a wide-reaching review” of every Russian asset who has been resettled in the US. The purpose of the review is to assess the ease with which these former assets can be traced through their digital footprint on social media and other publicly available information.

According to the paper, several Russians who defected to the US after working for the CIA and other US intelligence agencies were tracked down by the Kremlin in recent years. In the mid-1990s, says The Times, the CIA actually found an explosive device placed under the car of a Russian defector living in the US. More recently, US intelligence traced the movements of a suspected Russian assassin who visited the neighborhood of a resettled Russian defector in Florida. In the past, Russian CIA assets who have been resettled in the US have voluntarily revealed their whereabouts by reaching out to relatives back in Russia out of homesickness. In some cases, they have left the US in order to meet a lover who may have been planted by the Russian spy services —with sometimes fatal consequences.

In addition to the US, at least one more country has initiated a thorough review of the way it protects former Russian assets living in its territory in light of the Skripal case. As intelNews reported in March, the British secret services tightened the physical security of dozens of Russian defectors living in Britain only a week after the attempted murder of Skripal. Britain’s security services reportedly viewed the attack on Skripal as an intelligence failure and launched a comprehensive review of the risk to British-based Russian double spies and defectors from “unconventional threats”. The latter included attacks with chemical and radiological weapons.

Author: Joseph Fitsanakis | Date: 18 September 2018 | Permalink

CIA informants inside Russia are going silent, say US sources

Kremlin, RussiaSecret informants inside the Russian government, which the United States has relied on in recent years for tips about Moscow’s strategy and tactics, have gone silent in recent months, according to sources. Over many years, US intelligence agencies have built networks of Russian informants. These consist of officials placed in senior positions inside the Kremlin and other Russian government institutions, who can help shed light on Russia’s political maneuvers. These informants were crucial in enabling the US Intelligence Community to issue warnings of possible Russian meddling in the American presidential elections of November 2016. Since then, US spy agencies have largely relied on these informants to produce detailed assessments of Russian intelligence activities targeting the US, and propose measures against those involved.

But on Friday, The New York Times said in an article that these vital sources of information in Moscow have been going silent in recent months. Citing “current and former officials”, the paper said that US officials did not believe that the informants have been captured or killed. Instead, they have voluntarily “gone underground” because of “more aggressive counterintelligence” practiced by Russian security agencies. Moscow has stepped up attempts to detect spies operating inside Russia since the Sergei Skripal incident, when relations between it and most Western countries sank to their lowest point since the Cold War. In turn, Western informants operating in Russia have “decided it is too dangerous to pass information” and have gone “silent for their own protection”, said The Times.

This situation, however, has left the Central Intelligence Agency and other US spy agencies “in the dark” about the intentions of Russian President Vladimir Putin, just as America is nearing its mid-term elections. The lack of information has been exacerbated by the expulsion of dozens of American diplomats from Russia in March of this year. Moscow announced the expulsions in response to Washington’s decision to expel 60 Russian diplomats in protest against the attempt —allegedly by Russia— to kill Sergei Skripal in England. Many of the diplomats who were expelled from Russia were in fact intelligence officers operating under diplomatic cover. Few of those are now left on Russian soil and, according to The Times, “are under incredible surveillance” by Russian counterintelligence agencies. Washington is still collecting information from Russia through other channels, including communication intercepts, which, according to The Times, “remain strong”. But the paper cited anonymous American officials who “acknowledged the degradation in the [overall flow of] information collected from Russia.

Author: Joseph Fitsanakis | Date: 27 August 2018 | Permalink

US fired Moscow embassy employee who may have spied for Russia

US embassy in RussiaA female Russian national who worked for the United States Secret Service in Moscow was quietly dismissed in 2017, amidst concerns that she was spying for Russia. British newspaper The Guardian, which broke the story last week, did not name the Russian woman. But it said that she had worked at the US Embassy in Moscow “for more than a decade”, most recently for the Secret Service –a federal law enforcement agency that operates within the Department of Homeland Security. The Secret Service has several missions, the most important of which is to ensure the physical safety of America’s senior political leadership.

Throughout her Secret Service career, the Russian woman is thought to have had access to the agency’s email system and intranet network, said The Guardian, citing “an intelligence source”. She could also potentially have had access to “highly confidential material”, said the paper, including the daily schedules of America’s past and current presidents and vice presidents, as well as their family members’ schedules.

The unnamed Russian national first came under suspicion in 2016, said The Guardian, during a routine security review conducted by two counterintelligence staff members at one of the Department of State’s Regional Security Offices (RSO). These reviews usually take place every five years and scan the background and activities of employees at American embassies abroad. The review showed that the unnamed Russian national was holding regular meetings with officers of the Federal Security Service (FSB), Russia’s domestic intelligence service. In January of 2017, the Department of State reportedly shared its findings with the Secret Service. But the latter waited until several months later to fire the Russian woman, having decided to do so quietly, said The Guardian.

According to the paper, instead of launching a major investigation into the State Department’s findings, the Secret Service simply dismissed the woman by revoking her security clearance. The paper said that the Russian national’s dismissal took place shortly before the US embassy in Moscow was forced to remove or fire over 750 employees as part of Russia’s retaliation against economic sanctions imposed on it by Washington. That coincidence helped the Secret Service “contain any potential embarrassment” arising from claims of espionage, said The Guardian. The paper contacted the Secret Service and was told that “all Foreign Service nationals” working for the agency “are managed accordingly to ensure that […US] government interests are protected at all times”. Their duties, therefore, are “limited to translation, interpretation, cultural guidance, liaison and administrative support. This is of particular emphasis in Russia”, said a Secret Service spokesman, who refused to discuss specific cases.

Author: Joseph Fitsanakis | Date: 07 August 2018 | Research credit: S.F. | Permalink