Sophisticated cyberespionage operation focused on high-profile targets

Rocra malware programming codeBy JOSEPH FITSANAKIS | intelNews.org |
After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups. The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian. The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years. During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”. Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies. Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization. Read more of this post

Belarus announces arrest of alleged Lithuanian spy ring members

Belarus and LithuaniaBy IAN ALLEN | intelNews.org |
The government of Belarus has announced the arrest of an espionage ring allegedly operating out of the Lithuanian embassy in Belarusian capital Minsk. It appears that the alleged ring consisted of at least one Lithuanian embassy official, identified only as “Mr. F” in Belarusian state documents, as well as an undisclosed number of Belarusian nationals. A brief statement published on the website of the Belarusian State Security Committee, the KGB, said that the Lithuanian official, who is said to be a military attaché at the embassy, was arrested along with several Belarusian members of the alleged spy ring. The arrests reportedly took place soon after members of the spy ring were caught in the act of exchanging information; the KGB press office added that “electronic equipment” and “spy gadgets” of an undisclosed nature were confiscated from the arrestees. Little is known at this point about the precise focus of the accused spies; the KGB claims that they were “engaged in efforts to gain information in the military sphere”. Media reports from Minsk suggest that the activities of the alleged ring were particularly focused on bilateral security arrangements between Belarus and Russia. Belarus, a former Soviet republic, is today one of Russia’s staunchest allies in Europe; since 1994, the country has been ruled by Russophile President Alexander Lukashenko, who often accuses other former Soviet republics —including Lithuania— of stooping to the West. Read more of this post

News you may have missed #637

Dmitri Bystrolyotov

D.A. Bystrolyotov

►►South African spy boss to quit. Director General of the State Security Agency Jeff Maqetuka, who has been entangled in a never-ending war with Minister Siyabonga Cwele, is expected to step down this week, according to South Africa’s Sunday Independent. The paper claims that that plans are afoot to expedite Maqetuka’s departure from the country’s intelligence infrastructure by placing him on summer leave and then making sure he would not return to work in 2012.
►►Slovakian defense minister resigns over wiretap scandal. The interception of journalists’ telephone calls by the Slovakian Defense Ministry’s counterintelligence arm has cost the country’s Defense Minister, Lubomír Galko, his job. The scandal involved Slovakia’s Military Defense Intelligence (VOS). It has also emerged that the VOS operation involved wiretapping of the head of TV news channel TA3 and two senior Defense Ministry employees, according to leaked documents obtained by Slovak media outlets.
►►Book on Soviet spy Dmitri Bystrolyotov. Excerpt from Emil Draitser’s book Stalin’s Romeo Spy: The Remarkable Rise and Fall of the KGB Most Daring Operative (Northwestern University Press, 2010), about one of the 20th century’s most outstanding undercover operatives. Bystrolyotov acted in Western Europe in the interwar period, recruiting and running several important agents in Great Britain, France, Germany, and Italy.

News you may have missed #540

Jim Judd

Jim Judd

By IAN ALLEN | intelNews.org |
►► Bulgaria bars ex-spies from holding diplomatic posts. Bulgaria’s conservative-majority parliament has voted to bar individuals who once worked for the country’s communist-era secret service from holding top diplomatic jobs. The aim of the legislation is what Eastern European countries call ‘lustration’, namely the process of cleansing of their security and intelligence agencies from Soviet-era operatives. The practical problem with that, of course, is that, in doing so, Eastern European intelligence services do away with some of their best-trained operatives. Moreover, there is nothing to suggest that Bulgaria’s post-communist spy agencies are significantly more law-abiding than their communist-era predecessors. Regular IntelNews readers might remember our coverage of Operation GALERIA as a case in point. ►► Ex-spymaster says Canada is too concerned about torture. The Canadian Security Intelligence Service’s (CSIS) struggle to isolate itself from complicity in torture by US and British spy agencies has reached the “point where we were probably alienating foreign partners” by not sharing intelligence. This is the opinion of Jim Judd, former Director of CSIS. He also argued that “strident anti-torture interpretations” would affect “everything and anything CSIS did, with respect to foreign intelligence agencies”. Judd, a career spy who retired in 2009, is considered something of a hawk, and probably rightly so. ►► NSA whistleblower requests reduced sentence (update: No jail time for Drake, judge releases him saying he has been through “four years of hell”). Thomas Drake was a senior official with the US National Security Agency. Read more of this post

Georgia charges photojournalists with spying for Russia

Irakli Gedenidze

Irakli Gedenidze

By JOSEPH FITSANAKIS | intelNews.org |
Three well-known Georgian photojournalists have been arrested and charged with conducting espionage on behalf of the Russian Federation. They include Irakli Gedenidze, Georgian President Mikhail Saakashvili’s personal photographer, as well as Giorgi Abdaladze, who works for Georgia’s Ministry of Foreign Affairs. The leader of the alleged spy ring is Zurab Kurtsikidze, who works for Frankfurt-based European Pressphoto Agency. All three were arrested in early morning raids last Thursday, during which their homes and offices were searched by Georgian counterintelligence officers. A Georgian government statement issued the following day stated that the searches uncovered confidential information about the daily itinerary of Mr Saakashvili, as well as a classified diagram of the Presidential office. According to the statement, the classified documents were secretly accessed and photographed by Gedenidze and Abdaladze, who then passed them on to Kurtsikidze. He in turn turned them over to the GRU, the Main Intelligence Directorate of the Russian Defense Ministry. Along with the statement, Georgian government prosecutors released surveillance recordings of telephone exchanges between the three photographers, in which they are heard discussing payment arrangements in return for classified documents surrendered to the Russians. Read more of this post

Security minister, ex-spy directors arrested in Hungary

Gyorgy Szilvasy

Gyorgy Szilvasy

By JOSEPH FITSANAKIS | intelNews.org |
One former government minister and two former directors of Hungary’s domestic intelligence service have been arrested on suspicion on espionage, according to reports. On June 28, Hungarian police arrested Lajos Galambos, who was Director of Hungary’s National Security Office (NBH) from 2004 to 2007. Three days later, on July 1, police forces arrested Sandor Laborc, who succeeded Galambos as NBH director, and Gyorgy Szilvasy (pictured), who was minister in charge of overseeing the civilian security services from 2007 to 2009. All three served in key government positions during the socialist government of former Prime Minister Ferenc Gyurcsany. Despite repeated media request, government prosecutors have refused to disclose the precise nature of the charges against the three officials, except to say that they are suspected of having committed “crimes against the state”. One Hungarian daily, Tabloid Blikk, suggested that the arrests are linked to the Egymasert Public Foundation, headed by wanted fugitive Robert Jakubinyi.  Egymasert was found last year to have been used to facilitate money laundering and the illegal sale of shares. But other reports interpret the high-level arrests as a form of political payback for the so-called ‘UD Zrt affair’, also known as ‘the Hungarian Watergate’, which rocked Hungarian public opinion in 2008. Read more of this post

News you may have missed #511