Turkish pro-government newspaper publishes interview with alleged Mossad spy

Ram Ben-BarakA POPULAR TURKISH NEWSPAPER has published an interview with a member of a network of spies who were allegedly recruited by the Israeli agency Mossad to spy on Palestinian students living in Turkey. As intelNews reported last week, Turkish intelligence announced the arrests of 15 members of an alleged spy ring for the Mossad. Turkish media said that the 15 individuals were arrested on October 7 during simultaneous raids that took place across four different provinces. The counterintelligence operation to arrest the alleged spies took nearly a year and involved more than 200 officers of Turkey’s National Intelligence Organization (MİT).

Last Friday, Turkey’s Sabah newspaper published a lengthy interview with one of the 15 alleged spies. The paper, which is politically aligned with the government of President Recep Tayyip Erdoğan, referred to the alleged spy using the initials “M.A.S.”, and claimed he is a Turkish citizen who was recruited by the Mossad. The alleged spy told the paper that he was first contacted in December 2018 by “an agent called A.Z.” through the WhatsApp phone application. After providing this individual with information about Turkish universities, he was sent funds via Western Union wire transfers. Other times he was paid by a man he met in a market in Istanbul, after showing him his identity card, along with a receipt that had been sent to him by A.Z.

Eventually, M.A.S. said he was instructed to travel to Switzerland, having first secured a visa for his trip through a company called European Student Guidance Center. Sabah claims the M.A.S.’ trip to Switzerland was paid for by the Mossad. While in there, M.A.S. met his alleged handlers, who taught him how to use strong encryption for sending documents and other information via secure email applications. However, even at that point he did not realize he was working for a foreign government, having been told by his handlers that they were employees of an “intelligence-like organization” in the private sector. According to Sabah, other members of the alleged spy ring met with their handlers, abroad, mostly in Switzerland and Croatia. Most were paid with cryptocurrency, conventional international money transfers, or sometimes in gold jewelry or foreign currency.

Importantly, Sabah did not say how its reporters were able to gain access to M.A.S. after his arrest by the Turkish authorities. The Turkish government has made no official statement about these arrests. Also on Friday, a number of Israeli public figures, including Ram Ben-Barak (pictured), former deputy director of the Mossad and current chairman of the Knesset’s Committee on Foreign Affairs and Defense, said that “none of the published names [in Turkey] were [of] Israeli spies”. Ben-Barak also cast doubt on the professionalism and capabilities of Turkish counterintelligence.

Author: Joseph Fitsanakis | Date: 25 October 2021 | Permalink

Turkey announces arrest of Russian and Israeli alleged spies following crackdown

MIT Turkey

THE GOVERNMENT OF TURKEY has announced the arrest of 21 individuals, among them foreign citizens, whom it accuses of “political and military espionage” on behalf of Israel, and of planning assassinations ordered by Russia. Turkish authorities released separately two statements on Thursday, announcing the arrests of alleged spies for Israel and Russia respectively. The two sets of arrests do not appear to be connected, despite the fact that they were announced on the same day.

Six alleged assassins operating under Russian command were arrested on October 8 in Antalya, a tourist resort located on Turkey’s southern coast. Turkey’s National Intelligence Organization (MİT) said the group includes four Russians, a Ukrainian and an Uzbek. They allegedly planned to kill a number of Chechen separatists who live in Turkey. In preparation of the alleged assassinations, group members “were in the process of obtaining weapons”, according to Turkish government prosecutors.

A court in Istanbul has reportedly ruled that the members of the alleged assassination team should remain behind bars, pending a trial for espionage. Meanwhile the a Russian government spokesman said on Thursday that the Kremlin was “not aware” of any Russian citizens having been arrested on espionage charges in Turkey, adding that the Russian embassy in Ankara had not been informed of any such arrests.

Meanwhile, in a separate announcement issued on Thursday, the MİT disclosed the arrests of 15 members of an alleged spy ring for Israel’s Mossad intelligence agency. Turkish media reports said the 15 individuals had been arrested in a series of raids that took place across four Turkish provinces on October 7, following a year-long counterintelligence operation. Turkish authorities claim that the spy ring monitored the activities of Palestinians living in Turkey and provided the information to the Mossad, in return “for tens of thousands of dollars and euros”. The Israeli government has not commented on these reports.

Author: Joseph Fitsanakis | Date: 22 October 2021 | Permalink

CIA asks its case officers to focus more on security in ‘unusual’ message

CIA

IN A MESSAGE DESCRIBED by observers as “unusual”, the United States Central Intelligence Agency has warned its case officers to give priority to security when recruiting spies in foreign countries. Fictional treatments of espionage work usually refer to CIA personnel as “spies”. In real-life espionage work, however, this term is actually reserved for citizens of foreign countries who are recruited by CIA case officers to work as informants.

According to The New York Times, large numbers of these foreign CIA informants have been “captured or killed” in recent years. The number is reportedly so high that the CIA’s counterintelligence mission center sent “an unusual top secret cable” last week to every CIA station around the world, drawing attention to that fact. The cable was unusual in its candor and even went so far as to relay the precise number of informants who had been captured, killed or compromised in recent times. According to the paper, the cable made specific mention of informants who were neutralized in countries such as Pakistan, Iran, China and Russia.

The top-secret cable continued by highlighting the importance of placing security at the center of the CIA’s mission, especially when recruiting new informants, said The Times. Case officers —personnel in the CIA’s Directorate of Operations, whose job is to recruit foreigners— are expected to recruit with consistency, and are promoted based on that consistency. But the top-secret cable “reminded CIA case officers to focus not just on recruiting sources, but also on security issues, including vetting informants and evading adversarial intelligence services”, according to The Times. The paper added that the language in the cable implied that CIA case officers have often underestimated the agency’s adversaries abroad.

The Times said it reached out to the CIA with questions about the top-secret memo, but “a CIA spokeswoman declined to comment”.

Author: Joseph Fitsanakis | Date: 07 October 2021 | Research credit: J.S. | Permalink

New Zealand judge refuses to disclose identities in rare espionage case

New Zealand Defence Force

A JUDGE IN NEW Zealand rejected on Monday a request by news media to lift the ban on the identity of a soldier, who was arrested nearly two years ago for allegedly spying for a foreign country. The soldier was arrested in December of 2019, and is being prosecuted under New Zealand’s 1961 Crimes Act. It is the first time in the post-Cold War era that this act has being used to prosecute someone in New Zealand.

The accused is facing a total of 17 charges, including six counts of espionage and attempted espionage, three counts of accessing a computer system for a dishonest purpose, and two counts of possessing an objectionable publication. The latter charge is believed to relate to the accused’s alleged connection with far-right and white nationalist organizations in New Zealand and possibly Australia. This claim has not been confirmed, however.

Since the arrest of the soldier, his name, as well as that of his wife and of multiple witnesses for the government, have been suppressed by the court. Importantly, the country for which the accused allegedly spied for has also been suppressed. This was done at the request of the government of New Zealand, which claims that doing otherwise could imperil “the defense and security of New Zealand”. The government also argues that naming the country for which the accused is believed to have spied could harm New Zealand’s diplomatic relations with that country.

On Monday, during a pre-trial court-martial hearing in Palmerston North, in which the suspect appeared via video-link, the chief judge in the case decided to extend the suppression of the information about the identity of those involved. The judge, Kevin Riordan, said that the name suppression would be extended at least until the next pre-trial hearing, which has not yet been scheduled. The trial was initially due to begin on October 6, but has been postponed indefinitely, due to complications arising from the use of classified evidence that the government’s lawyers intend to present during the court case.

Author: Joseph Fitsanakis | Date: 27 September 2021 | Permalink

Leaked documents show Georgian intelligence service spied on Western diplomats

Tbilisi

THE EUROPEAN UNION HAS summoned the chief Georgian envoy to Brussels, in response to allegations that European, American and other diplomats were spied on by the Georgian security services. The allegations have emerged from an extensive collection of documents, which were released to the media by an anonymous whistleblower earlier this month.

The documents appear to confirm long-held suspicions among many in the former Soviet Republic, that the Georgian State Security Service (SSS) has been spying on members of the clergy, as well as on opposition politicians, journalists and others. But the documents also allege that the SSS has been spying on diplomats from the European Union, the United States, Israel, and other countries, who are stationed in the Georgian capital Tbilisi. Among those who have allegedly been targeted is the European Union’s ambassador to Georgia, Carl Hartzell.

The European External Action Service, which is the European Union’s foreign-policy diplomatic and foreign office, described the revelations as “a very serious matter”, and added that they have “implications in the framework of the Vienna Convention [on] Diplomatic Relations”. On Wednesday, the European Union reportedly summoned Georgia’s ambassador to Brussels, Vakhtang Makharoblishvili, in order to issue a formal complaint. Ambassador Hartzell said that the “volume and nature” of the alleged espionage went “beyond the normal activities of security services” and “raised serious questions about the relationship” between Georgia and the West.

Meanwhile, Georgia’s Prime Minister, Irakli Gharibashvili, described revelations in the leaked documents as “fabrications and falsifications”, and blamed his government’s political opponents for leaking them to the press. He also defended the conduct of the SSS, saying that the agency “conducts [only] legitimate wiretaps within the limits established by [Georgian] law”.

Author: Joseph Fitsanakis | Date: 23 September 2021 | Permalink

Alleged spy at British embassy in Berlin aroused suspicion by not using bank account

British embassy BerlinAn employee of the British embassy in Berlin, who was arrested last week on suspicion of spying for Russia, drew the attention of the authorities after he stopped using his bank account, according to reports. The man, who was arrested on August 10 by Germany’s Federal Criminal Police Office (BKA), has been identified in German media as David Smith, 57. His arrest is believed to have come as a result of a joint investigation by British and German authorities.

Smith is a longtime resident of Potsdam, a city located southeast of Berlin, and was married for 20 years to a woman from Ukraine, who is believed to have Russian heritage. According to some reports, however, his wife has not been living with him for some time. It has also been reported that Smith had been working for the British embassy in Berlin “for three or four years” in the period leading up to his arrest last week. It is also believed that he had previously served in the Royal Air Force and the Germany Guard Service (GGS). The latter is a joint British-German civilian volunteer force with roots in the Cold War, which provides security support to British Forces stationed in Germany.

Last week, several German news outlets said that Smith first aroused suspicions among British and German counterintelligence experts, after they noticed that he had not made use of his debit or credit cards for several months. His sudden lack of withdrawals from his bank accounts caused them to think that may have secured a cash-based source of income —possibly from a foreign intelligence agency. Citing anonymous intelligence officials, German media report that Smith passed on “low-grade information” to his Russian handlers, including lists of names of visitors to the British embassy. He was arrested, however, after British and German authorities allegedly feared that he was preparing to give Moscow more sensitive information in his possession.

Author: Joseph Fitsanakis | Date: 16 August 2021 | Permalink

Employee of British embassy in Berlin charged with spying for Russia

British embassy in BerlinAn employee of the British embassy in Berlin has been arrested by German authorities, who charged him with spying for the intelligence services of the Russian Federation, according to reports. The German newsmagazine Focus said on Wednesday that the employee is a 57-year-old British citizen. He was reportedly arrested on Tuesday by Germany’s Federal Criminal Police Office (BKA). His arrest took place in Potsdam, a city located southeast of Berlin. His arrest is believed to have come as a result of a joint investigation by British and German authorities.

There appears to be some confusion about the man’s position at the British embassy. In some reports, he is referred to as a “liaison officer”, a term that describes diplomatic personnel whose job is to exchange security-related information with the relevant authorities of the host-country. However, other reports suggest that the man is locally based in Berlin, and was working as support personnel at the British embassy, without having been granted diplomatic status. This would mean that he does not have diplomatic immunity in Germany or elsewhere.

It is also believed that BKA officers searched the man’s home and workplace. According to Focus, he has been charged with carrying out espionage activities on behalf of Russian intelligence. German prosecutors said he began working for Russian intelligence in November of 2020 at the very latest. During that time, he allegedly provided classified information to his Russian handlers on at least one occasion, in exchange for cash. Media reports suggest that the information he allegedly gave the Russians relates to counter-terrorism operations. No further information is known about the case at this stage.

Author: Joseph Fitsanakis | Date: 12 August 2021 | Permalink

Germany arrests wife of alleged spy for China, says she assisted his espionage work

BND Germany

FEDERAL PROSECUTORS IN THE German city of Munich have arrested the wife of a German political scientist, who was himself arrested last month on charges of spying for China. Identified as “Klara K.”, the woman is believed to be a dual citizen of Germany and Italy. She is the wife of “Klaus K.”, 75, who began his career in the 1980s as a member of staff of the political research foundation Hanns Seidel Stiftung. The Munich-based foundation is the informal think-tank of the conservative Christian Social Union (CSU), which is the Bavarian arm of German Chancellor Angela Merkel’s Christian Democratic Union.

As part of his job, Klaus L. traveled frequently to countries in Africa, Asia and Europe, as well as to former Soviet states. It is also believed that, for over five decades, he worked as a paid informant for the German Federal Intelligence Service (BND) —Germany’s foreign intelligence agency. On July 5, Klaus L. was arrested by the German police, and charged with spying for China. His arrest came a few weeks after his home in Munich was searched by the police, as part of an investigation into his activities.

On Monday, federal prosecutors in Munich said they had also arrested Klaus K.’s wife, Klara K. She has been charged with “regularly provid[ing] Chinese secret service officials with information in the run-up to, or after, state visits or multinational conferences” in which she and Klaus K. participated. She has also been charged with providing Chinese intelligence with “information on pertinent current issues”.

Last month, German media reported that Klaus and Klara K. were arrested shortly after returning to the Bavarian capital from Italy. The couple were on their way to the Munich International Airport, from where they were scheduled to travel to the Chinese autonomous region of Macau, allegedly in order to meet their Chinese handlers. Neither the Chinese central government, nor the Chinese embassy in Berlin, have commented on the case. The BND said on Monday that it did not “comment on matters that relate to […] intelligence information or activities”.

Author: Joseph Fitsanakis | Date: 05 August 2021 | Permalink

Taiwan’s former deputy defense minister implicated in espionage investigation

National Defense University Taiwan

THE FORMER THIRD-IN-command at Taiwan’s Ministry of National Defense is being investigated in connection with an alleged Chinese espionage operation that targeted Taiwanese military officials, according to reports. General Chang Che-Ping served as Taiwan’s Deputy Minister of National Defense from July 2019 until June of this year. Upon leaving his position, he assumed the presidency of Taiwan’s National Defense University, which is the island nation’s foremost military academy.

Taiwanese and other Southeast Asian media reported on Wednesday that General Chang is under investigation for allegedly sharing Taiwanese defense secrets with a man referred to as an intelligence officer working for China. The man has been named only as “Xie” in the Taiwanese media. He reportedly made regular trips to Taiwan from Hong Kong in recent years, pretending to be a business executive. In reality, however, Xie is believed to have operated in Taiwan as an intelligence officer for the Chinese Ministry of National Defense’s Central Military Commission (CMC). The CMC is chaired by China’s President, Xi Jinping, and functions as the country’s highest military policy-making institution.

During his multiple trips to Taiwan, Xie is believed to have met repeatedly with a number of Taiwanese military officials, including General Chang. Subsequently, Xie hosted the general’s wife during a trip she made to Hong Kong —though it is claimed that he did not cover the cost of the trip. It is not known whether General Chang’s wife is also a subject of the investigation, which is being conducted by the Taipei District Prosecutor’s Office. One of its spokesmen said on Wednesday that another matter, which relates to the case of General Chang, is also being investigated, but he refused to provide further information.

General Chang is the highest-ranking government official in Taiwan to be investigated in an espionage-related case in over 30 years. According to reports, he has offered to cooperate fully with the investigators. He has not been detained or charged for the time being.

Author: Joseph Fitsanakis | Date: 29 July 2021 | Permalink

Alleged Pegasus phone-tapping list includes phones of at least 14 heads of state

Emmanuel Macron

AT LEAST FOURTEEN CURRENT or former heads of state, including presidents, prime ministers, and one king, are included in a list of 50,000 telephone numbers that were allegedly compromised through a controversial surveillance software. Known as Pegasus, the controversial spyware is marketed by NSO Group Technologies, an Israeli digital surveillance company based in near Tel Aviv.

Pegasus is able to install itself on targeted telephones without requiring their users to click a link, or download an application. Upon installation, it provides the spying party with near-complete control of a targeted telephone. This includes the ability to browse through the device’s contents, such as photographs and videos, record conversations, as well as activate the telephone’s built-in microphone and camera at any time, without its user’s consent or knowledge.

Earlier this week, a consortium of newspapers from several countries said they had analyzed a leaked list of 50,000 victims of Pegasus, which allegedly includes the names of senior government officials, lawyers, labor leaders, human-rights activists and investigative journalists in almost every country. New in a new report, The Washington Post, which participated in the initial investigation into Pegasus, claims that the leaked list contains the names of 14 current or former heads of state.

According to the newspaper, the list contains telephone devices belonging to three presidents, France’s Emmanuel Macron (pictured), South Africa’s Cyril Ramaphosa, and Iraq’s Barham Salih. The telephone devices of three current prime ministers are also on the list, says The Post. These are, Morocco’s Saad-Eddine El Othmani, Egypt’s Mostafa Madboul, and Pakistan’s Imran Khan.

Also on the list are three former prime ministers, who were in office when they were allegedly targeted by Pegasus users: France’s Édouard Philippe, Belgium’s Charles Michel, Italy’s Romano Prodi, Lebanon’s Saad Hariri, Kazakhstan’s Bakitzhan Sagintayev, Uganda’s Ruhakana Rugunda, Algeria’s Noureddine Bedoui, and Yemen’s Ahmed Obeid bin Daghr. A telephone number belonging to the king of Morocco, Mohammed VI, is also reportedly on the list. Finally, the list allegedly includes several senior officials of international organizations, including the head of the World Health Organization, Dr Tedros Adhanom Ghebreyesus.

The Post report also includes part of a statement by NSO Group Technologies, in which the company says it keeps tabs on the use of its software by its clients, and has the power to block any misuse of Pegasus. The company also states that it intends to “continue to investigate all credible claims of misuses [of Pegasus] and take appropriate action” if needed, including “shutting down of a customers’ system”, which it has done “multiple times in the past and will not hesitate to do again if a situation warrants”.

Author: Joseph Fitsanakis | Date: 22 July 2021 | Permalink

German think-tank researcher arrested on suspicion of spying for Chinese intelligence

Shanghai

A GERMAN POLITICAL SCIENTIST, who worked for years as a senior member of a prominent Munich-based think-tank, has been arrested by German authorities on suspicion of spying for Chinese intelligence. In line with German privacy laws, the man has been named only as “Klaus L.”. He is believed to be 75 years old and to live in Munich.

According to reports, the suspect worked since the 1980s for the Hanns Seidel Stiftung, a political research foundation named after a former chairman of the conservative Christian Social Union (CSU) of Bavaria. The Munich-headquartered foundation is the informal think-tank of the CSU, which is the Bavarian arm of German Chancellor Angela Merkel’s Christian Democratic Union.

As part of his job, Klaus L. traveled frequently to countries in Africa, Asia and Europe, as well as former Soviet states. It is also believed that, for over 50 years, he had worked as a paid informant for the German Federal Intelligence Service (BND) —Germany’s foreign intelligence agency, which is equivalent to the United States Central Intelligence Agency. According to a government press statement, Klaus L. would provide the BND with information relating to his foreign travels, conference attendance and other “certain issues” of interest to the spy agency. In return, the BND allegedly funded some of his travel and conference expenses, and provided him with a regular stipend.

But in the summer of 2010, Klaus L. was allegedly approached by Chinese intelligence during a trip to the city of Shanghai. According to German counterintelligence, he was persuaded by the Chinese to cooperate with Chinese intelligence operatives, and did so until the end of 2019. In November of that year, German police searched his home in Munich, as part of an investigation into his activities. In May of this year, Klaus L. was charged with espionage and on July 5 he was formally arrested.

Interestingly, Klaus L. does not deny that he provided sensitive information to China. He argues, however, that he informed his BND handler about his contacts with the Chinese, and that these were known to German intelligence. He therefore claims that his Chinese contacts were part of a German counterintelligence operation targeting the Chinese government. His trial is scheduled for this fall.

Author: Joseph Fitsanakis | Date: 07 July 2021 | Permalink

News you may have missed #912: Analysis edition

Trojan Shield

SolarWinds: How Russian spies hacked US government departments. Last year, in perhaps the most audacious cyber attack in history, Russian military hackers sabotaged a tiny piece of computer code buried in a popular piece of software called SolarWinds. After it was installed, Russian agents went rummaging through the digital files of the US departments of Justice, State, Treasury, Energy, and Commerce —among others— and for nine months, they had unfettered access to top-level communications, court documents, even nuclear secrets. On July 4, the CBS television show 60 Minutes aired a special segment on this topic.

Why did the FBI’s encrypted phone sting not target US suspects? In 2018, a San Diego-led federal sting secretly launched an encrypted communications company as part of Operation TROJAN SHIELD (pictured). Over the next few years, FBI agents, working with law enforcement partners in Australia, New Zealand and Europe, seeded thousands of spyware-infected phones into the hands of criminals and used them to build cases against 300 organized crime groups around the world, from Australian biker gangs to Italian mafia cells. But one country was off limits for investigating agents: the United States. The San Diego Union-Tribune’s Kristina Davis explains why.

Opinion: Clearance holders need to protect America by studying espionage. John William Davis, retired counterintelligence officer who instructed the threat portion of the US Department of the Army’s Operations Security Course, argues that “many, many techniques for recruiting spies continue much as they did over preceding years. We can learn from the past and apply what we learn to the future.”

Afghans who spied for CIA say they fear retaliation once US forces withdraw

Antony Blinken

AFGHAN CIVILIANS WHO WERE recruited by the United States Central Intelligence Agency as local assets say they fear retaliation by a resurgent Taliban once American forces withdraw from Afghanistan in September. Last April, US President Joe Biden announced that American troops would leave Afghanistan by September 11. The date will mark the 20th anniversary of the terrorist attacks of September 11, 2001, which caused Washington to send troops to Afghanistan in response.

The CIA has been a major component of America’s presence in Afghanistan over the past two decades. When operating in the Central Asian country, CIA officers have routinely relied on local people to collect intelligence, provide translation services, and guard its facilities and personnel. These local assets were typically paid in cash for their services, which were secret in nature and often life-threatening.

Now many of these local assets —possibly thousands— are apprehensive of the pending withdrawal of their American protectors from Afghanistan, and fear retaliation from a resurgent Taliban. According to The Wall Street Journal, these local CIA assets say that “their lives are now at risk”. A large number of them have submitted applications for a US Special Immigrant Visa. This is a State Department program that aims to offer protection to local people who have carried out “sensitive and trusted activities” on behalf of American government personnel abroad.

But the Special Immigrant Visa process is complicated and expensive, and is currently plagued by major delays. The Wall Street Journal reports that, even though the law stipulates Special Immigrant Visa requests must be processed within nine months, applications are currently taking between three to five years to be adjudicated. The Department of State says it is currently working through a backlog of 18,000 applications from around the world. The situation is particularly dire for Afghan CIA assets, says the paper, because many find it difficult to prove they ever worked for the CIA. The spy agency’s record-keeping was minimal throughout its time in Afghanistan, especially in the opening years of the conflict, according to the report. Furthermore, some local assets may not even be named in CIA documentation, so as to protect their identity.

In response to calls for faster processing of Special Immigrant Visa requests, US Secretary of State Antony Blinken (pictured) said earlier this month: “We’re determined to make good on our obligation to those who helped us, who put their lives on the line, put their families’ lives on the line working with our military, working with our diplomats”.

Author: Joseph Fitsanakis | Date: 23 June 2021 | Permalink

Germany arrests Russian PhD student on suspicion of spying for Moscow

University of Augsburg

A RUSSIAN DOCTORAL STUDENT in mechanical engineering, who is studying in a Bavarian university, has been arrested by German police on suspicion of spying for Moscow, according to official statements and reports in the German media. According to a press statement issued by the Federal Public Prosecutor General’s office in the city of Karlsruhe, the PhD student was arrested on Friday, June 18.

The student was subsequently identified by the German authorities only as “Ilnur N.”, in accordance with German privacy laws. On Monday, however, local media identified the suspected spy as Ilnur Nagaev, a doctoral candidate at the University of Augsburg, which is located 50 miles northwest of Munich. Nagaev reportedly works as a research assistant there, while pursuing his doctoral studies in mechanical engineering.

German authorities maintain that the suspect began working “for a Russian secret service” in early October of 2020, and possibly earlier. He is also accused of having met with an unidentified “member of a Russian foreign secret service” at least three times between October 2020 and June of this year. According to German federal prosecutors, Nagaev shared unspecified information with his alleged Russian handler, and received cash in return at the end of each meeting.

German police reportedly searched Nagaev’s home and work office looking for further clues about the case. In the meantime, a judge at the Bundesgerichtshof (Federal Court of Justice) in the Federal Court of Justice in Karlsruhe, which is Germany’s highest court on matters of ordinary jurisdiction, ordered that Nagaev be kept in pre-trial detention, pending a possible indictment. Neither the Russian nor the German federal governments have commented on this case.

Author: Joseph Fitsanakis | Date: 22 June 2021 | Permalink

Russian actors had access to Dutch police computer network during MH17 probe

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

%d bloggers like this: