Russia, Lithuania and Norway exchange prisoners in rare three-way spy-swap

Frode BergA rare three-way spy-swap has reportedly taken place between Russia and two North Atlantic Treaty Organization (NATO) members, Lithuania and Norway. Rumors of a possible exchange of imprisoned spies between the three countries first emerged in mid-October. However, all three governments had either denied the rumors or refused to comment at the time. It now turns out that the spy-swap, which international news agencies described as “carefully coordinated” was the result of painstaking negotiations between the three countries, which lasted several months.

A major part of the process that led to last week’s spy swap was the decision of the Lithuanian parliament to approve altering the country’s criminal code. The new code allows the president of Lithuania to pardon foreign nationals who have been convicted of espionage, if doing so promotes Lithuania’s national interest. The new amendment also outlines the process by which the government can swap pardoned foreign spies with its own spies —or alleged spies— who may have been convicted of espionage abroad. On Friday, Lithuanian President Gitanas Nausėda announced he had pardoned two Russian nationals who had been convicted of espionage against Lithuania, in accordance with the new criminal code. The president’s move was approved by the country’s multi-agency State Defense Council during a secret meeting.

Shortly after President Nausėda’s announcement, Sergei Naryshkin, Director of Russia’s Foreign Intelligence Service (SVR) said that Moscow would immediately proceed with “reciprocal steps”. The Kremlin soon released from prison two Lithuanian nationals, Yevgeny Mataitis and Aristidas Tamosaitis. Tamosaitis was serving a 12-year prison sentence, allegedly for carrying out espionage for the Lithuanian Defense Ministry in 2015. Mataitis, a dual Lithuanian-Russian citizen, was serving 13 years in prison, allegedly for supplying Lithuanian intelligence with classified documents belonging to the Russian government.

The two Lithuanians were exchanged for two Russians, Nikolai Filipchenko and Sergei Moisejenko. Filipchenko is believed to be an officer in the Russian Federal Security Service (FSB), who was arrested by Lithuanian counterintelligence agents in 2015. He had been given a 10-year prison sentence for trying to recruit double agents inside Lithuania, allegedly in order to install listening bugs inside the office of the then-Lithuanian President Dalia Grybauskaite. Moisejenko was serving a 10½ year sentence for conducting espionage and for illegally possessing firearms. Lithuania alleges that Moisejenko had been tasked by Moscow with spying on the armed forces of Lithuania and NATO. Along with the two Lithuanians, Russia freed Frode Berg (pictured), a Norwegian citizen who was serving a prison sentence in Russia, allegedly for acting as a courier for the Norwegian Intelligence Service.

On Saturday, Darius Jauniškis, Director of Lithuania’s State Security Department, told reporters in Vilnius that the spy swap had taken place in a remote part of the Russian-Lithuanian border. He gave no further information about the details exchange, or about who was present at the site during the spy-swap.

Author: Joseph Fitsanakis | Date: 18 November 2019 | Research credit: E.G. | Permalink

Russian government cyber spies ‘hid behind Iranian hacker group’

Computer hackingRussian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, released on Monday, concerns a Russian cyber espionage group termed “Turla” by European cyber security experts.

Turla is believed to operate under the command of Russia’s Federal Security Service (FSB), and has been linked to at least 30 attacks on industry and government facilities since 2017. Since February of 2018, Turla is believed to have successfully carried out cyber espionage operations in 20 different countries. Most of the group’s targets are located in the Middle East, but it has also been connected to cyber espionage operations in the United States and the United Kingdom.

On Monday, officials from Britain’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) said Turla had hijacked the attack infrastructure of an Iranian cyber espionage group. The group has been named by cyber security researchers as Advanced Persistent Threat (APT) 34, and is thought to carry out operations under the direction of the Iranian government.

The officials said there was no evidence that APT34 was aware that some of its operations had been taken over by Turla. Instead, Russian hackers stealthily hijacked APT34’s command-and-control systems and used its resources —including computers, servers and malicious codes— to attack targets without APT34’s knowledge. They also accessed the computer systems of APT34’s prior targets. In doing so, Turla hackers masqueraded as APT34 operatives, thus resorting to a practice that is commonly referred to as ‘fourth party collection’, according to British and American officials.

The purpose of Monday’s announcement was to raise awareness about state-sponsored computer hacking among industry and government leaders, said the officials. They also wanted to demonstrate the complexity of cyber attack attribution in today’s computer security landscape. However, “we want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them”, said Paul Chichester, a senior GCHQ official.

Author: Joseph Fitsanakis | Date: 22 October 2019 | Permalink

Russia preparing to swap imprisoned spies with NATO members, sources claim

LithuaniaThe Russian government is preparing to swap a number of imprisoned spies with at least two member states of the North Atlantic Treaty Organization (NATO), according to reports. The Estonia-based news agency BNS, which is the largest news agency in the Baltics, said on Wednesday that negotiations between Russian and Lithuanian, as well as probably Norwegian, officials were nearing completion.

The alleged spies at the center of the reputed spy swap are said to include Nikolai Filipchenko, who is reportedly an intelligence officer with the Russian Federal Security Service (FSB). Filipchenko was arrested by Lithuanian counterintelligence agents in 2015, allegedly while trying to recruit double agents inside Lithuania. He was charged with using forged identity documents to travel to Lithuania on several occasions between 2011 and 2014. His mission was allegedly to recruit officers in Lithuania’s Department of State Security in order to install listening bugs inside the office of the then-Lithuanian President Dalia Grybauskaite. In 2017, a district court in the Lithuanian capital Vilnius sentenced Filipchenko to 10 years in prison. The alleged Russian spy refused to testify during his trial and reportedly did not reveal any information about himself or his employer. He is believed to be the first FSB intelligence officer to have been convicted of espionage in Lithuania.

BNS reported that the Russians have agreed to exchange Filipchenko for two Lithuanian nationals, Yevgeny Mataitis and Aristidas Tamosaitis. Tamosaitis is serving a 12-year prison sentence in Russia, allegedly for carrying out espionage for the Lithuanian Defense Ministry in 2015. In the following year, a Russian court sentenced Mataitis, a dual Lithuanian-Russian citizen, to 13 years in prison, allegedly for supplying Lithuanian intelligence with classified documents belonging to the Russian government. Lithuanian authorities have refused to comment publicly about Filipchenko and Mataitis, saying that details on the two men are classified. According to BNS, the spy swap may involve two more people, an unnamed Russian national and a Norwegian citizen, who is believed to be Frode Berg, a Norwegian retiree who is serving a 16-year jail sentence in Russia, allegedly for acting as a courier for the Norwegian Intelligence Service.

BNS said on Wednesday that the Lithuanian State Defense Council, which is chaired by the country’s president, had approved the spy exchange, and that Moscow had also agreed to it. On Thursday, however, a spokeswoman for Russia’s Foreign Affairs Ministry said she had “no information on this issue” that she could share with reporters.

Author: Joseph Fitsanakis | Date: 18 October 2019 | Research credit: E.G. | Permalink

ISIS threatens stability of former Soviet Republics, says Russian spy chief

ISIS Afghanistan

Thousands of Islamic State fighters are operating in Afghanistan’s northern border regions and are attempting to destabilize former Soviet Republics with substantial Muslim populations, according to Russia’s domestic spy chief. This warning was issued by Alexander Bortnikov, director of Russia’s Federal Security Service (FSB), which functions as Russia’s primary counter-terrorism agency. Bortnikov made these remarks during a visit to the capital of Tajikistan, Dushanbe, for a meeting of the heads of intelligence agencies of the Commonwealth of Independent States (CIS), an intergovernmental organization comprised of former Soviet Republics in the Eurasian region. The meeting was reportedly held behind closed doors, but Russia’s government-owned news agency TASS carried a summary of Bortnikov’s remarks.

The Russian intelligence chief said that, with the aid of the intelligence services of CIS states like Uzbekistan, Azerbaijan, Tajikistan, Kyrgyzstan, and others, the FSB was able to uncover and suppress eight Islamic State cells in the past year, which operated in the Central Asian region. However, the reach of the CIS countries does not extend to Afghanistan, said Bortnikov, where as many as 5,000 Islamic State fighters are congregating along the country’s border with three CIS states, namely Turkmenistan, Uzbekistan and Tajikistan. Many of these fighters are Turkmens, Uzbeks, Tajiks, Russians, and other citizens of CIS states, who previously fought with the Islamic State in Syria and elsewhere, and now form integral components of the Islamic State’s fighting force in Afghanistan and Pakistan. It appears that the Islamic State is now attempting to exploit the mountainous and porous borders of northern Afghanistan in order to destabilize neighboring countries, he said. These fighters intend to exploit “migrant and refugee flows [in Central Asia] in order to operate covertly from the Afghan battle zones to neighboring countries” and from there possibly to Russia, according to Bortnikov.

These covert activities of Islamic State fighters have already caused an escalation of tensions in the region and can be expected to continue to do so, as these groups radicalize and co-opt Muslim communities in CIS countries, noted Bortnikov. He added that popular responses to Islamist radicalization are prompting increasing incidents of “anti-Islamic terrorism”, which further-fuel religious and ethnic tensions in the region. As a reminder, last week the Islamic State announced that its so-called Khorasan Province fighters would be amalgamated into a new armed group calling itself Islamic State – Pakistan Province. Earlier this month, the group also proclaimed the establishment of a new overseas province in India’s Jammu and Kashmir state, called “wilayah al-Hind” (province of Hind). In addition to these two forces, there are currently an estimated 3,000 to 4,000 Islamic State fighters in Afghanistan’s Pashtun regions.

Author: Joseph Fitsanakis | Date: 22 May 2019 | Permalink

Suicide bomber who attacked Russian spy agency identified as ‘anarchist-communist’

Mikhail ZhlobitskyA teenager who killed himself with an improvised explosive device in the lobby of a regional office of Russia’s domestic intelligence agency appears to have identified himself as an “anarchist-communist” on social media. At 8:52 am local time on Wednesday, the 17-year-old entered the regional office of Russia’s Federal Security Service (FSB) in the city of Archangelsk, located 800 miles north of Moscow. On CCTV footage released by the Russian security services, he is seen reaching into his backpack and taking out an object, which soon exploded, killing him and wounding three others.

The bomber was later identified in the Russian media as Mikhail Zhlobitsky, a student at a local technical college. Within hours, reports pointed to posts made on social media platforms by Zhlobitsky, who used several online aliases, including that of “Sergey Nechayev”, one of Russia’s leading 19th-century anarchists, who died in prison for advocating terrorism as a means of revolution. Shortly before the attack, someone using the alias “Valeryan Panov” commented on the social messaging application Telegram that he was about to bomb the FSB in Archangelsk. In the comment, which was posted on an anarchist forum, the user said that he had decided to act “because the FSB falsifies cases and tortures people”. The user added that he would probably die in the attack because he had to manually detonate the improvised explosive device he was carrying with him. He concluded his message with the words: “I wish you a glorious future of anarchist communism!”.

The activities of militant Russian anarchists and anarcho-communists date back to the mid-19th century; anarchist militants are responsible for numerous assassinations of senior Russian officials, including Emperor Alexander II, who was killed by a Russian anarchist in 1881. But the movement was ruthlessly suppressed by the Soviet state and today the FSB and other Russian security services are actively monitoring the remnants of the Russian anarchist movement. These include the Confederation of Revolutionary Anarcho-Syndicalists, the group Autonomous Action, and the Siberian Confederation of Labor. Large sections of these groups have now moved underground, as the government of Russian President Vladimir Putin has named anarchists as primary enemies of order and security in the Russian Federation. Earlier this month, another Russian teenager, Vladislav Roslyakov, killed himself after shooting 19 students and teachers at a technical college in Kerch, a Black Sea port city in Russian-annexed Crimea. No political motive for the attack has been reported.

Author: Joseph Fitsanakis | Date: 01 November 2018 | Research credit: S.F. | Permalink

US fired Moscow embassy employee who may have spied for Russia

US embassy in RussiaA female Russian national who worked for the United States Secret Service in Moscow was quietly dismissed in 2017, amidst concerns that she was spying for Russia. British newspaper The Guardian, which broke the story last week, did not name the Russian woman. But it said that she had worked at the US Embassy in Moscow “for more than a decade”, most recently for the Secret Service –a federal law enforcement agency that operates within the Department of Homeland Security. The Secret Service has several missions, the most important of which is to ensure the physical safety of America’s senior political leadership.

Throughout her Secret Service career, the Russian woman is thought to have had access to the agency’s email system and intranet network, said The Guardian, citing “an intelligence source”. She could also potentially have had access to “highly confidential material”, said the paper, including the daily schedules of America’s past and current presidents and vice presidents, as well as their family members’ schedules.

The unnamed Russian national first came under suspicion in 2016, said The Guardian, during a routine security review conducted by two counterintelligence staff members at one of the Department of State’s Regional Security Offices (RSO). These reviews usually take place every five years and scan the background and activities of employees at American embassies abroad. The review showed that the unnamed Russian national was holding regular meetings with officers of the Federal Security Service (FSB), Russia’s domestic intelligence service. In January of 2017, the Department of State reportedly shared its findings with the Secret Service. But the latter waited until several months later to fire the Russian woman, having decided to do so quietly, said The Guardian.

According to the paper, instead of launching a major investigation into the State Department’s findings, the Secret Service simply dismissed the woman by revoking her security clearance. The paper said that the Russian national’s dismissal took place shortly before the US embassy in Moscow was forced to remove or fire over 750 employees as part of Russia’s retaliation against economic sanctions imposed on it by Washington. That coincidence helped the Secret Service “contain any potential embarrassment” arising from claims of espionage, said The Guardian. The paper contacted the Secret Service and was told that “all Foreign Service nationals” working for the agency “are managed accordingly to ensure that […US] government interests are protected at all times”. Their duties, therefore, are “limited to translation, interpretation, cultural guidance, liaison and administrative support. This is of particular emphasis in Russia”, said a Secret Service spokesman, who refused to discuss specific cases.

Author: Joseph Fitsanakis | Date: 07 August 2018 | Research credit: S.F. | Permalink

US imposes sanctions on companies for helping Russian spy agencies

YantarThe United States has for the first time imposed economic sanctions on a number of Russian companies, which it says helped the Kremlin spy on targets in North America and Western Europe. On Monday, the US Department of the Treasury said it would apply severe economic restrictions on a number of Russian firms that work closely with the Kremlin. One of the companies was identified as Digital Security, which Washington says has been helping Russian intelligence agencies develop their offensive cyber capabilities. Two of Digital Security’s subsidiaries, Embedi and ERPScan, were also placed on the US Treasury Department’s sanctions list. Monday’s statement by the Treasury Department named another Russian firm, the Kvant Scientific Research Institute, which it described as a front company operated by the Russian Federal Security Service (FSB).

But the Russian firm that features most prominently in Monday’s announcement is Divetechnoservices, an underwater equipment manufacturer. The US alleges that the FSB paid the company $15 million in 2011 to design equipment for use in tapping underwater communications cables. According to Washington, equipment designed by Divetechnoservices is today used by a fleet of Russian ships that sail on the world’s oceans searching for underwater communications cables to tap. One such ship, according to reports, is the Yantar (pictured), ostensibly an oceanic research vessel, which Washington says is used to detect and tap into underwater communications cables.

In addition to Divetechnoservices, the US Treasury has named three individuals who will face economic sanctions due to what Washington says is their personal involvement with the underwater hardware manufacturer. They are: Vladimir Yakovlevich Kaganskiy, the company’s owner and former director; Aleksandr Lvovich Tribun, who serves as Divetechnoservices’ general director; and Oleg Sergeyevich Chirikov, identified as the manager of Divetechnoservices’ underwater surveillance program. These men —all Russian citizens— will not be able to enter into business relationships with American companies or citizens. On Tuesday, Russia’s Ministry of Foreign Affairs dismissed the latest round of US sanctions as an act of desperation. The White House would fail in its effort to “force the Russian Federation to change its independent course of action in the international arena”, said the Russian Ministry of Foreign Affairs.

Author: Ian Allen | Date: 13 June 2018 | Permalink