Russian government cyber spies ‘hid behind Iranian hacker group’

Computer hackingRussian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, released on Monday, concerns a Russian cyber espionage group termed “Turla” by European cyber security experts.

Turla is believed to operate under the command of Russia’s Federal Security Service (FSB), and has been linked to at least 30 attacks on industry and government facilities since 2017. Since February of 2018, Turla is believed to have successfully carried out cyber espionage operations in 20 different countries. Most of the group’s targets are located in the Middle East, but it has also been connected to cyber espionage operations in the United States and the United Kingdom.

On Monday, officials from Britain’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) said Turla had hijacked the attack infrastructure of an Iranian cyber espionage group. The group has been named by cyber security researchers as Advanced Persistent Threat (APT) 34, and is thought to carry out operations under the direction of the Iranian government.

The officials said there was no evidence that APT34 was aware that some of its operations had been taken over by Turla. Instead, Russian hackers stealthily hijacked APT34’s command-and-control systems and used its resources —including computers, servers and malicious codes— to attack targets without APT34’s knowledge. They also accessed the computer systems of APT34’s prior targets. In doing so, Turla hackers masqueraded as APT34 operatives, thus resorting to a practice that is commonly referred to as ‘fourth party collection’, according to British and American officials.

The purpose of Monday’s announcement was to raise awareness about state-sponsored computer hacking among industry and government leaders, said the officials. They also wanted to demonstrate the complexity of cyber attack attribution in today’s computer security landscape. However, “we want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them”, said Paul Chichester, a senior GCHQ official.

Author: Joseph Fitsanakis | Date: 22 October 2019 | Permalink

British spy agency calls Trump’s espionage claim ‘utterly ridiculous’

GCHQThe Government Communications Headquarters (GCHQ), Britain’s primary signals-intelligence agency, has called claims by United States President Donald Trump that it spied on his election campaign “utterly ridiculous”. President Trump’s allegations are not new. They apparently rest on claims made in March 2017 by a Fox News commentator, that the GCHQ spied on Trump on orders of then-US President Barack Obama. The claim was repeated on March 17 at the White House by Sean Spicer, Trump’s then-press secretary, who said that Obama had used the GCHQ to spy on Trump so as to evade American privacy laws. At the time, Spicer’s claim prompted an angry response from the British government in London and from the British spy agency itself. In a rare public comment, GCHQ called the allegations “utterly ridiculous”.

This past Wednesday, the US president appeared to repeat his claim that GCHQ had spied on his election campaign, via a post on the popular social networking platform Twitter. Responding to a reiteration of the claim on the conservative cable television channel One America News Network, Trump tweeted “WOW! It is now just a question of time before the truth comes out, and when it does, it will be a beauty!”. The president’s tweet appeared just hours after the British government confirmed that Trump had been invited for a four-day state visit to the United Kingdom in June. The visit is believed to include a meeting with British Prime Minster Theresa May and dinner with Queen Elizabeth II at Buckingham Palace.

Following Trump’s tweet, the US newsmagazine Newsweek contacted GCHQ with a request for a response to the US president’s allegation. A GCHQ spokesperson referred the newsmagazine to the agency’s 2017 statement, and repeated: “The allegations that GCHQ was asked to conduct ‘wire tapping’ against the then president-elect are nonsense. They are utterly ridiculous and should be ignored”. It is extremely rare for GCHQ —one of Britain’s most secretive and publicity-shy agencies— to respond publicly to stories in the media. Late on Wednesday, British Foreign Affairs Secretary Jeremy Hunt said that the invitation to President Trump to visit London would not be rescinded, and insisted that Britain’s “special relationship” with the US remained “intact”.

Author: Joseph Fitsanakis | Date: 25 April 2019 | Permalink

New clues may help locate lost intelligence files from 1938 French-British-Nazi pact

Neville Chamberlain Nearly 2,000 missing British intelligence files relating to the so-called Munich Agreement, a failed attempt by Britain, France and Italy to appease Adolf Hitler in 1938, may not have been destroyed, according to historians. On September 30, 1938, the leaders of France, Britain and Italy signed a peace treaty with the Nazi government of German Chancellor Adolf Hitler. The treaty, which became known as the Munich Agreement, gave Hitler de facto control of Czechoslovakia’s German-speaking areas, in return for him promising to resign from territorial claims against other countries, such as Poland and Hungary. Hours after the treaty was formalized, British Prime Minister Neville Chamberlain arrived by airplane at an airport near London, and boldly proclaimed that he had secured “peace for our time” (pictured above). Contrary to Chamberlain’s expectations, however, the German government was emboldened by what it saw as attempts to appease it, and promptly proceeded to invade Poland, thus firing the opening shots of World War II in Europe.

For many decades, British historians researching the Munich Agreement have indicated the absence of approximately 1,750 intelligence reports dating from May to December 1938. The missing files cover the most crucial period immediately prior and immediately after the Munich Agreement. They are believed to contain transcripts of German and other foreign diplomatic communications, which were intercepted by the Government Code and Cypher School (GC&CS), Britain’s signals intelligence agency at the time. In 1947, the documents were passed on to the GC&CS’s successor agency, the Government Communications Headquarters (GCHQ). But they subsequently disappeared, giving rise to numerous theories as to how and why. Some historians have theorized that the documents were deliberately destroyed by British officials shortly after the end of World War II. The move allegedly aimed to protect Britain’s international reputation and prevent a possible exploitation by the Soviet Union, which sharply criticized the West’s appeasement of Hitler in the run-up to the war. Another popular theory is that they were destroyed by senior civil servants connected to the Conservative Party —to which Chamberlain belonged— in order to prevent the opposition Labour Party from capitalizing on what many saw as a betrayal of British interests in September 1938 by the Conservative administration in London.

For a long time, the GCHQ’s official historians have strongly contested the view that the documents were deliberately destroyed. Now, according to The Independent newspaper, historians have found that the missing documents were still listed in GCHQ archive indexes in as late as 1968, a full 30 years after the Munich Agreement was signed. At that time it is believed that the files were temporarily transferred to another British government department in order to be used as references in an internal report about the Munich Agreement. It is very likely, some historians now say, that the documents were simply never returned to GCHQ. It is therefore possible that they may be stored in the archives of the Foreign and Commonwealth Office or the Ministry of Defence. This new clue, according to The Independent, substantially lessens the possibility that the documents may have been removed or destroyed for political reasons.

Author: Joseph Fitsanakis | Date: 01 October 2018 | Permalink

Britain launched first-ever military-style cyber campaign against ISIS, says spy chief

Jeremy FlemingFor the first time in its history, the United Kingdom has launched its first-ever military-style cyber campaign against an adversary, according to the director of the country’s primary cyber security agency. The target of the campaign was the Islamic State, the militant Sunni Muslim group that is also known as the Islamic State of Iraq and Syria (ISIS). The existence of the all-out cyber war was announced last week by Jeremy Fleming, the newly appointed director of the Government Communications Headquarters (GCHQ), Britain’s signals intelligence organization. Fleming, a former Security Service (MI5) officer, was speaking at the CYBERUK2018 conference, held in the northern English city of Manchester. It was his first public speech as director of GCHQ.

Fleming told his Manchester audience that the cyber operation that targeted ISIS was a “major offensive campaign” that seriously hampered the group’s ability to launch and coordinate both physical and online attacks against its enemies. The campaign also prevented ISIS from using its “normal channels” online to spread its message, effectively suppressing the group’s propaganda efforts, said Fleming. The new GCHQ director noted that large parts of the cyber operation against ISIS were “too sensitive to talk about”. But he added that the methods used to combat the Sunni Muslim group’s online operations were so aggressive that they “even destroyed equipment and networks” used by ISIS members. He did not specify what he meant by “destroyed equipment”, but his comment brought to mind the so-called Stuxnet virus, which was discovered by researchers in 2010. The virus appeared to have been designed by what experts described as “a well-resourced nation-state”, with the aim of sabotage sensitive hardware components found in centrifuges used by the Iranian government in its nuclear program.

During his Manchester speech, Fleming claimed that the British cyber war against ISIS was conducted in compliance with existing international legal frameworks. He added, however, that the “international doctrine governing the use [of cyber weapons] is still evolving”. The GCHQ director admitted that Britain’s cyber capabilities “are very powerful”, but argued that “we only use them in line with domestic and international law, when our tests of necessity and proportionality have been satisfied, and with all the usual oversight in place”.

Author: Joseph Fitsanakis | Date: 20 April 2018 | Permalink | Research credit: K.B.

Dozens of successor groups forming in wake of ISIS defeat, experts warn

Hamrin Mountains IraqThe collapse of the Islamic State of Iraq and Syria is giving rise to a host of successor groups, which are quickly regrouping, recruiting members and launching increasingly sophisticated attacks against government forces, according to experts. A military victory in the war against ISIS was officially declared by the Iraqi government in December of last year. In recent weeks, United States President Donald Trump has repeated his government’s claim that American forces are “knocking the hell out of ISIS”. The Sunni militant group, which rose to prominence in 2014 after conquering much of Syria and northwestern Iraq, is clearly on the retreat, having lost every major urban center that it used to control. However, the collapse of the organization has led to the emergence of numerous insurgent groups that are quickly forming in Iraq and Syria.

Many of these highly agile groups are operating in the sparsely inhabited and remote southern district of Iraq’s Kurdish region, which includes the Hamrin Mountains. Others are found in Iraq’s arid regions west of the Euphrates. All are engaged in recruitment, propaganda and —increasingly— attacks against government forces and rival Shiite militias. Writing on Sunday, BuzzFeed’s Turkey-based Middle East correspondent Borzou Daragahi profiled one such group, the so-called White Flags. The group was formed in late 2017 through the union of two ISIS commanders, Khaled al-Moradi, an Iraqi Turkman, and Hiwa Chor, a former member of Ansar al-Islam, a predominantly Kurdish jihadist group that was active in northern Iraq after 2003. Daragahi notes that the White Flags have managed to carry out strikes in Baghdad and Kirkuk, and have repeatedly ambushed Iraqi government forces and members of Shiite militias. Senior White Flag members have been involved with ISIS for years and have “a wide range of experience [and] a high level of training”, says Daragahi. They are one of several post-ISIS armed groups that are recruiting members from Iraq’s disaffected Sunni Arab minority, while promising to protect them from the ire of the almost exclusively Shiite Iraqi government.

In a separate but related development, two analysts with Britain’s Government Communications Headquarters —the country’s primary communications interception agency— have warned that ISIS remains a “significant threat” to the West. The two analysts spoke on Britain’s Sky News television, using only their first names, Ben and Sunny. They recognized that ISIS has lost much of its territory in recent months, but cautioned that it continues to be “a very advanced adversary”, primarily due to its technological dexterity. Operational planners of ISIS have “pushed the bar and raised the bar” in terms of the “technology they have used and the ways in which they have used it”, said one of the analysts, adding that British intelligence agencies have to keep adapting their techniques to remain “one step ahead” of ISIS operatives. IntelNews regulars will recall that last year this blog advised Western counter-terrorism officials to “actively and immediately prepare” for attacks by ISIS militants using chemical weapons.

Author: Joseph Fitsanakis | Date: 3 April 2018 | Permalink

Tony Blair denies he warned Donald Trump British spies were after him

Tony BlairA spokesman for Tony Blair has dismissed as “categorically absurd” allegations that the former British Prime Minister warned the White House that President Donald Trump was targeted by British spy agencies. The claims are made in the book Fire and Fury: Inside the Trump White House, which is due to be published next week. Its author, Michael Wolf, says he based the information in the book on more than 200 interviews that he held with President Trump and members of his inner circle during the past year.

Wolf alleges that Blair, who was Britain’s prime minister from 1997 to 2007, visited the White House in secret in February of 2017. He allegedly did so as a private citizen, as he has held no public position since 2015, when he stepped down from his post as a Middle East envoy for the United Nations. While at the White House, Blair reportedly met with Jared Kushner, Trump’s son-in-law and senior aide. During that meeting, says Wolf, Blair told Kushner that Trump could have been under surveillance by British intelligence during his presidential election campaign. The former British prime minister allegedly said that any surveillance on Trump would have been carried out by the Government Communications Headquarters (GCHQ), Britain’s signals intelligence agency. Wolf further alleges that the administration of US President Barack Obama never asked London to spy on Trump. Instead, the White House “hinted” that intelligence collection about Trump would be “helpful”, says Wolf. The reason why Blair volunteered this information to Kushner, claims Wolf, was that he was hoping to gain the US president’s trust and be appointed as Washington’s envoy to the Middle East.

Blair’s revelation, which Wolf describes in his book as a “juicy nugget or information”, allegedly “churned and festered” in Trump’s mind. It was the basis for claims made on March 14, 2017, by a Fox News commentator that the GCHQ had spied on Trump on behalf of the White House. The claim was repeated on March 17 at the White House by Sean Spicer, Trump’s then-press secretary, who said that Obama had used the GCHQ to spy on Trump so as to evade American privacy laws. Spicer’s claim prompted an angry response from the British government in London and from the British spy agency itself. In a rare public comment, GCHQ called the allegations “utterly ridiculous”.

Late on Wednesday, a spokeswoman for the office of Tony Blair said in an email that Wolf’s claims in Fire and Fury were “a complete fabrication […], have no basis in reality and are simply untrue”. Last year, another spokesman for Blair dismissed claims that the former British prime minister had lobbied to be appointed Trump’s Middle East envoy. This claim was so “completely overblown” and “so far beyond speculation there isn’t a word for it”, said the spokesman. President Trump has not commented on Wolf’s claim about Blair’s alleged visit and subsequent meeting with Kushner.

Author: Joseph Fitsanakis | Date: 04 January 2018 | Permalink

British spy agency speeds up hiring process to compete with private firms

GCHQThe Government Communications Headquarters (GCHQ), one of Britain’s most powerful intelligence agencies, says it plans to accelerate its vetting process because it is losing top recruits to the private sector. Founded in 1919 and headquartered in Cheltenham, England, the GCHQ is tasked with communications interception. It also provides information assurance to both civilian and military components of the British state. It primarily hires people with technical expertise in communications hardware and software. But in the past fiscal year, the agency fell notably short of its recruitment target, according to a new government report published this week.

The information is included in the annual report of the Intelligence and Security Committee of the British Parliament. According to the document, GCHQ’s recruitment shortfall during the past fiscal year exceeded 22 percent, as the agency hired 500 new staff, 140 short of its initial goal of 640. Because of its mission, the agency must have the “ability to recruit and retain cyber specialists”, says the report. However, GCHQ officials told the parliamentary committee that they “struggle to attract and retain a suitable and sufficient cadre of in-house technical specialists”. The latter are lured away by large hi-tech companies, for two reasons: first, because the salaries are higher; and second, because the hiring process is faster. Due to its security requirements, GCHQ has a lengthy vetting process for all potential employees, which sometimes takes more than a year. In recent times, the process has suffered backlogs, a phenomenon that has negatively impacted on the agency’s ability to recruit top talent.

In response to its recruitment shortfall, GCHQ told the parliamentary committee that it plans to speed up its vetting process by addressing its “lack of security vetting capacity”. In July of 2016, the agency had 51 vetting officers in its ranks. It hopes to raise this number to 110 by the summer of 2018, according to the parliamentary report. This will allow it to clear hiring backlogs by December of next year and thus be able to bettercompete with hi-tech firms in the private sector. Other British intelligence agencies have faced recruitment challenges in recent years. In 2010, the then Director-General of MI5, Jonathan Evans, told the British Parliament’s Intelligence and Security Committee that “some [MI5] staff perhaps aren’t quite the ones that we will want for the future”. He added that the lack of even basic computer skills among MI5’s aging officer ranks have sparked the introduction of a program of “both voluntary and compulsory redundancies”. And in 2016, MI6 said that it would increase its staff size by 40 percent by 2020, reflecting a renewed emphasis in foreign intelligence collection using human sources, which is the primary task of the agency.

Author: Joseph Fitsanakis | Date: 28 December 2017 | Permalink