New report details one of history’s “largest ever” cyber espionage operations

GCHQ center in Cheltenham, EnglandA new report authored by a consortium of government and private organizations in Britain has revealed the existence of a computer hacking operation, allegedly based in China, that is said to be “one of the largest ever” such campaigns globally. The operation is believed to have compromised sensitive information from an inestimable number of private companies in Southeast Asia, Europe and the United States. The report was produced by a consortium of public and private organizations, including BAE systems and the London-based National Cyber Security Centre, an office of the United Kingdom’s signals intelligence agency, the Government Communications Headquarters. It details the outcome of Operation CLOUD HOPPER, which was launched to uncover the cyber espionage activities.

According to the report, the attacks were first launched several years ago against targets in Japan’s government and private sector. But after 2016, they spread to at least 14 other countries, including France, the United Kingdom and the United States. It is claimed that the attacks are “highly likely” to originate from China, given that the targets selected appear to be “closely aligned with strategic Chinese interests”. The authors of the report have named the hacker group APT10, but provide limited information about its possible links —or lack thereof— with the Chinese government.

The report claims that APT10 uses specially designed malware that is customized for most of their targets, thus constituting what experts describe as “spear fishing”. Past successful attacks have already resulted in an “unprecedented web of victims” who have had their information compromised, say the authors. The victims’ losses range from intellectual property to personal data. One of the report’s authors, Dr. Adrian Nish, who is head of threat intelligence at BAE Systems, told the BBC that it is currently impossible to estimate the number of organizations and agencies that have been impacted by APT10’s activities.

Author: Ian Allen | Date: 05 April 2017 | Permalink

Advertisements

US, British intelligence agencies spied on Israelis and Palestinians, files show

Israel’s Ministry of Foreign AffairsDocuments accessed by a French newspaper show that American and British intelligence agencies worked together to spy on diplomats, academic researchers and defense contractors in Israel and the Palestinian territories. Last year, the German newsmagazine Der Spiegel and the American newspaper The Wall Street Journal reported that the United States National Security Agency spied on senior Israeli politicians throughout the last decade, including Prime Minister Ehud Olmert and his successor, Benjamin Netanyahu. Now French daily Le Monde has alleged that the NSA teamed up with its British equivalent, the Government Communications Headquarters to spy on Israeli foreign service officials and diplomats, academic researchers and defense contractors. The newspaper also alleged that British and American spies targeted Palestinian government officials.

According to Le Monde, the information came from documents leaked by Edward Snowden, a former employee of the NSA and the Central Intelligence Agency, who is currently living in Russia. Snowden defected there in June 2013, after initially fleeing to Hong Kong with millions of stolen US government documents in his possession. In a leading article on Wednesday, the newspaper claimed that British and American spy agencies have systematically targeted senior officials in Israel’s Ministry of Foreign Affairs in Jerusalem. Several Israeli foreign service officials stationed abroad have also been targeted, said Le Monde, including Israel’s ambassadors to Nigeria and Kenya. But the Anglo-American intelligence alliance has also targeted Palestinian government institutions, including the Office of the Secretary General of the Palestinian Liberation Organization. Senior Palestinian officials that have been spied on include Ahmed Qurei, a former prime minister of the Palestinian National Authority, and Ahmad Tibi, a member of the Israeli Knesset who served as an advisor to Palestinian leader Yasser Arafat in the 1990s.

Palestinian diplomats stationed around the world have also been targeted by the NSA and the GCHQ, said Le Monde, in cities such as Paris, Brussels, Lisbon, Islamabad, Pretoria, and Kuala Lumpur. The documents also show that the two intelligence agencies have spied on Israeli defense contractors, including a company named Ophir Optronics, which works in the areas of laser and fiber optic technologies. Finally, the French newspaper said that research centers throughout Israel had been targeted, including scientific laboratories located at the Jerusalem-based Hebrew University.

Author: Joseph Fitsanakis | Date: 08 December 2016 | Permalink

Fake URL shortening service was part of British online spy operation

Iran protestsAn internet website that offered free URL shortening services appears to have been a front created by British intelligence in order to spread messages and monitor activists involved in protests in Iran and the Arab world. The website was used heavily during the Iranian presidential election protests of 2009, which became known as the Iranian Green Movement. After a brief hiatus, the website was used again in 2011, as the Arab Spring revolts in North Africa and the Middle East were intensifying. The information pointing to the use of the website comes from documents leaked by Edward Snowden, the American former intelligence employee who has been granted political asylum in Russia.

According to the leaked documents, the website, lurl.me, was devised by a specialist until of the Government Communications Headquarters (GCHQ), Britain’s intelligence agency that collects signals intelligence. The unit, called Joint Threat Research Intelligence Group (JTRIG), devised the website as part of an operation codenamed DEADPOOL. The leaked documents state that the purpose of the website was to operate as a “shaping and honeypot” tool, by helping disseminate messages in support of the protests while at the same time allowing the GCHQ to monitor the protesters’ online activities. Lurl.me first appeared in June 2009 as a self-described “free URL shortening service”, using the slogan: “we help you get links to your friends and family fast”. It was used repeatedly on Twitter and other social media platforms to spread messages against the government of Iran. But the vast majority of social media accounts that made use of the website, like @2009iranfree, were operational only for a short period of time, had few followers, and ceased all activity at the end of the Iranian Green Movement. By that time, hardly anyone was using lurl.me. But the website made its appearance again on social media in April of 2011, with messages against the government of Syria. According to Vice’s Motherboard website, Tweets using the lurl.me service appeared to be active only between 9 a.m. and 5 p.m. UK time, and only on weekdays.

Both in 2009 and 2011-2013, lurl.me was used to instruct anti-government activists on how to avoid being monitored by the authorities. Some links contained instructions on how to access the Internet via satellite. Others provided directions on using proxies to access websites that were blocked by the authorities. At the same time, however, the documents leaked by Snowden show that the GCHQ also used the service to track the activities of anti-government activists who clicked on the lurl.me links, and even to ‘deanonymize’ (=to establish the real identity) of these users.

IntelNews first reported on JTRIG in February 2014, when its existence was first revealed by Snowden. The specialist unit has been associated with targeting self-described ‘hacktivist’ groups like Anonymous or LulzSec, using malware, social engineering, and other techniques. JTRIG also appears to have conducted online intelligence operations against the government of Argentina.

Motherboard reports that lurl.me was last used in November 2013, shortly after Snowden began leaking files from his secret hiding place in Russia. Motherboard said it contacted GCHQ for a reaction to the lurl.me allegations, but the agency said it would “not comment on intelligence matters”.

Author: Joseph Fitsanakis | Date: 02 August 2016 | Permalink

Joint British-American operation hacked Israeli drones, documents show

RAF base CyprusBritish and American intelligence services worked together to hack Israeli unmanned aerial vehicles in order to acquire information on the Jewish state’s military intentions in the Middle East, according to documents leaked last week. Online publication The Intercept, said the operation was code-named ANARCHIST and was a joint project of Britain’s General Communications Headquarters (GCHQ) and America’s National Security Agency (NSA). The publication said it acquired documents about the operation from former NSA contractor Edward Snowden, who defected to Russia in 2013 and was offered political asylum by Moscow.

In an article published on Thursday, The Intercept said the joint GCHQ-NSA operation was headquartered in a Royal Air Force military facility high on the Troodos Mountains in the Mediterranean island of Cyprus. The documents provided by Snowden suggest that British and American spies were able to collect footage captured by the Israeli drone for at least two years, namely in 2009 and 2010. It is not clear whether that period included the first three weeks of January 2009, when the Gaza War was fought between Israel and Hamas. During that time, there were persistent rumors that Tel Aviv was seriously considering launching air strikes against Iran.

According to The Intercept, the main goal of operation ANARCHIST was to collect information about Israeli “military operations in Gaza” and watch “for a potential strike against Iran”. Additionally, the UK-US spy program “kept tabs on the drone technology Israel exports around the world”, said the article. According to one GCHQ document cited by The Intercept, the access to Israeli drone data gained through ANARCHIST was “indispensable for maintaining an understanding of Israeli military training and operations”.

Speaking on Israel’s Army Radio on Friday, Israel’s Minister for National Infrastructure, Energy and Water, Yuval Steinitz, said he was not surprised by the revelations. “We know that the Americans are spying on the whole world, including their friends”, said Steinitz. But it was “disappointing”, he said, given that Israel had “not spied” on the US “for decades”. Israeli intelligence agencies had “not collected intelligence or attempted to crack the encryption of the United States”, said the Minister, implying that recent revelations of US spying on Israel may cause a change of strategy in Israeli intelligence policy.

Author: Joseph Fitsanakis | Date: 01 February 2016 | Permalink

MI6 spy found dead in 2010 may have used female disguise, says expert

Gareth WilliamsA British intelligence officer, who was found dead in his London apartment in 2010, was not a transvestite, as some media reports have speculated, but probably worked undercover dressed as a woman, according to a leading forensic investigator. Gareth Williams, a mathematician in the employment of Britain’s signals intelligence agency, GCHQ, had been seconded to MI6, Britain’s external intelligence agency, to help automate intelligence collection. He had also worked with several United States agencies, including the Federal Bureau of Investigation and the National Security Agency. But his career came to an abrupt end in August 2010, when he was found dead in a padlocked sports bag at his home in Pimlico, London.

The discovery of £15,000 ($20,000) worth of women’s clothing in Williams’ apartment caused some in the British media to speculate that sexual jealousy may have behind the spy’s death. British tabloid The Sun suggested at the time that Williams was “a secret transvestite who may have been killed by a gay lover”. There were also reports that police investigators themselves suspected that Williams’ death may have been the result of “a sex game gone wrong”. This appeared to be substantiated by the discovery that Williams had visited gay bars and drag nightclubs in London in the weeks before his death. Subsequent reports, however, suggested that law enforcement investigators described Williams’ death as “a neat job”, a term used to refer to professional killings. There have also been official denials by police that Williams’ murder was sex-related.

Now a leading forensic investigator has said that Williams was not a transvestite and that he probably dressed in women’s clothing for his job with MI6. Peter Faulding, who specializes in deaths within confined spaces, and has advised British and American law enforcement agencies, has previously spoken publicly against the theory that Williams locked himself in the bag. He said he tried without success to lock himself in the same type of bag 300 times before discounting the self-lock theory. Faulding spoke again to The Sun last week, this time to suggest that there is no evidence that the late MI6 spy was a transvestite. “The key question never asked was: were these clothes used for his job?” he said, referring to the feminine attire found in Williams’ apartment. He told The Sun that the clothes were “used for work, rather than pleasure”. “I am certain he made a very convincing female”, said Faulding. “He was slim, with feminine features, and as a cyclist he shaved his legs”.

Author: Ian Allen | Date: 21 September 2015 | Permalink

UK spied on Argentina to prevent second Falklands war, papers show

Port Stanley, FalklandsBy JOSEPH FITSANAKIS | intelNews.org
The British government carried out an extensive program of intelligence collection and psychological operations in Argentina until 2011, because it was concerned about the security of the Falkland Islands, according to newly leaked documents. In 1982, the two countries went to war over the islands, which are ruled by Britain but are claimed by Argentina. The 74-day conflict, which killed nearly 1,000 soldiers and civilians on both sides, ended in defeat for the Argentinian forces and solidified British authority in the South Atlantic territory. But Argentina continues to dispute Britain’s rule over the Falklands, which it calls Malvinas, and has repeatedly threatened to take them over.

Documents released last week by Argentine online news portal TN.com, reveal that a consortium of British intelligence units implemented a broad program of spying and propaganda operations against Argentina. The program, codenamed Operation QUITO, lasted from 2006 to 2011, and was aimed at hampering perceived efforts by the Argentine government to subvert British rule in the Falklands. The news portal said it received the documents from Edward Snowden, an American former intelligence contractor who currently lives in Russia under political asylum. According to TN.com, the secret program was implemented by the Joint Threat Research Intelligence Group (JTRIG, as reported by intelNews in February 2014). It is believed that JTRIG is an office operating under the command of the Government Communications Headquarters (GCHQ), Britain’s signals intelligence agency. Its focuses on psychological operations —known in Britain as “effects operations”— which are aimed at discrediting their targets through sabotage and misinformation campaigns.

According to the newly released documents, JTRIG launched Operation QUITO as a “long-term, far reaching” program that included the interception of communications of Argentine politicians, the planting of computer viruses on Argentine networks and the spreading of misinformation or pro-British propaganda online. As of Sunday night there had been no official response to the news report from either the Argentine or the British governments.

German-British intelligence dispute worsens: media reports

GCHQ center in Cheltenham, EnglandBy JOSEPH FITSANAKIS | intelNews.org
An intelligence-sharing dispute between Britain and Germany, which was sparked by revelations about Anglo-American espionage against Berlin, is turning into a “burgeoning crisis”, according to German media reports. Relations between Germany and the United Kingdom worsened in September, after the revelation of TREASURE MAP, a top-secret program led by the US National Security Agency, which allegedly allows American spies to map the entire network of German telecommunications providers. Reports suggest that TREASURE MAP enables the NSA and its British counterpart, the Government Communications Headquarters, to map the German Internet and reveals the addresses and locations of individual subscribers’ routers, as well as those of targeted computer and smart-phone users.

Late last year, the German parliament set up a body known informally as the NSA investigative commission, and tasked it with probing the allegations of American and British spying activities against the German state. In February, however, German newsmagazine Focus reported that British intelligence officials issued formal warnings aimed at their German counterparts, telling them that London would reconsider its intelligence cooperation with Berlin should the German parliament proceed with the probe into alleged British spying on German soil. According to Focus, British officials were concerned that such an inquiry by the NSA investigative commission would unearth British intelligence activities and would debate them openly during parliamentary sessions.

Earlier this week, the German broadsheet Süddeutsche Zeitung said that Gerhard Schindler, head of the German intelligence agency BND, tried to convince members of the NSA investigative commission to avert public disclosures of GCHQ activities in Germany. The parliamentarians’ response was reportedly extremely negative, with some members of the commission threatening to launch a lawsuit against any attempt to censor its proceedings. Süddeutsche Zeitung added that Schindler had been recalled from his holidays this week and had spent several days feverishly briefing German politicians about the ongoing dispute with London. According to the paper, the British government insists that all intelligence cooperation with Germany will be suspended should the parliamentary committee proceed with its investigation. Berlin considers this prospect “an unconcealed threat”, said the paper, and added that such an eventuality would “certainly go against the spirit of the European Union and could even be a breach of European cooperation treaties”.