Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

AIVD HollandAn Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink

Advertisements

Holland recalls Iran ambassador after Tehran expels Dutch diplomats

Holland embassy IranHolland said on Monday that it had recalled its ambassador from Tehran after Iran expelled two Dutch diplomats, in a deepening dispute involving the assassination of two Dutch citizens by alleged Iranian agents. In July of last year, Holland announced its decision to expel two Iranian diplomats from The Hague, but did not explain the reason for the expulsions. In January of this year, the Dutch Foreign Ministry confirmed that the diplomatic expulsions were in retaliation to the assassination of two Dutch nationals of Iranian background. One of the victims, Mohammad-Reza Kolahi, was shot dead in the head at point-blank range by two assailants in December 2015 in Almere, a coastal town 25 miles east of Amsterdam. Nearly two years later, in November 2017, another man, Ahmad Mola Nissi, was shot in the head in broad daylight in The Hague. Both men were members of Iranian militant anti-government groups that the Iranian state accuses of terrorism and crimes against the state.

On Monday, the Dutch Minister of Foreign Affairs Stef Blok informed the Dutch House of Representatives in The Hague that Tehran had informed his Ministry on February 20 that two Dutch diplomats would be expelled from Holland’s embassy in the Iranian capital. The two diplomats, who have not been named, were ordered to leave the country by Monday, March 4. Later on Monday, Bahram Ghasemi, spokesman for the Iranian Ministry of Foreign Affairs, confirmed that “two of the diplomats of the Netherlands embassy in Tehran were considered undesirable elements in the framework of a retaliatory measure and were asked to leave the country”. The Iranian move was not made public until last Monday. Blok wrote to the House of Representatives that, in response to Tehran’s move, the Dutch government had decided to recall its ambassador to Iran “for consultations” on how to proceed. Blok noted in his letter that Iran’s decision to expel the Dutch diplomats was “unacceptable and damaging to the bilateral relations between the two countries”.

Late on Monday, the Dutch government also summoned the Iranian ambassador in order to protest the expulsions of its diplomats from Tehran. It was also reported in the Dutch media that a series of financial sanctions imposed on Iran by Holland and its European Union partners in June —presumably over the alleged assassinations that took place on Dutch soil— would remain in place. The sanctions are against two individuals associated with Iranian military intelligence.

Author: Joseph Fitsanakis | Date: 06 March 2019 | Permalink

Dutch counterterrorism report sees rise in Islamist recruitment in the West

NCTV HollandHolland’s chief counterterrorism agency has warned that, despite losing its territories in the Middle East, the Islamic State continues to recruit operatives and is ready to launch attacks in the West “at a moment’s notice”. The warning is contained in a report published last week by the Dutch National Coordinator of Counterterrorism and Security (NCTV). Established in 2005 as the Dutch National Coordinator for Counterterrorism, and renamed in 2012, the NCTV works under Holland’s Justice and Security Minister. It is responsible for analyzing terrorism threats and assessing the country’s domestic terrorism threat level.

In its most recent report (.pdf), entitled Terrorist Threat Assessment Netherlands, the NCTV warns that it is not only the Islamic State (known also as Islamic State of Iraq and Syria, or ISIS) that remains highly active, but also al-Qaeda. The two groups are riding a wave of Salafist Muslim extremism that appears to be on the rise throughout Europe, says the report. ISIS, in particular, continues to engage in extensive recruitment drives in the West, which take place mostly through the dissemination of propaganda material online. There is also a proliferation of an underground recruitment movement in conservative Muslim schools and mosques across the West, says the report (.pdf).

But the most serious short-term threat to European and North American security, according to the NCTV document, comes from so-called returnees, citizens of European countries who joined the Islamic State in Syria and Iraq and are now returning —or trying to return— to their home states in the West. The majority of these men and women remain faithful to the idea of the caliphate despite the failure of their efforts in the Middle East. There is a risk that, upon their return to the West, they will connect with existing —and growing— Salafist underground networks there, and remain active in radical circles. The report also notes that both ISIS and al-Qaeda are showing increasing interest in developing chemical and biological weapons for use against civilian and military targets.

Author: Joseph Fitsanakis | Date: 04 March 2019 | Permalink

Holland says Iranian spies assassinated two men on Dutch soil

Dutch Police HagueAuthorities in Holland have officially accused Iran of ordering the contract murders of two men on Dutch soil in 2015 and 2017, one of them just a block away from the Dutch foreign ministry’s headquarters. The announcement illuminates the reason behind the expulsion of two Iranian diplomats from Holland last year, which the authorities did not explain at the time.

The first of the two assassinations happened on December 15, 2015, in Almere, a coastal town located 25 miles east of Amsterdam. The victim was Mohammad-Reza Kolahi, a 56-year-old electrician who was wanted in Iran for allegedly planting a bomb in 1981. The bomb targeted the headquarters of the ruling Islamic Republican Party, killing more than 70, and is often referred to as the deadliest domestic terrorist attack in Iran’s history. Kolahi, a member of a Marxist-Islamist group calling itself the People’s Mujahedin Organization of Iran (MEK), fled the country and was sentenced to death in absentia. He eventually married a Dutch national and acquired Dutch citizenship, changing his name to Ali Motamed. He was reportedly shot in the head at point-blank range by two assailants dressed in all black. Nearly two years later, on November 9, 2017, Ahmad Mola Nissi was also shot in the head in broad daylight by two assailants. The murder took place in the middle of the street in downtown Hague, site of Holland’s parliament and a host of international institutions. Nissi, 52, was a co-founder of the Arab Struggle Movement for the Liberation of Ahwaz (ASMLA), a secessionist group that seeks an independent Arab homeland in the oil-rich southwestern regions of Iran. Tehran has claimed for decades that both groups, MEK and ASMLA, have been supported by Iraq, Israel, the United States and the European Union.

On Tuesday, Holland’s Minister of Foreign Affairs, Stef Blok, informed the Dutch parliament that the country’s intelligence services had provided “strong evidence” that the Islamic Republic was involved in the assassinations of Kolahi and Nissi. He added that both men were Dutch citizens and that their murders on Dutch soil were “hostile actions” that directly violated Dutch sovereignty. He also revealed that the expulsions of two Iranian diplomats from Holland in June of last year were in direct response to the evidence unearthed by the Dutch intelligence services about the two murders. IntelNews readers will recall that the Dutch Foreign Ministry did not explain the reason for the expulsions when these were announced last summer. Also on Tuesday, the European Union announced the imposition of financial sanctions against two individuals associated with Iranian military intelligence, reportedly in response to Holland’s announcement.

Author: Joseph Fitsanakis | Date: 09 January 2019 | Research credit: M.K. | Permalink

ISIS using Turkey as strategic base to reorganize, Dutch intelligence report says

Turkey ISISIslamic State cells are using Turkey as a strategic base in which to recuperate, rebuild, and plan an underground war in Europe, according to a new report by Dutch intelligence. This assessment is featured in a report published on Monday by Holland’s General Intelligence and Security Service, known as AIVD. The document, which is available in the Dutch language on the website of the AIVD, is entitled The Legacy of Syria: Global Jihadism Remains a Threat to Europe.

The 22-page report argues that the government of Turkey does not see Sunni Islamist groups, such as al-Qaeda and the Islamic State (also known as the Islamic State of Iraq and Syria, or ISIS), as a pressing national security threat. Instead, Turkish security services are far more concerned with the ethnic Kurdish insurgents of the Kurdistan Workers’ Party (PKK) in Turkey and the People’s Protection Units (YPG) in Syria. Therefore, although Turkish authorities do sometimes take action to combat al-Qaeda and ISIS, “Turkish interests do not always correspond with European priorities on the field of counter-terrorism”, says the report. For that reason, Turkey served as a large transit center of tens of thousands of foreign fighters who poured into Syria to fight for Sunni Islamist groups during the height of the Syrian Civil War. At least 4,000 of those fighters are believed to be Turkish citizens, according to the AIVD report.

Today Turkey is home to tens of thousands of sympathizers of both al-Qaeda and ISIS —two organizations that maintain an active presence throughout the country— claims the report. The hands-off approach of the Turkish government is giving these groups “enough breathing space and freedom of movement” to operate relatively freely on Turkish soil. Additionally, al-Qaeda and ISIS members exploit the relative peace and stability of Turkey to forge plans to attack Western target, claims the AIVD report. It is from Turkey, it argues, that the Islamic State plans to shape and direct its pending underground war on the European continent.

Author: Joseph Fitsanakis | Date: 08 November 2018 | Permalink

Russia claims ‘misunderstanding’ led to arrests of four spies in Holland

Sergei LavrovRussia’s minister of foreign affairs has downplayed the arrest and expulsion of four Russian military intelligence officers in Holland last April, saying that the incident was caused by a “misunderstanding”. Last Thursday, the US government named and indicted seven officers of the Main Directorate of the General Staff of Russia’s Armed Forces, known as GRU. The seven are alleged to have participated in cyber-attacks on international agencies, private companies and government computer networks in at least half a dozen countries around the world since 2015. Four of the men named last week were reportedly detained in April of this year while trying to hack into the computer network of the Organization for the Prohibition of Chemical Weapons (OPCW). Headquartered in The Hague, the OPCW oversees efforts by its 193 member states to detect and eliminate chemical weapons stockpiles around the world. In the past year, the OPCW has been probing the failed attempt to poison the Russian former double spy Sergei Skripal in England, which the British government has blamed on Moscow.

On Monday, Russia’s Minister of Foreign Affairs Sergei Lavrov dismissed Washington’s accusations against the GRU and said that the Dutch authorities had overreacted in detaining the four Russian officers in April. Following a meeting in Moscow with his Italian counterpart Enzo Moavero Milanesi, Lavrov said that the visit of the four GRU officers in Holland had been “customary”, adding that “there was nothing clandestine in it”. The GRU specialists were in Holland in order to secure computer servers used at the Russian embassy there. “They were not trying to hide from anyone once they arrived at the airport”, said Lavrov. They then “checked into a hotel and paid a visit to our embassy”, he added. Had they been engaged in espionage, the men would have taken strict precautions, said the Russian foreign affairs minister. They were eventually “detained by Dutch police without any reason or explanations, and were not allowed to contact our embassy”, said Lavrov. Eventually they were “asked to leave the country”, but it was “all because of a misunderstanding”, he concluded.

The Russian official did not address the information provided a series of photographs released by Holland’s Ministry of Defense, which show a car used by the four Russians at the time of their arrest in April. The photographs show that the car was equipped with WiFi antennas and transformers. A wireless server and batteries can also be seen in the photographs. Lavrov said that the allegations against the GRU were meant to draw attention to Russia and distract Western citizens from “widening divisions that exist between Western nations”.

Author: Joseph Fitsanakis | Date: 09 October 2018 | Research credit: S.F. | Permalink

Western spy agencies thwarted alleged Russian plot to hack Swiss chemical lab

OPCW HagueWestern intelligence agencies thwarted a plot involving two Russians intending to travel to a Swiss government laboratory that investigates nuclear, biological and chemical weapons, and hack its computer systems. According to two separate reports by Dutch newspaper NRC Handelsblad and Swiss newspaper Tages-Anzeiger, the two were apprehended in The Hague in early 2018. The reports also said that the Russians were found in possession of equipment that could be used to compromise computer networks. They are believed to work for the Main Intelligence Directorate, known as GRU, Russia’s foremost military intelligence agency. The apprehension was the result of cooperation between various European intelligence services, reportedly including the Dutch Military Intelligence and Security Organization (MIVD).

The laboratory, located in the western Swiss city of Spiez, has been commissioned by the Netherlands-based Organization for the Prohibition of Chemical Weapons (OPCW) to carry out investigations related to the poisoning of Russian double agent Sergei Skripal and his daughter Yulia in March of this year. It has also carried out probes on the alleged use of chemical weapons by the Russian-backed government of President Bashar al-Assad in Syria. In the case of the Skripals, the laboratory said it was able to duplicate findings made earlier by a British laboratory.

Switzerland’s Federal Intelligence Service (NDB) reportedly confirmed the arrest and subsequent expulsion of the two Russians. The Swiss agency said it “cooperated actively with Dutch and British partners” and thus “contributed to preventing illegal actions against a sensitive Swiss infrastructure”. The office of the Public Prosecutor in the Swiss capital Bern said that the two Russians had been the subject of a criminal investigation that began as early as March 2017. They were allegedly suspected of hacking the computer network of the regional office of the World Anti-Doping Agency in Lausanne. The Spiez laboratory was a target of hacking attempts earlier this year, according to a laboratory spokesperson. “We defended ourselves against that. No data was lost”, the spokesperson stated.

On April 14, Russian Minister of Foreign Affairs Sergei Lavrov stated that he had obtained the confidential Spiez lab report about the Skripal case “from a confidential source”. That report confirmed earlier findings made by a British laboratory. But the OPCW, of which Russia is a member, states that its protocols do not involve dissemination of scientific reports to OPCW member states. Hence, the question is how Foreign Minister Lavrov got hold of the document.

As intelNews reported in March, in the aftermath of the Skripals’ poisoning the Dutch government expelled two employees of the Russian embassy in The Hague. In a letter [.pdf] sent to the Dutch parliament on March 26 —the day when a large number of countries announced punitive measures against Russia— Holland’s foreign and internal affairs ministers stated that they had decided to expel the two Russian diplomats “in close consultation with allies and partners”. The Russians were ordered to leave the Netherlands within two weeks. It is unknown whether the two expelled Russian diplomats are the same two who were apprehended in The Hague, since none have been publicly named.

A November 2017 parliamentary letter from Dutch minister of internal affairs Kajsa Ollongren, states[4] that Russian intelligence officers are “structurally present” in the Netherlands in various sectors of society to covertly collect intelligence. The letter added that, in addition to traditional human intelligence (HUMINT) methods, Russia deploys digital means to influence decision-making processes and public opinion in Holland.

Author: Matthijs Koot | Date: 17 September 2018 | Permalink