Dutch intelligence disrupts Russian effort to infiltrate International Criminal Court

International Criminal CourtON JUNE 16, THE Dutch General Intelligence and Security Service (AIVD) announced that it prevented a Russian military intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The ICC is of interest to the GRU because it investigates possible war crimes committed by Russia in the Russo-Georgian War of 2008 and more recently in Ukraine.

The GRU officer reportedly traveled from Brazil to Schiphol Airport in Amsterdam in April 2022, using a Brazilian cover identity, making him a so-called “illegal”. This means the intelligence operative was not formally associated with a Russian diplomatic facility. He allegedly planned to start an internship with the ICC, which would have given him access to the ICC’s building and systems. This could have enabled the GRU to collect intelligence, spot and recruit sources, and possibly influence criminal proceedings inside the ICC.

On his arrival at Schiphol, the AIVD informed the Dutch Immigration and Naturalization Service (IND), after which the officer was refused entry to the Netherlands and put on the first plane back to Brazil as persona non grata. The AIVD assessed the officer as a “potentially very serious” threat to both national security and the security of the ICC and Holland’s international allies, due to his access to the organization.

In a first-ever for the AIVD, the agency also released the contents of a partially redacted 4-page document that describes the “extensive and complex” cover identity of the officer. It was originally written in Portuguese, “probably created around mid-2010” and “likely written” by the officer himself. According to the AIVD, the information provides valuable insight into his modus operandi. The cover identity hid any and all links between him and Russia. According to the AIVD, the construction of this kind of cover identity “generally takes years to complete”.

In the note accompanying the document, the AIVD says that Russian intelligence services “spend years” on the construction of cover identities for illegals, using “information on how other countries register and store personal data”. Alternatively, they illegally procure or forge identity documents. Information in the cover identity “can therefore be traceable to one or more actual persons, living or dead” as well as to forged identities of individuals “who only exist on paper or in registries of local authorities”.

AuthorMatthijs Koot | Date: 17 June 2022 | Permalink

Several EU member states expel dozens of Russian diplomats for suspected espionage

Russian Embassy PragueA WEEK AFTER POLAND announced the expulsion of 45 Russian diplomats, the foreign ministries of Belgium, the Czech Republic, Ireland and the Netherlands announced on March 29, 2022 that they would expel Russian diplomats. A day later, Slovakia followed up by announcing it will expel 35 Russian diplomats. On Monday, April 4, France, Germany and Lithuania followed suit with dozens of expulsions.

The German federal government announced it will expel 40 Russian diplomats who, according to minister of foreign affairs Annalena Baerbock, “worked every day against our freedom and against the cohesion of our society”, and are “a threat to those who seek our protection”. The persons involved have five days to leave Germany. Later that day, France announced it will expel “many” Russian diplomats “whose activities are contrary to our security interests”, adding that “this action is part of a European approach”. No further details are known at this time.
Furthermore, Lithuania ordered the Russian ambassador to Vilnius to leave the country, and announced their ambassador to Ukraine will return to Kyiv. In an official statement, foreign minister Gabrielius Landsbergis said Lithuania was “lowering the level of diplomatic representation with Russia, this way expressing its full solidarity with Ukraine and the Ukrainian people, who are suffering from Russia’s unprecedented aggression”. Meanwhile, Latvian minister of foreign affairs Edgars Rinkēvičs announced in a tweet that Latvia will “limit diplomatic relations” with the Russian Federation “taking into account the crimes committed by the Russian armed forces in Ukraine”, and that “specific decisions will be announced once internal procedures have been complete”.

The Czech Republic, which in 2021 called on the European Union (EU) and the North Atlantic Treaty Organization (NATO) to expel Russian diplomats in solidarity against Moscow, announced the expulsion of one diplomat from the Russian embassy in Prague, on a 72-hour notice. In a tweet, the Czech ministry of foreign affairs stated that “Together with our Allies, we are reducing the Russian intelligence presence in the EU”.

Belgium has order the expulsion of 21 diplomats from the Russian embassy in Brussels and consulate in Antwerp. Minister Sophie Wilmès said the measure was taken to protect national security and was unrelated to the war in Ukraine. “Diplomatic channels with Russia remain open, the Russian embassy can continue to operate and we continue to advocate dialogue”, Wilmès said.

The Netherlands will be expelling 17 diplomats from the Russian embassy in The Hague. According to minister Wopke Hoekstra, the diplomats were secretly active as intelligence officers. Hoekstra based this on information from the Dutch secret services AIVD and MIVD. The Russian embassy in The Hague has 75 registered diplomats, of which 58 will remain. Hoekstra says the decision was taken with “a number of like-minded countries”, based on grounds of national security. Like his Belgian colleague, Woekstra adds he wants diplomatic channels with Russia to remain open.

Ireland will be expelling four “senior officials” from the Russian embassy in Dublin, for engaging in activities “not […] in accordance with international standards of diplomatic behaviour”. They were suspected of being undercover military officers of the GRU and were already on the radar of Garda Síochána, the Irish national police and security service, for some time.

Read more of this post

Dutch intelligence disrupt large-scale botnet belonging to Russian spy agency

GRU KtON MARCH 3, 2022, Dutch newspaper Volkskrant reported that the Dutch Military Intelligence and Security Service (MIVD) took action in response to abuse of SOHO-grade network devices in the Netherlands. The attacks are believed to have been perpetrated by the Main Intelligence Directorate of the General Staff of the Russian Armed Forces (GRU) Unit 74455. The unit, which is also known as Sandworm or BlackEnergy, is linked to numerous instances of influence operations and sabotage around the world.

The devices had reportedly been compromised and made part of a large-scale botnet consisting of thousands of devices around the globe, which the GRU has been using to carry out digital attacks. The MIVD traced affected devices in the Netherlands and informed their owners, MIVD chief Jan Swillens told Volkskrant. The MIVD’s discovery came after American and British [pdf] services warned in late February that Russian operatives were using a formerly undisclosed kind of malware, dubbed Cyclops Blink. According to authorities, the botnet in which the compromised devices were incorporated has been active since at least June 2019.

Cyclops Blink leverages a vulnerability in WatchGuard Firebox appliances that can be exploited if the device is configured to allow unrestricted remote management. This feature is disabled by default. The malware has persistence, in that it can survive device reboots and firmware updates. The United Kingdom’s National Cyber Security Centre describes Cyclops Blink as a “highly sophisticated piece of malware”.

Some owners of affected devices in the Netherlands were asked by the MIVD to (voluntarily) hand over infected devices. They were advised to replace the router, and in a few cases given a “coupon” for an alternative router, according to the Volkskrant. The precise number of devices compromised in the Netherlands is unclear, but is reportedly in the order of dozens. Swillens said the public disclosure is aimed at raising public awareness. “The threat is sometimes closer than you think. We want to make citizens aware of this. Consumer and SOHO devices, used by the grocery around the corner, so to speak, are leveraged by foreign state actors”, he added.

The disclosure can also be said to fit in the strategy of public attribution that was first mentioned in the Netherlands’ Defense Cyber Strategy of 2018. Published shortly after the disclosure of the disruption by MIVD of an attempted GRU attack against the computer network of the OPCW, the new strategy included the development of attribution capabilities, as well as the development of offensive capabilities in support of attribution. It advocates the view that state actors “that are [publicly] held accountable for their actions will make a different assessment than attackers who can operate in complete anonymity”.

Author: Matthijs Koot | Date: 07 March 2022 | Permalink

Dutch intelligence service warns public about online recruitment by foreign spies

AIVD HollandLAST WEEK, THE DUTCH General Intelligence and Security Service (AIVD) launched an awareness campaign dubbed ‘Check before connecting’. The purpose of the campaign is to inform the Dutch public about risks of foreign actors using fake accounts on social media, in efforts to acquire sensitive business information. According to the AIVD, such online campaigns frequently target and recruit employees of Dutch private sector companies. The awareness campaign is carried out via Twitter, Instagram and LinkedIn. It is aimed at raising awareness in society at-large. The AIVD will publish a number of fictitious practical examples over time, in order to educate the public.

AIVD director-general Erik Akerboom told Dutch newspaper Het Financieele Dagblad that Dutch and other Western secret services have been surprised by the sheer number of cases in which private sector employees disclosed sensitive information, after being blackmailed or enticed with money to share information. After foreign intelligence operatives make initial contact with their target via LinkedIn, the relationship quickly turns more “personal”, according to Akerboom. The new contact acts flatteringly about the unsuspecting target’s knowledge and competence. “You are asked to translate something. This can be followed by a physical meeting”, he says.

Potential targets are “ranked” by their position in an organization, position in a business network, and level of access to sensitive information. “The rankings determine which persons are prioritized for recruitment attempts”, according to Akerboom. This sometimes involves the creation of fake human resource recruitment agencies, as British, Australian and American intelligence agencies have warned about in the past.

While not a new phenomenon, the scope and effectiveness of foreign infiltration attempts have now reached a scale that has prompted the AIVD to warn the public. China and Russia have made attempts to acquire advanced technology in Western countries, including the Netherlands, via corporate takeovers, digital espionage, and human intelligence operations. Last year, the Netherlands expelled two Russian spies who successfully recruited employees at a number of Dutch high-tech companies. One of the Russians created fake profiles posing as a scientist, consultant and recruiter. The AIVD did not disclose the names of these companies. Read more of this post

Hacker behind attack on popular booking site has ties to US intelligence, paper claims

Booking.comA HACKER WHO TARGETED a major Dutch-based reservations website has ties to intelligence agencies in the United States, according to a new report. The claim was made on Wednesday by three Dutch investigative journalists, Merry Rengers, Stijn Bronzwaer and Joris Kooiman. In a lengthy report published in NRC Handelsblad, Holland’s newspaper of record, the three journalists allege that the attack occurred in 2016. Its target was Booking.com, a popular flight and hotel reservations website, which is jointly owned by Dutch and American venture firms.

The authors argue that the interest Booking.com poses for security services is “no surprise”. The website’s data includes valuable information about “who is  staying where and when, where diplomats are, who is traveling to suspicious countries or regions, where top executives book an outing with their secretary —all valuable information for [the world’s intelligence] services”.

According to the report, the hacker was able to penetrate an insufficiently secured server belonging to Booking.com, and gain access to the accounts of customers, by stealing their personal identification numbers, or PINs. Accordingly, the hacker stole “details of hotel [and flight] reservations” of thousands of Booking.com customers in the Middle East. The report claims that targeted customers included Middle East-based foreign diplomats, government officials and other “persons of interest” to American intelligence.’’

After detecting the breach, Booking.com allegedly conducted an internal probe, which verified that the hacker —nicknamed “Andrew”— had “connections to United States spy agencies”, according to the report. The company then sought the assistance of the Dutch General Intelligence and Security Service (AIVD). At the same time, however, Booking.com consulted with a British-based law firm, which advised it that it was not obligated to make news of the hacker attack public. It therefore chose not to publicize the incident, according to the NRC article.

Author: Joseph Fitsanakis | Date: 12 November 2021 | Permalink

Russian actors had access to Dutch police computer network during MH17 probe

Flight MH17

Russian hackers compromised the computer systems of the Dutch national police while the latter were conducting a criminal probe into the downing of Malaysia Airlines Flight 17 (MH17), according to a new report. MH17 was a scheduled passenger flight from Amsterdam to Kuala Lumpur, which was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed.

Dutch newspaper De Volkskrant, which revealed this new information last week, said the compromise of the Dutch national police’s computer systems was not detected by Dutch police themselves, but by the Dutch General Intelligence and Security Service (AIVD). The paper said that neither the police nor the AIVD were willing to confirm the breach, but added that it had confirmed the breach took place through multiple anonymous sources.

On July 5, 2017, the Netherlands, Ukraine, Belgium, Australia and Malaysia announced the establishment of the Joint Investigation Team (JIT) into the downing of flight MH-17. The multinational group stipulated that possible suspects of the downing of flight MH17 would be tried in the Netherlands. In September 2017, the AIVD said it possessed information about Russian targets in the Netherlands, which included an IP address of a police academy system. That system turned out to have been compromised, which allowed the attackers to access police systems. According to four anonymous sources, evidence of the attack was detected in several different places.

The police academy is part of the Dutch national police, and non-academy police personnel can access the network using their log-in credentials. Some sources suggest that the Russian Foreign Intelligence Service (SVR) carried out the attack through a Russian hacker group known as APT29, or Cozy Bear. However, a growing number of sources claim the attack was perpetrated by the Main Directorate of the Russian Armed Forces’ General Staff, known commonly as GRU, through a hacker group known as APT28, or Fancy Bear. SVR attackers are often involved in prolonged espionage operations and are careful to stay below the radar, whereas the GRU is believed to be more heavy-handed and faster. The SVR is believed to be partly responsible for the compromise of United States government agencies and companies through the supply chain attack known as the SolarWinds cyber attack, which came to light in late 2020.

Russia has tried to sabotage and undermine investigation activities into the MH17 disaster through various means: influence campaigns on social media, hacking of the Dutch Safety Board, theft of data from Dutch investigators, manipulation of other countries involved in the investigation, and the use of military spies. The Dutch police and public prosecution service were repeatedly targeted by phishing emails, police computer systems were subjected to direct attacks, and a Russian hacker drove a car with hacking equipment near the public prosecution office in Rotterdam.

The above efforts are not believed to have been successful. But the attack that came to light in September 2017 may have been. The infected police academy system ran “exotic” (meaning uncommon) software, according to a well-informed source. The Russians reportedly exploited a zero day vulnerability in that software. After the incident, the national police made improvements in their logging and monitoring capabilities, and in their Security Operations Center (SOC). It is not currently known how long the attackers had access to the national police system, nor what information they were able to obtain.

Author: Matthijs Koot | Date: 17 June 2021 | Permalink

Chinese technology firm denies it had access to Dutch government’s phone calls

Huawei PolandA LEADING CHINESE TELECOMMUNICATIONS firm has strongly denied a claim by a newspaper that its service personnel could listen in on calls made by Dutch telephone users, including senior government officials. The report dates from 2010 and was authored by consultancy firm Capgemini on behalf of KPN, one of Holland’s largest telecommunications service providers. The Rotterdam-based firm had hired Capgemini to conduct a risk analysis on whether more equipment should be purchased from Chinese telecommunications giant Huawei. By that time the Chinese company, one of the world’s largest in its field, was already supplying KPN with hardware and software equipment.

According to the newspaper De Volkskrant, which accessed the 2010 Capgemini report, the consultants cautioned KPN against purchasing more equipment from Huawei. They told KPN bosses that the Chinese firm had “unlimited access” to the content of phone conversations by subscribers through Huawei-built hardware and software that was already present in the Dutch company’s telephone system. These included Holland’s then-Prime Minister, Jan Peter Balkenende, and virtually every government minister. The report claimed that privacy standards existed in theory, but there was no mechanism in place to ensure that they were being followed.

On Tuesday, Huawei issued strong denials of the De Volkskrant report. The firm’s chief operating officer in the Netherlands, Gert-Jan van Eck, said that the Capgemini report allegations, as reported by the newspaper, were “just not [technically] possible”. Van Eck added that such claims were “patently untrue” and represented “an underestimation of the security of the interception environment” that Huawei was operating under in Europe. The Dutch government has made no comment on the De Volkskrant report.

Author: Joseph Fitsanakis | Date: 21 April 2021 | Permalink

Iran spies on dissidents via web server based in Holland, registered in Cyprus

Computer hackingA WEB SERVER BASED in Holland and owned by a company registered in Cyprus is being used by the Iranian government to spy on its critics abroad, according to Dutch public radio. The information about Iranian espionage was revealed on Thursday by NPO Radio 1, one of Holland’s public radio stations, with the help of Romanian cybersecurity firm BitDefender.

The discovery was reportedly made after an Iranian dissident based in Holland was sent an infected file by a user of the popular instant messaging application Telegram. Instead of opening the file, the recipient contacted cybersecurity experts, who identified it as a type of infected software that is known to have been used in the past by the Iranian state. Once it infects a computer, the software takes screenshots and uses the machine’s built-in microphone to make surreptitious recordings.

According to BitDefender’s cybersecurity experts, the server is being used for “command and control” functions in order to facilitate remote control of infected computers and phones. These functions include stealing data, as well as collecting screen shots and audio recordings. The server had been previously used to penetrate computers in Holland, Sweden, Germany, and several other countries, including India.

Cybersecurity experts from BitDefender found that the infected file was delivered to its target via a web server facility based in Haarlem, a city located 20 miles west of Amsterdam. The cybersecurity company said the server is registered to a company that belongs to a Romanian service provider. The company is registered in Cyprus and provides services to a number of companies, including in this case an American company. The latter reportedly stopped using the service provider once it was told of the Iranian connection, according to reports.

Author: Joseph Fitsanakis | Date: 19 February 2021 | Permalink

Holland expels two Russian diplomats, summons Kremlin envoy to issue protest

AIVD HollandOn 10 December 2020, the Dutch Minister of the Interior and Kingdom Relations, Kajsa Ollongren, sent a letter to the House of Representatives to inform them about the disruption of a Russian espionage operation in the Netherlands by the Dutch General Intelligence and Security Service (AIVD).

In connection with Ollongren’s revelations, two Russians using a diplomatic cover to commit espionage on behalf of the Russian Foreign Intelligence Service (SVR) were expelled from the Netherlands. The Russian ambassador to the Netherlands was summoned by the Dutch ministry of Foreign Affairs, which informed him that the two Russians have been designated as persona non grata (unwanted persons). In an unusual move, the AIVD also issued a press statement about this incident in English. The AIVD also released surveillance footage (see 32nd minute of video) of one of the two Russian SVR officers meeting an asset at a park and exchanging material.

The two expelled persons were officially accredited as diplomats at the Russian embassy in The Hague. Minister Ollongren says one of the two SVR intelligence officers built a “substantial” network of sources working in the Dutch high-tech sector. He pursued unspecified information about artificial intelligence, semiconductors, and nano technology that has both civilian and military applications. The Netherlands has designated “High Tech Systems and Materials” (HTSM) as one of 10 “Top Sectors” for the Dutch economy.

In some cases the sources of the SVR officers received payments for their cooperation. According to Erik Akerboom, Director-General of the AIVD, said the agency had detected “relatively intensive” contact between sources and the SVR officers in ten cases. The case involves multiple companies and one educational institute, whose identities have not been revealed. The minister states in her letter that the espionage operation “has very likely caused damage to the organizations where the sources are or were active, and thereby to the Dutch economy and national security”.

The minister announced that the Immigration and Naturalization Service (IND) will take legal action against one source of the two Russians, on the basis of immigration law. The minister also announced that the government will look into possibilities to criminalize the act of cooperating with a foreign intelligence service. Currently, that act on and by itself is not a punishable offense. Under current Dutch and European law, legal possibilities do exist to prosecute persons for violation of confidentiality of official secrets or company secrets.

This newly revealed espionage operation follows other incidents in the Netherlands, including a GRU operation in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in The Hague, and a case in 2015 involving a talented Russian physicist working on quantum optics at the Eindhoven University of Technology. In the latter case, no information was made public about what information the physicist sold to Russian intelligence services. And in 2012, a senior official of the Dutch Ministry of Foreign Affairs was arrested for intending to sell classified official information to a Russian couple in Germany who spied for Russia. He was eventually given an eight year prison sentence.

Author: Matthijs Koot | Date: 14 December 2020 | Permalink

News you may have missed #899

Kevin RuddDutch spies helped Britain break Argentine crypto during Falklands War. Flowing from revelations made earlier this year that Swiss cipher machine company Crypto AG was owned by the CIA and its German counterpart the BND during most of the Cold War, an academic paper has described the Maximator alliance which grew from the Crypto AG compromise. Authored by Professor Bart Jacobs of Radboud University Nijmegen in the Netherlands, the article argues that Dutch spies operating as a part of the Maximator alliance helped Britain’s GCHQ break Argentinian codes during the Falklands War.
The Pandemic’s Geopolitical Aftershocks Are Coming. With most European countries confident that they are past the worst of the coronavirus pandemic, their attention is turning to the chance of its resurgence once society returns to some semblance of normal. But beyond the epidemiological challenges lies a slowly amassing threat that is not pathological in nature, but economic, political, and military. This is the geopolitical second wave, and its power is already starting to concern Western leaders.
The coming post-COVID anarchy. The former prime minister of Australia, Kevin Rudd (pictured), argues in this article that “China and the United States are both likely to emerge from this crisis significantly diminished […]. Both powers will be weakened, at home and abroad”, he opines. And he goes on to suggest that “the result will be a continued slow but steady drift toward international anarchy across everything from international security to trade to pandemic management […]. The chaotic nature of national and global responses to the pandemic thus stands as a warning of what could come on an even broader scale”.

Author: Ian Allen | Date: 24 May 2020 | Permalink

Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

AIVD HollandAn Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink

Holland recalls Iran ambassador after Tehran expels Dutch diplomats

Holland embassy IranHolland said on Monday that it had recalled its ambassador from Tehran after Iran expelled two Dutch diplomats, in a deepening dispute involving the assassination of two Dutch citizens by alleged Iranian agents. In July of last year, Holland announced its decision to expel two Iranian diplomats from The Hague, but did not explain the reason for the expulsions. In January of this year, the Dutch Foreign Ministry confirmed that the diplomatic expulsions were in retaliation to the assassination of two Dutch nationals of Iranian background. One of the victims, Mohammad-Reza Kolahi, was shot dead in the head at point-blank range by two assailants in December 2015 in Almere, a coastal town 25 miles east of Amsterdam. Nearly two years later, in November 2017, another man, Ahmad Mola Nissi, was shot in the head in broad daylight in The Hague. Both men were members of Iranian militant anti-government groups that the Iranian state accuses of terrorism and crimes against the state.

On Monday, the Dutch Minister of Foreign Affairs Stef Blok informed the Dutch House of Representatives in The Hague that Tehran had informed his Ministry on February 20 that two Dutch diplomats would be expelled from Holland’s embassy in the Iranian capital. The two diplomats, who have not been named, were ordered to leave the country by Monday, March 4. Later on Monday, Bahram Ghasemi, spokesman for the Iranian Ministry of Foreign Affairs, confirmed that “two of the diplomats of the Netherlands embassy in Tehran were considered undesirable elements in the framework of a retaliatory measure and were asked to leave the country”. The Iranian move was not made public until last Monday. Blok wrote to the House of Representatives that, in response to Tehran’s move, the Dutch government had decided to recall its ambassador to Iran “for consultations” on how to proceed. Blok noted in his letter that Iran’s decision to expel the Dutch diplomats was “unacceptable and damaging to the bilateral relations between the two countries”.

Late on Monday, the Dutch government also summoned the Iranian ambassador in order to protest the expulsions of its diplomats from Tehran. It was also reported in the Dutch media that a series of financial sanctions imposed on Iran by Holland and its European Union partners in June —presumably over the alleged assassinations that took place on Dutch soil— would remain in place. The sanctions are against two individuals associated with Iranian military intelligence.

Author: Joseph Fitsanakis | Date: 06 March 2019 | Permalink

Dutch counterterrorism report sees rise in Islamist recruitment in the West

NCTV HollandHolland’s chief counterterrorism agency has warned that, despite losing its territories in the Middle East, the Islamic State continues to recruit operatives and is ready to launch attacks in the West “at a moment’s notice”. The warning is contained in a report published last week by the Dutch National Coordinator of Counterterrorism and Security (NCTV). Established in 2005 as the Dutch National Coordinator for Counterterrorism, and renamed in 2012, the NCTV works under Holland’s Justice and Security Minister. It is responsible for analyzing terrorism threats and assessing the country’s domestic terrorism threat level.

In its most recent report (.pdf), entitled Terrorist Threat Assessment Netherlands, the NCTV warns that it is not only the Islamic State (known also as Islamic State of Iraq and Syria, or ISIS) that remains highly active, but also al-Qaeda. The two groups are riding a wave of Salafist Muslim extremism that appears to be on the rise throughout Europe, says the report. ISIS, in particular, continues to engage in extensive recruitment drives in the West, which take place mostly through the dissemination of propaganda material online. There is also a proliferation of an underground recruitment movement in conservative Muslim schools and mosques across the West, says the report (.pdf).

But the most serious short-term threat to European and North American security, according to the NCTV document, comes from so-called returnees, citizens of European countries who joined the Islamic State in Syria and Iraq and are now returning —or trying to return— to their home states in the West. The majority of these men and women remain faithful to the idea of the caliphate despite the failure of their efforts in the Middle East. There is a risk that, upon their return to the West, they will connect with existing —and growing— Salafist underground networks there, and remain active in radical circles. The report also notes that both ISIS and al-Qaeda are showing increasing interest in developing chemical and biological weapons for use against civilian and military targets.

Author: Joseph Fitsanakis | Date: 04 March 2019 | Permalink

Holland says Iranian spies assassinated two men on Dutch soil

Dutch Police HagueAuthorities in Holland have officially accused Iran of ordering the contract murders of two men on Dutch soil in 2015 and 2017, one of them just a block away from the Dutch foreign ministry’s headquarters. The announcement illuminates the reason behind the expulsion of two Iranian diplomats from Holland last year, which the authorities did not explain at the time.

The first of the two assassinations happened on December 15, 2015, in Almere, a coastal town located 25 miles east of Amsterdam. The victim was Mohammad-Reza Kolahi, a 56-year-old electrician who was wanted in Iran for allegedly planting a bomb in 1981. The bomb targeted the headquarters of the ruling Islamic Republican Party, killing more than 70, and is often referred to as the deadliest domestic terrorist attack in Iran’s history. Kolahi, a member of a Marxist-Islamist group calling itself the People’s Mujahedin Organization of Iran (MEK), fled the country and was sentenced to death in absentia. He eventually married a Dutch national and acquired Dutch citizenship, changing his name to Ali Motamed. He was reportedly shot in the head at point-blank range by two assailants dressed in all black. Nearly two years later, on November 9, 2017, Ahmad Mola Nissi was also shot in the head in broad daylight by two assailants. The murder took place in the middle of the street in downtown Hague, site of Holland’s parliament and a host of international institutions. Nissi, 52, was a co-founder of the Arab Struggle Movement for the Liberation of Ahwaz (ASMLA), a secessionist group that seeks an independent Arab homeland in the oil-rich southwestern regions of Iran. Tehran has claimed for decades that both groups, MEK and ASMLA, have been supported by Iraq, Israel, the United States and the European Union.

On Tuesday, Holland’s Minister of Foreign Affairs, Stef Blok, informed the Dutch parliament that the country’s intelligence services had provided “strong evidence” that the Islamic Republic was involved in the assassinations of Kolahi and Nissi. He added that both men were Dutch citizens and that their murders on Dutch soil were “hostile actions” that directly violated Dutch sovereignty. He also revealed that the expulsions of two Iranian diplomats from Holland in June of last year were in direct response to the evidence unearthed by the Dutch intelligence services about the two murders. IntelNews readers will recall that the Dutch Foreign Ministry did not explain the reason for the expulsions when these were announced last summer. Also on Tuesday, the European Union announced the imposition of financial sanctions against two individuals associated with Iranian military intelligence, reportedly in response to Holland’s announcement.

Author: Joseph Fitsanakis | Date: 09 January 2019 | Research credit: M.K. | Permalink

ISIS using Turkey as strategic base to reorganize, Dutch intelligence report says

Turkey ISISIslamic State cells are using Turkey as a strategic base in which to recuperate, rebuild, and plan an underground war in Europe, according to a new report by Dutch intelligence. This assessment is featured in a report published on Monday by Holland’s General Intelligence and Security Service, known as AIVD. The document, which is available in the Dutch language on the website of the AIVD, is entitled The Legacy of Syria: Global Jihadism Remains a Threat to Europe.

The 22-page report argues that the government of Turkey does not see Sunni Islamist groups, such as al-Qaeda and the Islamic State (also known as the Islamic State of Iraq and Syria, or ISIS), as a pressing national security threat. Instead, Turkish security services are far more concerned with the ethnic Kurdish insurgents of the Kurdistan Workers’ Party (PKK) in Turkey and the People’s Protection Units (YPG) in Syria. Therefore, although Turkish authorities do sometimes take action to combat al-Qaeda and ISIS, “Turkish interests do not always correspond with European priorities on the field of counter-terrorism”, says the report. For that reason, Turkey served as a large transit center of tens of thousands of foreign fighters who poured into Syria to fight for Sunni Islamist groups during the height of the Syrian Civil War. At least 4,000 of those fighters are believed to be Turkish citizens, according to the AIVD report.

Today Turkey is home to tens of thousands of sympathizers of both al-Qaeda and ISIS —two organizations that maintain an active presence throughout the country— claims the report. The hands-off approach of the Turkish government is giving these groups “enough breathing space and freedom of movement” to operate relatively freely on Turkish soil. Additionally, al-Qaeda and ISIS members exploit the relative peace and stability of Turkey to forge plans to attack Western target, claims the AIVD report. It is from Turkey, it argues, that the Islamic State plans to shape and direct its pending underground war on the European continent.

Author: Joseph Fitsanakis | Date: 08 November 2018 | Permalink

%d bloggers like this: