Western spy agencies thwarted alleged Russian plot to hack Swiss chemical lab

OPCW HagueWestern intelligence agencies thwarted a plot involving two Russians intending to travel to a Swiss government laboratory that investigates nuclear, biological and chemical weapons, and hack its computer systems. According to two separate reports by Dutch newspaper NRC Handelsblad and Swiss newspaper Tages-Anzeiger, the two were apprehended in The Hague in early 2018. The reports also said that the Russians were found in possession of equipment that could be used to compromise computer networks. They are believed to work for the Main Intelligence Directorate, known as GRU, Russia’s foremost military intelligence agency. The apprehension was the result of cooperation between various European intelligence services, reportedly including the Dutch Military Intelligence and Security Organization (MIVD).

The laboratory, located in the western Swiss city of Spiez, has been commissioned by the Netherlands-based Organization for the Prohibition of Chemical Weapons (OPCW) to carry out investigations related to the poisoning of Russian double agent Sergei Skripal and his daughter Yulia in March of this year. It has also carried out probes on the alleged use of chemical weapons by the Russian-backed government of President Bashar al-Assad in Syria. In the case of the Skripals, the laboratory said it was able to duplicate findings made earlier by a British laboratory.

Switzerland’s Federal Intelligence Service (NDB) reportedly confirmed the arrest and subsequent expulsion of the two Russians. The Swiss agency said it “cooperated actively with Dutch and British partners” and thus “contributed to preventing illegal actions against a sensitive Swiss infrastructure”. The office of the Public Prosecutor in the Swiss capital Bern said that the two Russians had been the subject of a criminal investigation that began as early as March 2017. They were allegedly suspected of hacking the computer network of the regional office of the World Anti-Doping Agency in Lausanne. The Spiez laboratory was a target of hacking attempts earlier this year, according to a laboratory spokesperson. “We defended ourselves against that. No data was lost”, the spokesperson stated.

On April 14, Russian Minister of Foreign Affairs Sergei Lavrov stated that he had obtained the confidential Spiez lab report about the Skripal case “from a confidential source”. That report confirmed earlier findings made by a British laboratory. But the OPCW, of which Russia is a member, states that its protocols do not involve dissemination of scientific reports to OPCW member states. Hence, the question is how Foreign Minister Lavrov got hold of the document.

As intelNews reported in March, in the aftermath of the Skripals’ poisoning the Dutch government expelled two employees of the Russian embassy in The Hague. In a letter [.pdf] sent to the Dutch parliament on March 26 —the day when a large number of countries announced punitive measures against Russia— Holland’s foreign and internal affairs ministers stated that they had decided to expel the two Russian diplomats “in close consultation with allies and partners”. The Russians were ordered to leave the Netherlands within two weeks. It is unknown whether the two expelled Russian diplomats are the same two who were apprehended in The Hague, since none have been publicly named.

A November 2017 parliamentary letter from Dutch minister of internal affairs Kajsa Ollongren, states[4] that Russian intelligence officers are “structurally present” in the Netherlands in various sectors of society to covertly collect intelligence. The letter added that, in addition to traditional human intelligence (HUMINT) methods, Russia deploys digital means to influence decision-making processes and public opinion in Holland.

Author: Matthijs Koot | Date: 17 September 2018 | Permalink

Advertisements

Police investigate mysterious disappearance of close WikiLeaks associate

Arjen KamphuisPolice in Norway and Holland have opened formal investigations into the whereabouts of a Dutch cybersecurity expert and senior associate of WikiLeaks, who disappeared without trace on August 20. Arjen Kamphuis, a 47-year-old online privacy specialist, is known for his book Information Security for Journalists, which offers advice on investigative reporters working on national security and intelligence matters. Additionally, Kamphuis, who has Dutch citizenship, is a close associate of Julian Assange, founder of the international whistleblower website WikiLeaks.

According to reports, Kamphuis was last seen in Bodo, a town of 50,000 people located in Norway’s arctic region. Witnesses say that on August 20, Kamphuis checked out of his hotel in the center of Bodo and headed on foot to the town’s main railway station, where he planned to catch a train to Trondheim, Norway’s third largest city. From there he was scheduled to fly to the Dutch capital Amsterdam on August 22. However, it is not known whether Kamphuis ever boarded the 10-hour, 500-mile train ride to Trondheim. He certainly did not board his flight to Amsterdam and has not been heard from since he left his Bodo hotel on August 20. The French news agency Agence France Presse cited Norwegian police spokesman Tommy Bech, who said that Norwegian authorities were unaware of Kamphuis’s current whereabouts. He refused to speculate about what may have happened to Kamphuis after he left his hotel in Bodo, but said that the Norwegian police had opened a formal investigation into his disappearance, in association with police in Holland.

The Dutch cybersecurity expert’s disappearance comes as the fate of his close associate and WikiLeaks founder Julian Assange appears increasingly uncertain. The Australian-born Assange has been living in self-confinement inside the Ecuadorian embassy in London for six years. During that time, the Ecuadorian government has offered Assange protection against charges of rape and sexual assault that have been filed against him in Sweden, which the WikiLeaks founder dismisses as a political conspiracy against him. This past summer, however, Ecuador’s new President, Lenin Moreno, said that Assange would need to leave his embassy quarters soon. Assange is also wanted in the United States for leaking classified government documents through the WikiLeaks platform.

Author: Joseph Fitsanakis | Date: 05 September 2018 | Permalink

Holland expels two Iranian diplomats, but stays silent on reasons

Iran embassy HagueHolland has expelled two Iranian diplomats without saying why, leading to speculation that the expulsions may be related to the arrests of members of an alleged Iranian sleeper cell in Belgium, Germany and France last week. On Friday, a spokesperson from Holland’s General Intelligence and Security Service (AIVD) told reporters that “two persons accredited to the Iranian embassy” in the Hague “were expelled from the Netherlands on June 7”. The spokesperson continued saying that, although the AIVD was able to confirm that the two unnamed persons had been expelled from the country, they would “not provide any further information”. When journalists contacted Holland’s Ministry of Foreign Affairs, they were told that there would be no comment on the matter from the Dutch government.

Late on Friday, the Reuters news agency cited an unnamed “European government official and a Western intelligence source” who said that the two Iranian embassy personnel were expelled from Holland “up to two months ago”. But Holland’s state-owned Dutch Broadcast Foundation (NOS) reported that the expulsions took place on June 7. No further information appears to be publicly available. However, assuming that the expulsions took place last week, and not two months ago, they appear to have coincided with the arrests of members of an alleged Iranian sleeper cell on June 30 and July 1. As intelNews reported last week, the arrests began on June 30, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria. On the same day, a fourth person, who has not been named, was arrested by authorities in France, reportedly in connection with the three other arrests.

All four individuals appear to have been charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a Marxist militant group that has roots in radical Islam and Marxism. Until a few years ago, the MEK was designated as a terrorist group by the European Union and the United States, but has since been reinstated in both Brussels and Washington. There is also speculation that last week’s expulsions in Holland may be related to the assassinations of dissident Iranian expatriates in Holland in 2015 and 2017, which have been blamed on the government in Tehran.

On Saturday, the Iranian Ministry of Foreign Affairs summoned the Dutch ambassador to protest against the expulsions of its diplomats, while a ministry spokesperson warned that “the Islamic Republic reserves the right to retaliate”. Reuters quoted an unnamed “senior Iranian official” who said that “all these arrests and expulsions are part of our enemies’ attempts to harm efforts to salvage the nuclear deal”, a reference to the Joint Comprehensive Plan of Action.

Author: Joseph Fitsanakis | Date: 09 July 2018 | Research credit: M.K. | Permalink

Ukraine, Russia, spied on Dutch investigators of MH17 plane disaster, TV report claims

MH17 crashDozens of Dutch security officers, legal experts, diplomats and other civil servants were systematically spied on by Ukrainian and Russian intelligence services while probing the aftermath of the MH17 disaster, according to a report on Dutch television. Malaysia Airlines Flight 17, a scheduled passenger flight from Amsterdam to Kuala Lumpur, was shot down over eastern Ukraine on July 17, 2014. All 283 passengers and 15 crew on board, 196 of them Dutch citizens, were killed. In the aftermath of the disaster, the Dutch Safety Board spearheaded the establishment of the multinational Joint Investigation Team (JIT), which is still engaged in a criminal probe aimed at identifying, arresting and convicting the culprits behind the unprovoked attack on Flight MH17. As part of the JIT, dozens of Dutch officials traveled to Ukraine to initiate the investigation into the plane crash and repatriate victims’ bodies and belongings. Their activities were conducted with the support of the Ukrainian government, which is party to the JIT.

But on Tuesday, Holland’s RTL Niews broadcaster said that members of the Dutch JIT delegation were subjected to systematic and persistent spying by both Ukrainian and Russian government operatives. According to RTL, Dutch investigators found sophisticated eavesdropping devices in their hotel rooms in Ukraine, and believed that their electronic devices had been compromised. Citing “inside sources” from the Dutch government, the broadcaster said that, during their stay in Ukraine, members of the Dutch JIT delegation noticed that the microphones and cameras on their wireless electronic devices would turn on without being prompted. They also noticed that the devices would constantly try to connect to public WiFi networks without being prompted. Upon their return to Holland, Dutch officials had their wireless devices examined by Dutch government security experts. They were told that numerous malware were discovered on the devices.

RTL Niews said that the question of whether valuable information relating to the MH17 investigation was stolen by foreign spies remains unanswered. But it noted that the members of the Dutch JIT delegation were warned about possible espionage by foreign powers prior to traveling to Ukraine. During their stay there, they were not allowed to send messages in unencrypted format and were only permitted to hold sensitive conversations in especially designated rooms inside the Dutch embassy in Kiev. The Dutch government did not respond to questions submitted to it by RTL Niews. But it issued a statement saying that its security experts had briefed and trained the Dutch JIT delegation prior to its trip to Ukraine. Members of the delegation were told that foreign parties would seek to collect intelligence, because the MH17 investigation was taking place in a “conflict area with significant geopolitical interest” for many parties. They were therefore advised to “assume that they were being spied on [and] adjust [their] behavior accordingly” while in Ukraine, the Dutch government’s statement said.

Author: Ian Allen | Date: 28 June 2018 | Permalink

Analysis: New legal framework for Dutch intelligence services becomes law

Wet op de Inlichtingen- en Veiligheidsdiensten
On May 1, 2018, the legal framework for the Dutch intelligence community changed as the new Intelligence and Security Services Act became operational. Previously, both chambers of parliament discussed and accepted the Act on February 14 and July 11, 2018. A group of Amsterdam-based students, however, were worried that the Act —which includes the power to intercept cable-bound communication in bulk— would induce a surveillance state. They initiated a public referendum, which was held on March 21, 2018.

In what was an intense and prolonged public debate in the months leading up to the referendum, critics of the new Act advanced their views against it. Among them was the digital civil rights group Bits of Freedom, which argued that the power to intercept cable-bound communication in bulk would destroy “the core value of our free society, that a law-abiding citizen will not be monitored”. The Act also allows the General Intelligence and Security Service (known by its Dutch acronym AIVD) and the Military Intelligence and Security service (abbreviated as MIVD) to exchange large sets of unevaluated data with their foreign counterparts without prior approval by the new independent review commission. The services see this quid pro quo data sharing as essential for their counter-terrorism mission. But in the view of opponents, the fact that unevaluated and unanalyzed datasets are exchanged is unacceptable.

Additionally, Bits of Freedom was opposed to the real-time access to databases of partners (such as tax authorities, other governmental agencies, but also banks) that was granted to the intelligence and security services. They argued that the oversight bodies and the responsible minister should have to sign off on this (it should be noted however, that such database access will be only granted on a hit/no-hit basis, so there will be no free searches. Finally, and more broadly, it was argued that the new Act contained too many “open norms”. This was in line with the cabinet’s goal to formulate a new act that would be more independent of technological developments —the Act of 2002 was not, and therefore the update was seen as necessary. But it also remains unspecified in which specific circumstances and under what criteria and norms the new powers can and cannot be applied. Read more of this post

Report from Holland: Cable-bound interceptions and ‘dragnets’

Wet op de Inlichtingen- en VeiligheidsdienstenFor the past year, the Netherlands has had a new law governing its two secret services, the AIVD and the MIVD. The new Intelligence and Security Services Act (Wet op de inlichtingen- en veiligheidsdiensten or Wiv) was and still is heavily criticized, especially because it allows untargeted access to cable-bound telephone and internet traffic. Under the previous law, which dates from 2002, the intelligence services were only allowed to conduct bulk interception of wireless transmissions, like satellite and radio communications —besides of course the traditional targeted telephone and internet taps aimed at individual targets.

That prohibition of bulk cable tapping is not the only thing that makes Dutch intelligence services different from those of many other countries. Probably the biggest difference is the fact that the Wiv applies to both foreign and domestic operations, as if the two secret services were responsible for both domestic security and foreign intelligence.

The General Intelligence and Security Service (Algemene Inlichtingen- en Veiligheidsdienst, or AIVD) covers the civilian domain, and focuses at Jihadist terrorism, radicalization, rightwing and leftwing extremism, counter-intelligence and countering cyber threats. This is mostly domestic, but the AIVD also has a small branch that gathers foreign intelligence from and about a select range of countries. The Military Intelligence and Security Service (Militaire Inlichtingen- en Veiligheidsdienst, or MIVD) covers military issues, and is therefore more foreign-orientated than its civilian counterpart. The MIVD is responsible for the security of Dutch armed forces and for collecting foreign intelligence in military matters, while at the same time providing support of Dutch military missions abroad, like for example in Mali. When it comes to Signals Intelligence (SIGINT), the AIVD and MIVD combined their efforts in a joint unit called the Joint SIGINT Cyber Unit (JSCU), which became operational in 2014. The JSCU is responsible for most of the technical interception capabilities, from traditional wiretaps to cyber operations. The JSCU is not allowed to conduct offensive cyber operations. The latter are conducted by the Defence Cyber Command (DCC) of the Dutch armed forces. Read more of this post

Report from Holland: A heated debate over a new intelligence and security act

Wet op de Inlichtingen- en VeiligheidsdienstenOn March 21, the Dutch public cast their vote about the new Intelligence and Security Services Act, in Dutch Wet op de Inlichtingen- en Veiligheidsdiensten (or WIV). In this two-part post, we report about the debate currently taking place. In our first contribution, the discussion itself will be analyzed. In our second post, we will focus on the new special powers that the Act grants the Dutch intelligence community, more specifically the practice of cable-bound interception, which is central here.

First the discussion. Public unrest about the new intelligence act came rather late. In August, a group of concerned students from Amsterdam was able to collect more than ten thousand signatures for a consultative referendum on the Intelligence and Security Services Act, to which the House of Representatives agreed on 14 February, and the Senate on 11 July 2017. The students were supported by a variety of digital civil liberties organizations, including Amnesty International and Bits of Freedom, and successfully petitioned 300,000 signatures. By law (which has been abolished in the meantime) the Dutch government was required to hold a consultative referendum about the new Act.

What conclusions they will draw from a ‘yes’ or ‘no’ majority, based on whatever turn-out percentage, is unclear. Some leaders of the coalition parties, such as the Christian-Democratic parliamentary leader Sybrand Buma, have stated that they will ignore the referendum altogether. A bit late to the party (parliament has discussed and accepted the new Act throughout 2017), the concerned students and digital civil rights groups claim their goal is to start a discussion about the ‘tapping law’ or ‘vacuum cleaner capability’, most often referred to as the ‘dragnet law’ in popular metaphors. Although this complex and comprehensive law settles a variety of intelligence matters, the discussion has focused almost exclusively on the ‘dragnet’: the interception of communication traffic that runs through fiber optic cables, and the consequences of the application of this special power for the privacy of Dutch citizens. Read more of this post