Iranian state-backed cyber spies becoming increasingly skilled, says report

Computer hackingA group of cyber spies with close links to the Iranian government is becoming increasingly competent and adept, and could soon bring down entire computer networks, according to a leading cyber security firm. The California-based cyber security company FireEye said that it has been monitoring the operations of the mysterious group of cyber spies since 2013. The company, whose clients include Sony Pictures, JP Morgan Chase and Target, said that the Iranian group appears to be especially interested in gathering secrets from aviation, aerospace and petrochemical companies.

In a detailed report published on Wednesday, FireEye said that the Iranian group has a very narrow target focus. Moreover, it attacks its targets —which are typically companies— in highly customizable ways. The latter includes the use of cleverly designed phishing tools that are designed to attract the attention of the company’s unsuspecting employees. So far, companies that have been targeted include Saudi petrochemical conglomerates, American aviation firms, as well as South Korean and other Southeast Asian companies that have aviation or energy holdings, said FireEye. The security company said it had codenamed the group “APT33”, which stands for “Advanced Persistent Threat #33”. It also said that APT33 was clearly distinct from other known Iranian hacker groups, because of the sophistication of its operations and the quality of its cyber weapons. The cyber security firm said that APT33 was the first Iranian hacker group to be included on a select list of the most capable cyber spy groups from around the world.

Some experts believe that APT33 is run by Iran’s Revolutionary Guard Corps, an irregular branch of the Iranian military, which is seen by many as a state within a state in post-1979 Iran. The FireEye report does not appear conclusive on this point. However, it notes that APT33 has built an offensive cyber arsenal “with potential destructive capabilities”, but that it currently appears to focus solely on intelligence collection, not sabotage or warfare.

Author: Joseph Fitsanakis | Date: 21 September 2017 | Permalink

Advertisements

CopyKittens cyber espionage group linked to Iranian state, says report

CopyKittensA cyber espionage group that has alarmed security researchers by its careful targeting of government agencies has links to the Iranian state, according to a new report. The existence of the group calling itself CopyKittens was first confirmed publicly in November of 2015. Since that time, forensic analyses of cyber attacks against various targets have indicated that the group has been active since at least early 2013. During that time, CopyKittens has carefully targeted agencies or officials working for Jordan, Saudi Arabia, Turkey, Israel, the United States, and Germany, among other countries. It has also targeted specific offices and officials working for the United Nations.

Throughout its existence, CopyKittens has alarmed cyber security researchers by its strategic focus on political targets belonging to governments. The group’s methods of operation do not resemble those of most other hacker groups, which are usually crude by comparison. Now a new report by two leading cyber security groups claims that CopyKittens is linked to the Iranian state. The report was published on Tuesday as a joint effort by Japan’s Trend Micro and Israel’s ClearSky firms. The report analyzes several operations by CopyKittens, some conducted as recently as last April. It concludes that CopyKittens is “an active cyber espionage actor whose primary focus [is] foreign espionage on strategic targets”. Additionally, the report suggests that the group operates using “Iranian government infrastructure”.

According to the Trend Micro/ClearSky report, CopyKittens tends to use relatively simple hacking techniques, such as fake social media profiles, attacks on websites, or emails that contain attachments that are infected with malicious codes. However, its members appear to be “very persistent” and usually achieve their goal “despite lacking technological sophistication”. The security report did not directly address the political ramifications of implicating the Iranian government in the CopyKittens’ hacking operations. The Reuters news agency contacted Iranian officials at the United Nations about the CopyKittens report, but they nobody was available for comment.

Author: Ian Allen| Date: 26 July 2017 | Permalink

CIA whistleblower complains of seven-year inaction by Agency’s inspector general

CIAA contractor for the United States Central Intelligence Agency has complained in an interview that no action has been taken in the seven years since he revealed a “billion-dollar fraud” and “catastrophic intelligence failure” within the Agency’s ranks. John Reidy argues that his case illustrates the unreasonable delay that impedes investigations by whistleblowers like him inside the CIA. Individuals like him, he argues, are forced to seek justice through leaks to the media, something which could be avoided if the CIA’s Office of the Inspector General addressed concerns more promptly.

Reidy, 46, from Worcester in the US state of Massachusetts, joined the CIA in 2003, after graduating with a law degree from the University of San Francisco. But he left the agency soon after joining, initially to work for a security contractor before setting up his own company, Form III Defense Solutions. He continued to work with the CIA by subcontracting his services, focusing on Iran. Reidy’s company developed an intelligence study guide for Iran and advised the CIA on the use of human intelligence (known as HUMINT) in the Islamic Republic.

In 2010, Reidy submitted two complaints to the CIA’s Office of the Inspector General, the Agency’s internal watchdog that is tasked with investigating whistleblower allegations. The first issue related to what Reidy describes as large-scale “fraud between elements within the CIA and contractors”. The second issue involved a “massive [and] catastrophic” intelligence failure “due to a bungled foreign operation”. When he filed his concerns with the OIG, Reidy was hoping that attention would be given to his claims right away. However, seven years later, his case is still “gathering dust” at a CIA office, he says. When he realized that no progress had taken place in several years, a frustrated Reidy forwarded his case —which includes copies of 80 emails and nearly 60 other documents— to Senator Chuck Grassley, chairman of the US Senate Committee on the Judiciary. He also reached out to the McClatchy news service with his concerns.

The secrecy rules that apply to those who work for the US Intelligence Community prevent Reidy from disclosing details of the alleged fraud and intelligence failure, or from specifying the country in which these incidents took place —though it seems from his intelligence résumé  that they probably involve Iran. But in an interview with McClatchy news service, the intelligence contractor voiced grave concerns about the internal investigation process in the CIA. “I played by the rules [and] they are broken”, he said. “The public has to realize that whistleblowers [like me] can follow all the rules and nothing gets done”, added Reidy. He went on to warn that if the CIA does not improve its internal investigation system, leaks to the media “may grow worse”.

McClatchy contacted the CIA about Reidy’s concerns and was told by a spokesperson, Heather Fritz Horniak, that, “as a general matter, [the CIA does] not comment on ongoing litigation”.

Author: Joseph Fitsanakis | Date: 14 July 2017 | Permalink

Opinion: Trump’s silence over Tehran attacks exposes US policy conundrums

IranThe security map of the Middle East changed within a few hours on Wednesday, when the Islamic State managed to strike Iran for the first time. Six assailants —five men and a woman— stormed the Islamic Consultative Assembly, which serves as the parliament of Iran, and the mausoleum of the founder of the Islamic Republic, Ayatollah Khomeini. By the time they killed themselves, or were killed by security forces, the six had murdered 12 people and injured over 60. The Islamic State, which carried out the attack, had warned for several months that it would launch a direct assault at the heart of the world’s largest Shiite state. It tried to do so before, several times, and failed. But Wednesday’s attack was the first time it managed to do so successfully.

It is certainly ironic that Iran, one of the world’s most prolific sponsors of terrorism, boasts of being one of the most terrorism-free countries in the Middle East. Indeed, Wednesday’s bloody strike was the largest terrorist attack in Tehran’s history after the early years of the 1979 Islamic Revolution. It is a remarkable record that many of Iran’s neighbors, such as Iraq or Syria, can only dream of. Moreover, Iran’s claim that its regional rival Saudi Arabia is responsible for Wednesday’s attack is both outlandish and absurd. It is true that militant Wahhabism, Saudi Arabia’s state religion, is at the root of the Islamic State’s doctrine. But the fanatics of the Islamic State direct as much ire against Saudi Arabia as they do against Iran. They accuse the former of being apostates —Muslim traitors who side with infidels— and the latter of being heretics that must be annihilated. Read more of this post

Iranian spies second most active in Germany, says Interior Ministry

BND GermanyIranian intelligence operatives are the second most active in Germany after Russian spies, with much of their activity focusing on Israeli targets in the country, according to the German Interior Ministry. The information is contained in a report that was issued in response to a request by a member of Germany’s Bundestag last week. It states that Iranian spies have engaged in nearly two dozen known intelligence operations on German soil since 2007, and have even targeted individuals for assassination.

The Interior Ministry’s report reveals that German authorities initiated counterintelligence investigations against 22 cases of espionage by Iranian agents during the past decade. These account for over 17 percent of all counterintelligence cases conducted by the German state since 2007. Of the remaining cases, 27 concerned Russian spies, while China and Turkey are believed to be behind 15 spy cases each. Syrian intelligence operatives were found to be behind a total of eight spy operations conducted on German soil in the past decade. According to the report, the majority of intelligence operations conducted in Germany by Iranian agents were attempts to secure material and technologies that could be used in Iran’s nuclear program. Approximately half of Germany’s federal states reported attempts by Iranian agents to secure nuclear-related goods in recent years.

But Tehran has also allegedly been implicated in attempted assassinations of German citizens, according to the report. One example mentioned in the document is that of Mustafa Haidar Syed-Naqfi. Sayed-Naqfi, who is a Pakistani national, was arrested in the northern German city of Bremen in January of this year for spying on behalf of Iran. According to German authorities, the Pakistani man compiled lists of potential targets for assassination by Iran. As intelNews reported at the time, Syed-Naqfi’s list of targets included prominent Jews or German-Israelis living in northern Germany. Among them was Reinhold Robbe, a politician with the center-left Social Democratic Party (SPD), who served for a number of years as president of the German-Israeli Congress. According to reports, the spy had compiled detailed maps of Robbe’s daily movements, which outlined his travel routines and the routes he took from his home to the DIG headquarters in Berlin. German officials believe that the type of surveillance that Sayed-Naqfi. carried out against Robbe indisputably leads to the conclusion that the politician’s assassination was being planned.

German authorities believe that Syed-Naqfi worked for the Quds Force, a Special-Forces unit of Iran’s Revolutionary Guards Corps, which is responsible for covert operations outside Iran. Last month, the Pakistani man was given a four-year prison sentence by a Berlin court for engaging in espionage on German soil.

Author: Joseph Fitsanakis | Date: 25 April 2017 | Permalink

Israel’s chief of staff says Hezbollah killed its own commander in Syria

Mustafa Amine BadreddineAn Israeli military official has repeated claims in the Arab media that the Lebanese Shiite group Hezbollah killed its own military commander in Syria, following a dispute with Iran. Mustafa Amine Badreddine, 55, an expert in explosives and former bomb-maker, was a senior military commander in the military wing of Hezbollah. He rose through the ranks of the organization to become a trusted adviser to Hezbollah’s Secretary General, Hassan Nasrallah. In 2011, the Special Tribunal for Lebanon, set up by the United Nations, charged Badreddine with organizing the assassination of Lebanese Prime Minister Rafik Hariri. Hariri was killed with over 20 other people in a massive bomb blast in Beirut, in February of 2005.

Soon after the outbreak of the Syrian Civil War, the leadership of Hezbollah dispatched Badreddine to the Syrian capital Damascus. His stated mission was to command thousands of Hezbollah troops, who fought under Iranian guidance in support of the Syrian President Bashar al-Assad. But on May 13, 2016, Badreddine was reportedly killed in Damascus, causing observers to describe his death as the biggest setback for the Shiite militant group since the 2008 assassination of its leading commander, Imad Mughniyeh. Initial reports in Hezbollah-controlled Lebanese media suggested that Badreddine might have been killed in an Israeli air attack. But a press statement issued later by Hezbollah said the commander had been killed as a result of an armed attack by Sunni rebels. However, on March 8 of this year, the Saudi-owned pan-Arab television network al-Arabiya said it had conducted its own investigation into Badreddine’s death, and had concluded that he was killed by Hezbollah itself. The network claimed that Hezbollah’s Secretary General Nasrallah had ordered Badreddine’s killing, after the Iranians demanded it. Apparently the Iranians wanted him killed because he disputed the authority of Major General Qasem Soleimani, commander of Iran’s Revolutionary Guard Corps, who is often credited with having saved the Syrian government from demise during the Civil War.

The claim that Badreddine was killed by Hezbollah was echoed on Tuesday by Lieutenant General Gadi Eisenkot, Chief of the General Staff of the Israel Defense Forces. Speaking to the Associated Press, Lt Gen Eisenkot said that reports from Arab media that Badreddine was killed by his own forces agreed “with intelligence we have”, referring to the Israeli military. It is worth noting that Israeli officials rarely comment on intelligence operations, including assassination operations, choosing instead to adhere to a “refuse to confirm or deny” policy.

Author: Joseph Fitsanakis | Date: 22 March 2017 | Permalink

Iran sentences professor at Belgian university to death for spying

Ahmadreza DjalaliAn Iranian scientist who works at a university in Belgium has been sentenced to death in Iran, allegedly for spying. According to his family and his employer in Belgium, Dr. Ahmadreza Djalali is currently in prison in Tehran. Dr. Djalali, 45, is professor of disaster medicine at the Vrije Universiteit Brussel (VUB), a Dutch-speaking university located in the Belgian capital. For the past few years, Dr. Djalali has been based in Italy, where he teaches in the VUB’s European Master’s program in Disaster Medicine. According to an announcement on the VUB’s website, Dr. Djalali is now awaiting execution, which has been scheduled to take place later this month.

It is believed that the professor was arrested in April of last year, while visiting his family in Iran. But his family in Europe chose not to publicize his arrest, in hopes of getting him released. They spoke to the media only after Dr. Djalali was given a death sentence last week. The reason for the scientist’s arrest has not been made clear, but it is thought to relate to his collaboration with other researchers in Belgium and Italy, some of whom are Israeli citizens. Iran considers Israel an “enemy entity” and does not allow its citizens to interact with Israeli citizens. Officials at VUB claim that Dr. Djalali is has not been involved in political campaigns or discussions, and that his contacts with foreign scientists are solely research-driven.

According to his family, Dr. Djalali has protested his detention by launching hunger strikes on three separate occasions, which have severely affected his health. He also claims that he was not allowed access to lawyers and that he was not given a trial. Instead, he said he was interrogated and forced to sign a confession admitting to an offence that he does not recognize. Iranian authorities have refused comment on the matter.

Author: Ian Allen | Date: 07 February 2017 | Permalink