Iranians may have used female spy to ‘honey-trap’ dissident living in France

Ruhollah ZamThe Iranian government may have used a female intelligence officer to lure a leading Iranian dissident from his home in France to Iraq, where he was abducted by Iranian security forces and secretly transported to Iran. Iranian authorities announced the arrest of Ruhollah Zam on October 15. On that day, Iranian state television aired a video showing a blindfolded Zam surrounded by officers of the Islamic Revolutionary Guard Corps (IRGC).

Zam, 46, was a prominent online voice of dissent during the 2009 Green Movement, an Iranian youth-based reform campaign whose leaders called for the toppling of the government in Tehran. He joined other young Iranians in launching AmadNews, a website whose stated purpose was “spreading awareness and seeking justice” in Iran. Soon after its emergence, AmadNews became the online voice of the Green Movement. Following a brief period of detention in 2009, Zam fled Iran and settled in France, from where he continued his online work through AmadNews and its successor, a website and Telegram channel called Seda-ye Mardom (Voice of the People).

Earlier this month, the Iranian government announced that Zam had been captured in a “complicated intelligence operation” that used “modern intelligence methods and innovative tactics” to lure Zam out of France and into the hands of the IRGC. But it did not provide further information about the method that was used to convince Zam to travel to Iraq, whose government is closely aligned with Iran’s. A few days ago, however, the London-based newspaper The Times claimed that the IRGC used a woman to gain Zam’s trust and lure him to Iraq.

Citing exiled Iranian activists that work closely with Zam, the British newspaper said that the woman entered his life nearly two years ago, thus pointing to a lengthy intelligence operation by the IRGC. Over time, she won his trust and eventually convinced him to travel to Jordan on October 11, and from there to Baghdad, Iraq, on October 12. The reason for his trip was that, allegedly, the woman convinced him that Ali al-Sistani, one of the most prominent Shiite clerics in Iraq, had agreed to fund Zam’s online activities. However, the cleric needed to confer with the exiled dissident in person before agreeing to fund his work, according to the woman. It is not known whether Zam and the unnamed woman were romantically involved.

The Times also alleged that Zam’s abduction and arrest was met with “at least tacit approval” by the French intelligence services. The latter now expect that two French academics, who have remained imprisoned in Iran for alleged espionage activities for over a year, will be released as part of a swap with Zam.

Author: Joseph Fitsanakis | Date: 23 October 2019 | Permalink

Russian government cyber spies ‘hid behind Iranian hacker group’

Computer hackingRussian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, released on Monday, concerns a Russian cyber espionage group termed “Turla” by European cyber security experts.

Turla is believed to operate under the command of Russia’s Federal Security Service (FSB), and has been linked to at least 30 attacks on industry and government facilities since 2017. Since February of 2018, Turla is believed to have successfully carried out cyber espionage operations in 20 different countries. Most of the group’s targets are located in the Middle East, but it has also been connected to cyber espionage operations in the United States and the United Kingdom.

On Monday, officials from Britain’s Government Communications Headquarters (GCHQ) and America’s National Security Agency (NSA) said Turla had hijacked the attack infrastructure of an Iranian cyber espionage group. The group has been named by cyber security researchers as Advanced Persistent Threat (APT) 34, and is thought to carry out operations under the direction of the Iranian government.

The officials said there was no evidence that APT34 was aware that some of its operations had been taken over by Turla. Instead, Russian hackers stealthily hijacked APT34’s command-and-control systems and used its resources —including computers, servers and malicious codes— to attack targets without APT34’s knowledge. They also accessed the computer systems of APT34’s prior targets. In doing so, Turla hackers masqueraded as APT34 operatives, thus resorting to a practice that is commonly referred to as ‘fourth party collection’, according to British and American officials.

The purpose of Monday’s announcement was to raise awareness about state-sponsored computer hacking among industry and government leaders, said the officials. They also wanted to demonstrate the complexity of cyber attack attribution in today’s computer security landscape. However, “we want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them”, said Paul Chichester, a senior GCHQ official.

Author: Joseph Fitsanakis | Date: 22 October 2019 | Permalink

Iran abducts France-based dissident in ‘complex intelligence operation’

Ruhollah ZamIranian authorities have announced the capture of a Paris-based Iranian dissident, who was reportedly lured out of France and then abducted by Iranian agents in a third country. The kidnapped dissident is Ruhollah Zam, 46, son of  Mohammad-Ali Zam, a well-known reformist cleric who served in top Iranian government posts after the 1979 Islamic Revolution. But in 2009 the younger Zam distanced himself from this father and sided with the so-called Green Movement, whose leaders called for the toppling of the government in Tehran. Around that time, Zam was part of a group of Internet-savvy Iranians who launched AmadNews. The website’s stated purpose was “spreading awareness and seeking justice” in Iran, and it soon became the online voice of the Green Movement.

Zam was promptly arrested and jailed for urging Iranian protesters to topple the government. He was eventually released thanks to his father’s status and reputation. He quickly fled Iran and settled in France, from where he continued his online work through AmadNews and its successor, a website and Telegram channel called Seda-ye Mardom (Voice of the People). The Iranian government accuses Zam of inciting violence against the state and claim that his online agitation is funded by the intelligence services of countries like France, Israel and the United States.

On October 15, Iran’s state-owned media network aired a video showing a bound and blindfolded Zam surrounded by armed officers of the Islamic Revolutionary Guard Corps (IRGC). The Iranian government announced that Zam had been captured following a “complicated intelligence operation” using “modern intelligence methods and innovative tactics” to lure Zam out of France and into the hands of the IRGC. It eventually emerged that Zam had flown from France to Jordan on October 11, and from there to Baghdad, Iraq, on October 12. He appeared to be under the impression that he would travel to the Iraqi city of Najaf in order to meet Ali al-Sistani, arguably the most senior Shiite cleric in Iraq.

In the same video, Zam is shown sitting in an armchair next to an Iranian flag, making a statement. He calmly looks at the camera and says that he “fully regrets” his actions directed against Iran. He then says that he made the mistake of entrusting his security to the intelligence services of France. Finally, he warns other dissidents who are involved in agitation against the Iranian state to not trust foreign governments. He names the latter as “the United States, Israel, Saudi Arabia and Turkey”. Iranian officials have not responded to questions about Zam’s current status and fate.

Author: Joseph Fitsanakis | Date: 21 October 2019 | Permalink

US and Saudi Arabia ‘suffered intelligence blackout’ during Iran drone strikes: sources

Saudi AramcoSaudi Arabia and the United States suffered “a total and embarrassing [intelligence] failure” in the lead-up to the drone strikes that shut down half of the kingdom’s oil production last month, according to Israeli sources. In the early hours of September 14, missiles struck two refineries belonging to the world’s largest crude oil processing facility in eastern Saudi Arabia. The facilities, which belong to Aramco, Saudi Arabia’s government-owned oil conglomerate, were forced to cease operation so that repairs could be carried out. This drastically reduced Saudi Arabia’s oil production by close to 50 percent, which amounted to a 5 percent drop in global oil production. By Monday morning, global oil prices had seen their most significant one-day surge since the 1991 Gulf War.

Soon after the attacks, Saudi and American officials accused Iran of having launched the missile strikes. But according to Breaking Defense, Riyadh and Washington suffered “a total and embarrassing [intelligence] failure” in the hours prior to and following the attacks. The US-based website cited a number of anonymous Israeli sources, who said that officials in Tel Aviv were surprised by the lack of intelligence in the US and Saudi Arabia about the missile strikes. The Israelis told Breaking Defense that Saudi intelligence agencies “had no idea Iran was planning to attack the kingdom’s oil facilities […]. It seems that the Americans were also in the dark [or that possibly] Washington […] did not share the data in time with the Saudis”, they added.

The above information was allegedly discussed at an emergency meeting of the Israeli defense cabinet on October 6, which included a briefing on the attacks by the Mossad, Israel’s main external intelligence agency. According to the Israeli sources, Mossad officials were quickly able state with high confidence that the missiles had been launched from military bases in southeast Iran or by Iranian militias in Iraq. It was only following an examination of missile fragments that Saudi and American intelligence officers were able to point the finger at Iran, according to Aahron Ze’evi Farkash, former director of the Israeli Military Intelligence Directorate.

Breaking Defense also said that Israeli intelligence analysts were impressed by the precision of the weapons systems used in the Iranian strikes. Additionally, the specific targets of the attacks were selected with the help of “very accurate intelligence”, said the Israeli sources.

Author: Joseph Fitsanakis | Date: 11 October 2019 | Permalink

Iran arrests Russian journalist for espionage in rare spat with key ally Moscow

Yulia YuzikIn a surprising move last week, Iranian authorities arrested a Russian journalist and expert on the Caucasus region, whom they accused of spying for Israel. They later agreed to release her following significant diplomatic pressure from Russia. But the move surprised observers, because Iran rarely acts in ways that have the potential to damage its close relations with Moscow.

The journalist in question is Yulia Yuzik, a 38-year-old reporter with considerable expertise on Russia’s Caucasus region. Her articles on the security situation in the Caucasus have been published in several Russian and Western outlets, including Foreign Policy and GQ. She has also authored a number of books on Islamist militancy in the Russian Caucasus, which have been translated into several foreign languages, such as German, Italian and French.

In 2017, Yuzik spent several months in Iran while working on a number of stories. She returned to Russia before returning to Iran on September 29 of this year, reportedly “on a private trip”. Media reports stated that Yuzik intending to meet a number of Iranian journalists that she worked with back in 2017. However, upon landing at Iran’s Imam Khomeini International Airport, Yuzik had her passport confiscated without explanation, and was forced to enter the country without identity and travel documents. Then, last Thursday she was arrested at her hotel in downtown Tehran by members of the Iranian Revolutionary Guard Corps (IRGC), who apparently broke down the door of her hotel room before arresting her.

There were no news of Yuzik’s whereabouts until the following day, when staff at the Russian embassy in the Iranian capital were contacted by her family. Yuzik’s family said that the IRGC had charged her with collecting intelligence for the Mossad, Israel’s spy service. Russian media reports said that the accusations against Yuzik took Russian diplomats by the surprise, given that Yuzik has no apparent connection to Israel, nor does she have a travel visa to enter that country. She reportedly spent a few days there in 2004 while writing a story about the Israel Defense Forces for Russian newspaper Komsomolskaya Pravda.

Yuzik’s family told the Russian embassy that she had been scheduled to appear in a Tehran court on Saturday. The Russian embassy gave a press briefing to reporters on Friday, saying that the Russian Foreign Ministry had summoned the Iranian ambassador to Moscow to complain about Yuzik’s arrest. Then early on Saturday, Maria Zakharova, a spokeswoman for the Russian Foreign Ministry in Moscow, announced that Yuzik would be released soon and would be allowed to return home to Russia.

The incident has surprised observers, because Russia is one of Iran’s closest international allies. It is therefore highly unusual for Tehran to take any action that might potentially provoke Moscow or otherwise damage its diplomatic relations with the Kremlin.

Author: Joseph Fitsanakis | Date: 07 October 2019 | Permalink

Opinion: Saudi Arabia will not go to war with Iran, but it may pay others to do so

Saudi AramcoEver since a barrage of drone and missile attacks struck Saudi Arabia on September 14, many have wondered whether the oil kingdom will go to war with Iran. Riyadh has directly accused the Islamic Republic of being behind the attacks. But the speculation about a possible war is baffling, argues Nesrine Malik in a well-argued article published last Sunday in Britain’s Guardian newspaper. Saudi Arabia does not “go to war”, she says —it pays others to do so on its behalf.

The war in Yemen is a perfect example, argues Malik. Even though the Saudi monarchy is leading the foreign military involvement in that war, Saudi Arabia is supplying almost no ground troops in that war. There are only Saudi commanders who are managing groups of mercenaries from Morocco, Jordan and Egypt. A large portion of the Saudi-led force consists of Sudanese child soldiers, whose families are paid handsomely for supplying the oil kingdom’s force in Yemen with what Malik describes as “cannon fodder”. The Saudi commanders communicate their battle orders to their hired troops via satellite phones and use unmanned drones and high-flying planes to attack the predominantly Shiite Houthi rebels. That largely explains the high civilian toll in that war.

Meanwhile, the United States government announced last week that it will be sending several hundred troops to the oil kingdom and will be beefing up its air defense systems. But Malik wonders why it is that Saudi Arabia, which has been the world’s largest weapons importer since 2014, and whose 2018 arms purchases accounted for 12 percent of global defense spending last year, requires the presence of American troops on its soil for its protection. The answer is simple, she says: the Saudi regime purchases weapons, not to use them, but to make Wester defense industries dependent on its purchasing power. In other words, the Saudi monarchy buys Western weapons for political reasons. These purchases enable it to get away with its abysmal human-rights record at home, as well as its kidnappings and assassinations abroad.

In the meantime, says Malik, if Saudi Arabia goes to war against Iran, it will do so the way it always does: it will hire proxies —including the United States— to fight on its behalf.

Author: Joseph Fitsanakis | Date: 25 September 2019 | Permalink

Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

AIVD HollandAn Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink