Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

AIVD HollandAn Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink

Advertisements

Trump’s photo tweet gave away US secrets, say experts

Satellite reconnaissanceA tweet by United States President Donald Trump may have compromised secrets about America’s reconnaissance satellite capabilities, according to experts who analyzed it over the weekend. The American president posted a message about Iran’s space program on his personal Twitter account on Saturday, August 30. The message read: “The United States of America was not involved in the catastrophic accident during final launch preparations for the Safir SLV Launch at Semnan Launch Site One in Iran. I wish Iran best wishes and good luck in determining what happened at Site One”.

Trump was referring to an apparent rocket launch failure that happened on Friday, August 29, at the Semnan Space Center in northern Iran. The suspected rocket failure caused significant damage to Semnan’s Site One launching pad, some of which appears to have burned down. It is thought to be the second such incident in Iran and it must be a source of frustration for Tehran, which has been trying to place a new satellite in orbit for almost a year now. Washington and other countries have criticized Tehran’s space program, saying it is a disguised missile program that could potentially be used to launch a nuclear bomb.

Along with his written message, the US president tweeted an aerial photograph showing the damage at the Semnan Space Center. Some have since claimed that the photograph, which Trump appears to have taken from a printed document given to him by a US spy agency, offers “an unprecedented example of US spy satellites at work” and inadvertently reveals some of America’s most closely guarded satellite capabilities. Experts say they have been able to determine that the photograph was taken by a satellite, rather than a surveillance aircraft or unmanned drone. Some say they have even been able to pinpoint the exact satellite that was used to generate the image, by analyzing the angle of the photograph. It is believed that it was taken by USA 224, which is one of America’s top-secret optical reconnaissance satellites.

More importantly, the US president’s tweet may have provided Washington’s adversaries with an example of the precise power of America’s reconnaissance satellites. Their exact surveillance capabilities are a closely held secret that is known by specialists at the National Reconnaissance Office and the National Geospatial Intelligence Agency, two of America’s most obscure intelligence agencies. It has long been speculated that the images captured by American spy satellites far surpass the 25 centimeter resolution that is available to commercial satellite services. A number of experts have suggested that the photograph tweeted by Trump displays a resolution that “is amazingly high” and must be “at least 10 centimeters, if not better”. One specialist juxtaposed the image tweeted by the US president next to an image of the same launch site taken with a commercial satellite. The difference is indeed remarkable. One expert told the NBC news network that Trump’s “utterly careless” tweet would “have global repercussions”.

Last year Nada Bakos, who spent 20 years in the Central Intelligence Agency, wrote an editorial in The Washington Post in which she warned that foreign intelligence agencies were paying close attention to the US president’s tweets. Bakos argued that President Trump’s “Twitter feed is a gold mine for every foreign intelligence agency”. She added that, throughout her CIA career, she and her team “never had such a rich source of raw intelligence about a world leader, and we certainly never had the opportunity that our adversaries (and our allies) have now”, because of Trump’s social media presence.

Author: Joseph Fitsanakis | Date: 02 September 2019 | Permalink

US offensive cyber campaign disabled Iran’s strike capabilities, say sources

IRGC IranThe Iranian Revolutionary Guard Corps (IRGC) is still recovering from the damage it suffered by an offensive American cyber campaign against it that took place in June, according to sources. The attack allegedly degraded the IRGC’s ability to strike at oil tankers and other ships in the Persian Gulf. The New York Times said on Thursday that the cyber attack took place on June 20, hours after United States President Donald Trump called off airstrikes on Iran. The White House had considered launching the airstrikes in retaliation against the downing of an American surveillance drone by Iranian forces and their alleged use of limpet mines against commercial oil tankers by the IRGC the previous month.

The paper did not reveal details of the cyber campaign, but said it did not target any part of Iran’s missile or other defense programs. Its mission was to degrade the covert strike capabilities of the IRGC, which operates in a paramilitary capacity and is not supervised by the military. Washington blamed the IRGC for the limpet mine attacks against oil tankers, and expressed concerns that they would continue. The cyber attack corrupted the computer databases and communications networks that the IRGC uses to co-ordinate covert operations at sea, and resulted in the temporary cessation of IRGC attacks on oil tankers, said The Times.

The June 20 cyber attacks were not meant to be permanent but their effects have endured much longer than was expected, according to the paper. It cited claims by anonymous senior American officials that the IRGC is “still trying to repair critical communications systems and has not recovered the data lost in the attack”. It is also worth noting that, according to US sources, Iran did not escalate its own cyber attacks against Western targets in retaliation to the American cyber campaign against the IRGC.

However, according to The Times, some American officials have expressed doubts about the wisdom and long-term impact of the cyber operation. They claim that the cyber attack gave the Iranians the opportunity to collect valuable information about US cyber capabilities. It also allowed them to detect and fix their vulnerabilities so that they are now better able to defend against future cyber attacks. Lastly, the attacks neutralized IRGC communications networks, which the US had penetrated and was collecting vital intelligence from, they argue.

Author: Joseph Fitsanakis | Date: 30 August 2019 | Permalink

Security official confirms ‘unprecedented’ anti-corruption campaign in Iran’s judiciary

Ebrahim RaeesiA senior Iranian intelligence official has confirmed widespread rumors that an unprecedented anti-corruption campaign is taking place at the top echelons of Iran’s all-powerful judiciary, with some senior figures already in prison. The Iranian judiciary is one of the most powerful and secretive institutions in the Islamic Republic. It is nominally supervised by the Iranian Justice Ministry, but its senior officials, including the chief justice (the head of the judiciary), are appointed directly by Iran’s Supreme Leader Ali Khamenei. It follows that the judiciary has been a deeply conservative institution throughout the country’s existence, and especially after the 1979 Islamic Revolution.

Until earlier this year, the judiciary was headed by Ayatollah Sadeq Amoli Larijani, a protégé of Khamenei, who named him chief justice in August of 2009. Throughout Larijani’s decade-long tenure, there were rumors of rampant corruption in the judiciary, but Khamenei never seemed to intervene. However, in March of this year Larijani was suddenly removed from his position and replaced with Ebrahim Raeesi (pictured), a conservative former attorney general with middle-to-low-rank clerical credentials. Almost as soon as he took charge of the judiciary, Raeesi announced a sweeping anti-corruption campaign. In July, rumors began to circulate in the media that Iran’s Deputy Chief Justice, Akbar Tabari, had been arrested.

On Wednesday, Ali Abdollahi, head of the judiciary’s intelligence and security wing, said during a speech that Tabari had indeed been imprisoned for “exerting influence on some legal cases” and “having unlawful and unethical relationships”. He added that a number of other members of the judiciary had been placed under arrest in connection with the investigation on Tabari. On Thursday, Abdollahi said that the arrests had taken place under the direction of Supreme Leader Khamenei and that they would continue both inside and outside the judiciary. There would be “no delay in cleansing the inside and outside of the judiciary”, said Abdollahi. Raeesi and Khamenei have not made any public comments. But observers now believe that the unprecedented wave of arrests would never have reached the upper levels of the judiciary unless the supreme leader had personally given the anti-corruption campaign the green light.

Author: Joseph Fitsanakis | Date: 16 August 2019 | Permalink

Analysis: Iran’s energy sector is now a high-stakes espionage target

Iran Petroleum Oil MinistryThe state-owned energy sector of Iran, one of the world’s most lucrative, has become a major target of international espionage since the imposition of new sanctions by the United States this year. The purpose of Washington’s sanctions is to limit the Islamic Republic’s ability to export energy, and by doing so end the country’s reliance on its primary source of income. It is estimated that Tehran’s energy exports have fallen by about 80 percent during the past year, and may continue to fall if the US has its way. This means that American and Iranian intelligence agencies are currently engaged in an intense war of espionage that concentrates on what remains of Iran’s oil exports. Iran continues to entice international buyers by selling energy at below-market prices, while sales are facilitated through the use of throwaway bank accounts that are difficult to trace. Exports are then carefully smuggled into overseas destinations through a variety of means.

In an article published last week, The New York Times’ Farnaz Fassihi explains that every snippet of information about Iran’s oil industry has now become “a prized geopolitical weapon” in a “a high-stakes global game of espionage and counterespionage”. Fassihi quotes a recent statement by Iran’s Minister of Petroleum Bijan Zanganeh that “information about Iran’s oil exports is war information”. That includes information on how Iran manages to deliver its exports abroad and how it gets paid for doing so. Once the US tightened its sanctions on Tehran, Iranian energy officials began to suspect that most inquiries to purchase oil were from foreign spies in search of information on the methods of transaction, writes Fassihi. So the Ministry of Petroleum stopped allowing thousands of freelance energy brokers to mediate between it and buyers. It proceeded to concentrate all transactions into the hands of fewer than five vetted individuals with prior tenure in the Iranian Revolutionary Guards Corps and other vetted government agencies. It also began to train Ministry officials on security and counterespionage protocols.

When the Iranians made it difficult to access information through the Ministry of Petroleum, foreign spy agencies changed their tactics, writes Fassihi. They used foreign academic researchers, including PhD students, who offered payments in hard cash for information on Iranian oil export methods that would help them in their research. Others descended on Tehran offering visas to the US, alcohol, prostitutes, and cash payments ranging from $100,000 to over $1 million in exchange for intelligence on the Iranian energy export sector. There is an atmosphere of paranoia in the Iranian capital, writes Fassihi, and the process of purchasing oil from Iran resembles a Hollywood spy thriller. Representatives of foreign buyers are asked to come to Tehran in person and are regularly required to switch hotels in the middle of the night. Additionally, once a transaction is agreed upon, the buyer’s representative is required to stay at a Petroleum Ministry safe house until the funds are transferred into Iranian government coffers. After that, the representative is allowed to leave, writes Fassihi.

Author: Joseph Fitsanakis | Date: 13 August 2019 | Permalink

Analysis: Did the US Central Intelligence Agency lose 17 spies in Iran?

US embassy IranIf the announcements from Tehran are to be believed, the United States Central Intelligence Agency lost at least 17 spies in Iran in the months leading up to March 2019. According to Iran’s Ministry of Intelligence, the Islamic Republic busted an alleged “CIA network” operating in sensitive private sector companies and government agencies that relate to defense, aerospace and energy. At least some of the 17 alleged spies have reportedly been sentenced to death, though their exact number remains unknown.

Officials in Tehran said on Sunday that all of the purported spies are Iranian nationals and were lured by the CIA with promises of receiving visas to enter America. Others were already in possession of visas and were “blackmailed” to spy for the US in order to have them renewed by the US Department of State, according to Iranian media reports. Visa applicants were allegedly carefully selected based on their work in critical areas such as Iran’s nuclear program or defense procurement.

A government-sanctioned documentary, which aired on Iran’s state owned television on Monday, claimed that the 17 spies did not know each other, but all had been trained independently in clandestine tradecraft. This allegedly included setting up and using secret communications systems, as well as carrying out dead drops without being detected. Dead drops utilized containersQ Quote made to look like rocks, which were located “in parks and other mountainous areas” in Iran and elsewhere in the Middle East, according to Iranian officials. Some of the assets communicated with their handlers while attending science conferences through- out Europe, Africa and Asia.

The Iranian television documentary claimed that the 17 arrests had “dealt a lethal blow to US foreign intelligence”. But US President Donald Trump said in a tweet that Tehran’s allegations were “totally false” and contained “zero truth”, just “more lies and propaganda” from Tehran.

Who is right? To begin with, there is no question that the CIA recruits heavily in Iran, given that the Islamic Republic is one of America’s —indeed the world’s— primary intelligence targets. What is more, since 1979, when Washington lost its embassy in Iran, the CIA have found it more difficult to collect accurate information from inside the energy-rich country. Therefore, the need for dependable assets inside Iran has increased exponentially, and has become even more pressing now, given the importance placed on Iran by Donald Trump. Additionally, Read more of this post

Mossad chief sees historic shift of alliances as Arab states side with Israel against Iran

Yossi CohenIn a rare public appearance, the director of the Mossad spy agency said that the Middle East is witnessing a historic shift of alliances as many Arab states are forming tacit pacts with Israel against Iran and its proxies. Yosef “Yossi” Cohen spoke on Monday morning at the Herzliya Conference, a security-themed event organized by the Interdisciplinary Center, a university in Herzliya, just north of Tel Aviv.

In his 40-minute speech Cohen said that the Mossad had identified the present time as “a rare opportunity —perhaps the first in the history of the Middle East— to reach a regional understanding that would lead to an inclusive regional peace agreement” between Israel and most of the Arab states. He justified his reasoning by claiming that many Arab states are siding with Israel to pursue “common interests [such as] the fight against rivals like Iran and jihadist terrorism”. This historic shift in alliances is happening as Israel is enjoying “close relations with the White House” and keeping open “channels of communication with the Kremlin”, said the spy chief. These factors “combine to create what might be a one-time window of opportunity” for Israel to form a strategic alliance with the majority of its Arab neighbors, said Cohen.

The Mossad chief went on to allege that the Iranian Revolutionary Guard Corps (IRGC) were behind the recent bombings of commercial oil tankers in the Persian Gulf. He told the conference that he could “say with certainty that Iran was behind these attacks” and that they were “approved by the Iranian leadership and carried out by the [IRGC]”. Cohen cited “the best sources of Israeli and Western intelligence” but did not provide specific evidence to support his allegation, which Iran denies. Later in his speech, Cohen said that the IRGC and Iranian intelligence agencies had carried out assassinations throughout Europe and had discussed further plans to attack Jewish and Israeli targets in Denmark, Azerbaijan and the North America. “And that is only the tip of the iceberg”, said Cohen, and went on to claim that the IRGC had set up a network of 300 agents in the African continent and was heavily present in Syria, mainly through its Lebanese proxy Hezbollah.

At the conclusion of his speech, the Mossad chief repeated prior warnings by Israeli officials that the Jewish state would never allow the development of an Iranian nuclear arsenal. “Mossad and the State of Israel have not signed the nuclear deal and will do all to ensure Iran will never possess a nuclear arsenal”, said Cohen.

Author: Joseph Fitsanakis | Date: 02 July 2019 | Permalink