CIA suffered ‘catastrophic’ compromise of its spy communication system

CIAThe United States Central Intelligence Agency suffered a “catastrophic” compromise of the system it uses to communicate with spies, which caused the death of “dozens of people around the world” according to sources. This is alleged in a major report published on Friday by Yahoo News, which cites “conversations with eleven former US intelligence and government officials directly familiar with the matter”. The report by the online news service describes the compromise of an Internet-based covert platform used by the CIA to facilitate the clandestine communication between CIA officers and their sources —known as agents or spies— around the world.

According to Yahoo News, the online communication system had been developed in the years after 9/11 by the US Intelligence Community for use in warzones in the Middle East and Central Asia. It was eventually adopted for extensive use by the CIA, which saw it as a practical method for exchanging sensitive information between CIA case officers and their assets in so-called ‘denied areas’. The term refers to regions of the world where face-to-face communication between CIA case officers and their assets is difficult and dangerous due to the presence of ultra-hostile intelligence services or non-state adversaries like the Taliban or al-Qaeda. However, it appears that the system was flawed: it was too elementary to withstand sustained scrutiny by Internet-savvy counterintelligence experts working for state actors like Iran, China or Russia.

In September of 2009, Washington made a series of impressively detailed revelations about the advanced status of Iran’s nuclear program. These angered Tehran, which redoubled its efforts to stop the US and others from acquiring intelligence information about the status of its nuclear program. Some sources told Yahoo News that one of the CIA assets inside Iran’s nuclear program was convinced by the Iranians to become a double spy. He proceeded to give Tehran crucial information about the CIA’s online communication system. Based on these initial clues, the Iranians allegedly used Google-based techniques “that one official described as rudimentary” to identify an entire network of CIA-maintained websites that were used to communicate with assets in Iran and elsewhere. The Iranians then kept tabs on these websites and located their users in order to gradually unravel an entire network of CIA agents inside their country. Around that time, Iranian media announced that the Islamic Republic’s counterintelligence agencies had broken up an extensive CIA spy ring consisting of more than 30 informants.

The Yahoo News report says that the CIA was able to successfully exfiltrate some of its assets from Iran before the authorities were able to apprehend them. The agency also had to recall a number of undercover officers, after they were identified by the Iranians. The effects of the compromise, however, persisted on a global scale, according to former US intelligence officials. In 2011 and 2012, another network of CIA spies was busted in China, leading to the arrest and execution of as many as three dozen assets working for the US. Many, says Yahoo News, believe that the Iranians coached the Chinese on how to use the CIA’s online communication system to identify clandestine methods and sources used by the agency.

Along with other specialist websites, IntelNews monitored these developments as they took place separately in Iran and China. However, the Yahoo News report is the first to piece together these seemingly disparate developments and suggest that they were likely triggered by the same root cause. What is more, the report suggests that the CIA had been warned about the potential shortcomings of its online communication system before 2009, when the first penetrations began to occur. In response to the compromise, the CIA has reportedly modified, and at times completely abandoned, its online communication system. However, the implications of the system’s compromise continue to “unwind worldwide” and the CIA is “still dealing with the fallout”, according to sources. The effects on the agency’s operational work are likely to persist for years, said Yahoo News.

Author: Joseph Fitsanakis | Date: 05 November 2018 | Permalink

Advertisements

Denmark recalls its envoy from Tehran, accuses Iran of assassination plot

Finn Borch AndersenThe Danish government has recalled its ambassador from Iran and has accused the intelligence services of the Islamic Republic of plotting an assassination operation on Danish soil. Danish government officials also said that Copenhagen would seek to impose further economic and diplomatic sanctions on Tehran, in coordination with the European Union. The accusations against Iran were leveled during an emergency news conference in the Danish capital on Tuesday, led by Anders Samuelsen, Denmark’s Minister of Foreign Affairs, and Finn Borch Andersen (pictured), Director of the Danish Security and Intelligence Service, known as PET.

The two men said that “an Iranian intelligence agency” had planned “an attack on Danish soil”, which  Defense Minister Samuelsen condemned as “completely unacceptable”. PET Director Andersen said that a Norwegian national of Iranian background had been arrested in Sweden on October 21, and was now in custody awaiting extradition to Denmark. The arrestee is an employee of Iranian intelligence, said Andersen, and had been observed conducting surveillance against a Danish-based leading member of an Iranian separatist group. The alleged target is a member of the Arab Struggle Movement for the Liberation of Ahvaz (ASMLA), a hardline separatist group campaigning for a separate homeland for Iran’s Arab minority. Approximately 2 percent of Iranians (around 1.5 million people) belong to the country’s ethnic Arab population. Most of them are concentrated in Khuzestan, a region in Iran’s oil-rich southwest, which borders neighboring Iraq. Some of these ethnic Arabs seek autonomy from Tehran, which they see as an alien regime. ASMLA represents the militant wing of Iran’s separatist Arab community and has a history of staging terrorist attacks inside Iran. Last September, the group claimed it was behind an armed attack on a military parade in the city of Ahvaz —a major urban center in Iran’s Arab-speaking region— which killed 24 people, including some women and children. Later, however, a representative of the group retracted the claim.

On Tuesday, several Iranian officials issued strong denials of the Danish government’s allegations. Speaking in Tehran, Iranian Foreign Ministry Spokesman Bahram Qassemi dismissed Denmark’s claims as “spiteful”. He added that the timing of reports linking Iran to assassination operations on European soil were suspect and described them as “a plot by [Iran’s] enemies to damage Tehran’s growing relations with European countries”. Earlier this month, France seized the financial assets of individuals whom it described as Iranian spies, after blaming Tehran for a foiled bomb attack in Paris. The move followed the arrest of six people in France, Germany and Belgium, who allegedly planned to bomb the annual conference of the National Council of Resistance of Iran (NCRI) last June. The NCRI is led by Mujahedin-e Khalq (MEK), a militant group with roots in radical Islam and Marxism, which Iran sees as a terrorist organization.

Author: Joseph Fitsanakis | Date: 31 October 2018 | Permalink

Iran has clandestine missile factories in Lebanon, claims Israel’s ex-spy chief

Amos YadlinThe government of Iran is smuggling parts for ballistic missiles to Lebanon, where they are secretly assembled in clandestine factories operated by the Shiite militant group Hezbollah, according to Israel’s former spy chief. For several months now, the international news agency Reuters has been claiming that Tehran has transported short-range ballistic missiles to secret bases controlled by pro-Iranian militias in Iraq. Iran’s move was aimed at “deterring attacks on [Iran’s] interests in the Middle East and to give it the means to it reginal foes”, said Reuters, citing “Iranian, Iraqi and Western sources”. Both Iran and Iraq denied the Reuters report.

In September, another report, citing “Western intelligence sources”, said that Iran had begun smuggling parts of short-range ballistic missiles to Hezbollah-controlled areas of Lebanon, using commercial flights. The report pointed to at least two flights that are suspected by Western intelligence agencies of having illegally transported precision weapon parts to Lebanon. Both flights were operated by Qeshm Fars Air, a company believed to be used by Iran’s Islamic Revolutionary Guard Corps (IRGC). Members of the IRGC, arguably the most loyal branch of the Iranian military, are selected on the basis of their ideological commitment to the defense of the 1979 Islamic Revolution. The two flights identified in the report departed from commercial and military airports in Tehran and landed in Lebanon after taking “uncharacteristic flight paths” through Syria, said Western intelligence sources.

On Sunday, Israel’s highest-circulation newspaper, Yedioth Ahronoth, carried an interview with the former director of the Jewish state’s Military Intelligence Directorate, Major General (ret.) Amos Yadlin. Yadlin, who also served as Israel’s military attaché in Washington, said that Iran used to hide ballistic missile parts in Syria, hoping to establish de facto missile bases there. However, Tehran’s plan suffered a major setback last May, said Yadlin, when Israel’s air force destroyed approximately 50 targets inside Syria, including —according to Yadlin— Iranian missile factories. Since then, he said, Tehran has been relocating its missile factories to Lebanon, believing that Israel will not attack its neighbor to the north. But Yadlin, who is a known supporter of left-of-center parties in Israel, and a proponent of the two-state solution to the Palestinian problem, argued that Israel should consider attacking Iran’s military factories in Lebanon. The Jewish state faces two choices, said Yadlin: “to strike [Lebanon], not necessarily by air”, or to allow Hezbollah to acquire precision missiles. “Israel will not accept this change”, he added.

Author: Joseph Fitsanakis | Date: 22 October 2018 | Permalink

Suicide bomb threat reportedly leads to evacuation of Iranian envoy to Turkey

Iran embassy in AnkaraThere were conflicting reports yesterday in Ankara of an alleged evacuation of Iran’s ambassador to Turkey, following credible reports of a suicide bomb attack, possibly by the Islamic State. Several Turkish media outlets reported on Monday afternoon that authorities in Ankara had communicated an urgent intelligence warning to the Iranian embassy there of a possible suicide bomb attack. According to the reports, members of the Sunni militant group Islamic State of Iraq and Syria (ISIS) were behind the planned attack.

At 2 pm local time, reports stated that Iran’s ambassador to Turkey, Mohammad Ebrahim Taherian Fard, had been hurriedly evacuated from the Iranian embassy by Turkish security forces. By that time, all roads leading to the Iranian embassy, located next to the Ankara Hilton in one of the Turkish capital’s leafiest areas, had been cordoned off. Reporters from the Reuters news agency and Agence France Presse said that Turkish police and special forces had shut down Tahran Road, where the Iranian embassy is located, and were searching cars. Armed security forces had also surrounded the Iranian embassy, according to Reuters.

Strangely, however, reports of a possible bomb attack and of the ambassador’s evacuation were strongly refuted by the Iranian government, which denounced them as “sheer lies” and “complete fabrications”. In a statement published online on Monday afternoon, Iran’s Ministry of Foreign Affairs said that its diplomats in Ankara had noticed “an increased Turkish security presence” around the Iranian embassy. However, they continued working normally, as they were unaware of the reasons for the heightened security. They assumed that Turkish President Recep Tayyip Erdoğan was appearing nearby, said the statement. A statement by the Iranian embassy in Ankara said that consular employees were present at the embassy and that all scheduled services were being offered without interruption.

In the past month, the embassies of Iran in Paris and Athens have come under attack by Kurdish separatists and leftwing groups protesting against Tehran’s alleged oppression of ethnic minorities in the country. In the past, the Islamic Republic has been rarely targeted by ISIS, whose members dismiss Shiite Islam as a heresy. In June 2017, two attacks were carried out simultaneously in Tehran, targeting the Iranian parliament and the Mausoleum of Ruhollah Khomeini, founder of post-1979 Iran. In September of this year, ISIS claimed responsibility for an attack in Iran’s southwestern city of Ahvaz, which killed 25 soldiers and civilians during a military parade.

Author: Joseph Fitsanakis | Date: 16 October 2018 | Permalink

France freezes assets of Iranian spies in response to foiled terror attack in Paris

French Ministry for the EconomyFrance has seized the financial assets of two Iranian spies and frozen all assets belonging to the Iranian Ministry of Intelligence, in response to a foiled bomb attack in Paris, which the French government has blamed on Tehran. The alleged bomb attack was uncovered on June 30 of this year, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria, while another Iranian man was arrested by authorities in France, reportedly in connection with the three other arrests.

All four individuals were charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a militant group with roots in radical Islam and Marxism. The MEK was designated as a terrorist group by the European Union and the United States until 2009 and 2012 respectively. But it has since been reinstated in both Brussels and Washington, reportedly because it provides the West with a vehicle to subvert the Iranian government. France, Germany and Belgium allege that the aborted bombing plot was an attempt by Iran to disrupt the close relations between the MEK and Western governments.

On Tuesday, Paris announced the seizure of assets of two of the men who were arrested in June and July. One is an accredited Iranian diplomat identified as Assadollah Asadi, who is believed to be an official-cover intelligence officer. The other man is Saeid Hashemi Moghadam, who was arrested by French authorities. He is believed to be an Iranian sleeper agent. All assets belonging to the Islamic Republic’s Ministry of Intelligence were also been frozen, effective immediately, it was announced. In a joint statement, the French ministers of foreign affairs, economics and the interior said that the move reflected the France’s “commitment to fight terrorism, in all its manifestations […], especially on its territory”. The statement added that “the extremely heinous act envisaged on our territory could not go without a response”.

The Iranian government has denied all connection to the alleged plot in Paris and has dismissed the incident a “false flag” operation staged by MEK in cooperation with Tehran’s “enemies at home and abroad”.

Author: Joseph Fitsanakis | Date: 04 October 2018 | Permalink

Iran spied on ISIS supporters through fake phone wallpaper app, say researchers

Cell Phone - IASupporters of the Islamic State, most of them Persian speakers, were spied on by the government of Iran after they downloaded a fake smartphone application with wallpaper images, according to an online security firm. Iran is a major adversary of the radical Sunni group Islamic State. The latter considers Shiism (Iran’s state religion) as an abomination. Not surprisingly, therefore, the Islamic State, which is also known as the Islamic State of Iraq and Syria (ISIS), relies largely on supporters from the Arabic-speaking regions of the Levant. But according to estimates, Sunnis constitute about 10 percent of Iran’s population, and ISIS has found some fertile ground among Iran’s 8 million-strong Sunni minority. As a result, the government in Tehran is highly mistrustful of Iranian Sunnis, many of whom are ethnic Kurds, Baluchis, Azeris or Turkomans, and systematically spies on them.

According to the Israeli online security firm Check Point Software Technologies, one way in which Tehran has spied on Persian-speaking ISIS supporters is through fake smartphone applications. In an article published last week, the company said it had uncovered a state-sponsored surveillance operation that it had codenamed “Domestic Kitten”. The Check Point article said that the operation had gone on for more than two years, but had remained undetected “due to the artful deception of its attackers towards their targets”. The surveillance of targeted phones was carried out with the help of an application that featured pro-ISIS-themed wallpapers, which users could download on their devices. Yet another program linked to the same vendor was a fake version of the Firat News Agency mobile phone application. The Firat News Agency is a legitimate Iranian information service featuring news about Iran’s Kurdish minority. But both applications were in fact malware that gave a remote party full access to all text messages sent or received on the compromised phones. They also gave a remote party access to records of phone calls, Internet browser activity and bookmarks, and all files stored on the compromised phones. Additionally, the fake applications gave away the geo-location of compromised devices, and used their built-in cameras and microphones as surveillance devices.

Check Point said that the majority of compromised phones belonged to Persian-speaking members of Iran’s Kurdish and Turkoman minorities. The company stressed that it was not able to confirm the identity of the sponsoring party with absolute accuracy. However, the nature of the fake applications, the infrastructure of the surveillance operation, as well as the identities of those targeted, posed a strong possibility that “Domestic Kitten” was sponsored by the government of Iran, it concluded. Last July, the American cyber security firm Symantec said that it had uncovered a new cyber espionage group called “Leafminer”, which was allegedly sponsored by the Iranian state. The group had reportedly launched attacks on more than 800 agencies and organizations in in countries such as Israel, Egypt, Bahrain, Qatar, Kuwait, the United Arab Emirates, Afghanistan and Azerbaijan.

Author: Ian Allen | Date: 14 September 2018 | Permalink

US announces arrest of two men charged with spying for Iran

Mujahedin-e KhalqAuthorities in the United States have announced the arrests of two men who have been charged with spying on American soil on behalf of the Islamic Republic of Iran. The men were reportedly arrested on August 9, but information about them was only released on Monday by the US Department of Justice. In a press statement published online, John Demers, US Assistant Attorney General for National Security, said the men were arrested because of concerns that they “acted on behalf of Iran”. They were identified as Ahmadreza Mohammadi Doostdar, 38, and Majid Ghorbani, 59. Doostdar is reportedly a dual citizen of the US and Iran, while Ghorbani is an Iranian citizen who lives in the US state of California. The two men are not believed to be diplomats.

According to the US government, the men were observed “conducting surveillance of political opponents and engaging in other activities that could put Americans at risk”. The press statement alleges that Doostdar carried out surveillance of a Jewish center in Chicago, while Ghorbani attended meetings and rallies organized by Iranian opposition groups operating in the US. The press release identifies one such group as the Mujahideen-e Khalq (MEK), a militant faction that has roots in radical Islam and Marxism. Between 1970 and 1976, the group assassinated six American officials in Iran and in 1970 tried to kill the United States ambassador to the country. It initially supported the Islamic Revolution of 1979, but later withdrew its support, accusing the government of Ayatollah Khomeini of “fascism”. It continued its operations in exile, mainly from Iraq, where its armed members were trained by the Palestine Liberation Organization and other Arab leftist groups. Until 2009, the European Union and the US officially considered the MEK a terrorist organization. But the group’s sworn hatred against the government in Iran brought it close to Washington after the 2003 US invasion of Iraq. By 2006, the US military was openly collaborating with MEK forces in Iraq, and in 2012 the group was dropped from the US Department of State’s list of foreign terrorist organizations. Today the group enjoys open protection from the EU and the US.

On June 30 of this year, authorities in Belgium arrested a married Belgian couple of Iranian descent, who were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria, while a fourth person was arrested by authorities in France, reportedly in connection with the three other arrests. All four individuals were charged with having planned a foiled plot to bomb the annual conference of the MEK-affiliated National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris, France. It is not known whether the arrests in Europe are in any way connected with the cases of the two men held in the US.