News you may have missed #903

Israel Lebanon borderState-level espionage on EU a ‘very high threat’ says report. The most successful attempts of espionage at a top EU institution are state sponsored, according to an internal document produced by a subcommittee of the European Council, which is composed of heads of state or government of all European Union member-states. The restricted document presents an analysis of threats to the security of information at the General Secretariat of the Council.
Man shot after crossing into Israel, apparently to spy, returned to Lebanon. A Syrian national who was shot after he crossed the border into Israel from Lebanon last month, apparently to perform reconnaissance for Hezbollah, was sent back to Lebanon on Tuesday, the Israel Defense Forces said. According to the IDF, the International Red Cross transported him back to Lebanon through the rarely used Rosh Hanikra border crossing.
As virus toll preoccupies US, rivals test limits of American power. The coronavirus may have changed almost everything, but it did not change this: global challenges to the United States spin ahead, with America’s adversaries testing the limits and seeing what gains they can make with minimal pushback. A New York Times analysis claims that COVID-19 has not created a new reality as much as it has widened divisions that existed before the pandemic. And with the United States looking inward, preoccupied by the fear of more viral waves, unemployment soaring over 20% and nationwide protests ignited by deadly police brutality, its competitors are moving to fill the vacuum, and quickly.

In a surprise move, Iran releases Washington resident accused of espionage

Nizar ZakkaIran has announced that it will release a Lebanese national and United States permanent resident, who has served nearly half of his 10-year prison sentence for allegedly spying for Washington. Nizar Zakka, 52, was born in Lebanon but was schooled in the US, where he lived permanently until 2015. In September of that year, Zakka traveled to the Iranian capital Tehran at the invitation of the government of Iran, where he spoke at a conference on Internet-based entrepreneurship. He attended the event as an information technology expert who worked for companies like Cisco and Microsoft before setting up his own company called IJMA3. Based in Washington, DC, IJMA3 lobbies investors to help build online networks in the Middle East in order to develop the region economically, socially and politically.

But on September 18, 2015, as Zakka was traveling to the Imam Khomeini International Airport in Tehran for his return flight, he was detained by Iranian security officers and never made it out of the country. A year later, he was convicted of spying for the US and sentenced to 10 years in prison. The court also handed him a $4.2 million fine, allegedly for “collaborating with a government that was hostile to Iran”. Iran’s state-run media said Zakka was a “treasure trove” of intelligence on the American military. But the Lebanese IT expert denied all charges leveled against him. He said he was tortured during his interrogation and he went on frequent hunger strikes to protest his innocence and the conditions of his detention. Throughout his imprisonment, the Lebanese government pressured Iran for his release. The US also raised the issue through Congress and the Department of State. But Washington’s ability to influence Iran was limited, as it does not have diplomatic relations with Tehran.

On Tuesday, however, Lebanon’s Ministry of Foreign Affairs said it had received word from Iran’s ambassador to Lebanon that Zakka would be released soon. The Iranians reportedly said they decided to release Zakka following personal interventions by Lebanon’s Prime Minister Saad Hariri and the country’s President Michel Aoun. Additionally, said the Iranian ambassador, Zakka would be released as “a goodwill gesture” during Eid al-Fitr, a Muslim holiday that marks the end of Ramadan, the Islamic holy month of fasting. The statement added that Iran’s President Hassan Rouhani was “ready to receive a Lebanese delegation at any time for the extradition of the Lebanese prisoner Nizar Zakka”.

Author: Ian Allen | Date: 05 June 2019 | Permalink

Key Hezbollah financier arrested in Brazil after years on the run

Assad Ahmad BarakatBrazilian police have announced the arrest of Assad Ahmad Barakat, a Lebanese national who is believed to be one of the most prolific international financiers for the Shiite group Hezbollah. Barakat was born in Lebanon but fled to Paraguay in the mid-1980s in the midst of Lebanon’s brutal civil war. He began an import-export business and eventually acquired Paraguayan citizenship. He gradually built a small business empire in Paraguay, which included engineering and construction, as well as transportation firms. Throughout that time, however, Barakat maintained strong connections with Hezbollah, the paramilitary group that has a strong following among Lebanon’s large Shiite Muslim community.

By the mid-1990s, Barakat was one of Hezbollah’s most active representatives in the Americas and operated as the Shiite group’s head of paramilitary and fundraising activities in South America. It is believed that he used his Paraguayan passport to travel to Iran and Lebanon for meetings with Hezbollah’s leadership at least once a year. In 2001, following pressure from the United States, Paraguay charged Barakat in absentia with money-laundering. He was eventually caught in Brazil in 2002 and extradited to Paraguay, where he was tried and sentenced to six years in prison. Upon his release in 2008, Barakat returned to his role as Hezbollah’s fundraiser. Using fake passports, he traveled frequently to Brazil, Chile, Argentina, and other Latin American countries, despite having been described by the US government as “one of the most prominent and influential members of the [Hezbollah] terrorist organization”. He was wanted in Paraguay for identity theft and in Argentina for laundering in excess of $10 million in casinos in the north of the country.

Last Friday, the Brazilian Federal Police announced that Barakat had been arrested in the city of Foz do Iguaçu, which is adjacent to the Paraguayan and Argentinian borders. The city of 250,000 is the largest urban center of the so-called Tri-Border tropical region, known for its tropical climate, spectacular mountain views and casinos. Aside from being a year-round tourism center, the area is a known as a hotbed of money-laundering, forged currency smuggling and drug-trafficking activity. It is now known whether Barakat will face charges in Brazil or whether he will be extradited to Paraguay or Argentina.

Author: Joseph Fitsanakis | Date: 25 September 2018 | Permalink

Lebanese media accuses Mossad of assassination attempt in Sidon

Mohammad HamdanMedia reports from Lebanon claim that Israel was behind a bomb explosion that injured an official of the Palestinian group Hamas in the southern Lebanese city of Sidon eight days ago. The official, Mohammad Abu Hamza Hamdan, who is originally from the Gaza Strip, suffered light wounds when his parked car blew up on January 14. Television footage posted online by Lebanon24 from the site of the alleged attack shows smoke coming out of a white BMW car, parked on the courtyard of Hamdan’s home. Reporters at the site said the car belonged to Hamdan and that it had been booby-trapped by unknown assailants. Hamdan was reportedly transported to a nearby hospital, where he received treatment for light wounds.

Reports quoted Lebanese officials who pointed to the fact that the booby-trapped car was parked inside the enclosed courtyard of Hamdan’s home as evidence that the attack was specifically targeted at Hamdan. Others said that the attackers may have originally planned to kill Hamdan’s brother, Osama Hamdan, also from the Gaza Strip, who has served as Hamas’ Lebanon representative for 30 years. Now a new article published by Lebanon’s Al Akhbar newspaper has accused Israel’s Mossad intelligence agency of having orchestrated the assassination attempt. The paper also said that Lebanese security officials had managed to identify the Mossad operatives that carried out the attack. It said they were headed by Ahmed Battiya, a Dutch-born Lebanese man who was recruited by the Mossad in Holland and has participated in prior assassination operations perpetrated by the Israeli spy agency. Al Akhbar said that Battiya had traveled extensively inside Lebanon on behalf of the Mossad, in order to identify Hamas officials and track their movements. The article was published hours after Hassan Nasrallah, leader of the Shiite paramilitary group Hezbollah, also accused Israel of attempting to kill Hamdan.

In Israel, however, government officials appeared to reject claims that the Mossad was behind the attack on Hamdan. The country’s Minister of Defense, Avigdor Liberman, told reporters that the Lebanese media blames Israel for everything that happens in Lebanon, and warned Hamas not to open a “new front against Israel from Lebanon”. Yisrael Katz, Israel’s Minister for Intelligence, said that, if Israel had been involved in the attack against Hamdan, “this wouldn’t have ended with him lightly wounded”.

Author: Joseph Fitsanakis | Date: 22 January 2018 | Permalink

Lebanese spy agency used Android app to spy on thousands, say researchers

GDGS EFF LookoutThe spy agency of Lebanon used a virus designed for the Android mobile operating system to compromise the cell phones of thousands of people in at least 20 countries, according to a new mobile security report. The 50-page report was published on Thursday by a team of researchers from Lookout, a mobile security company, and the Electronic Frontier Foundation in Washington, DC. In an accompanying press release, the researchers said that the virus, which they named Dark Caracal, has been in existence for at least six years. They added that it was traced to a building in Beirut belonging to the General Directorate of General Security (GDGS), Lebanon’s primary external intelligence agency.

According to the Lookout/EFF research team, the trojanized phone application was camouflaged as a secure messaging service, resembling popular applications like Signal or WhatsApp. However, once an Android user downloaded it, it gave remote users access to the compromised phone’s cameras and microphone, thus turning it into a bugging device. The virus also stole email and text messages, pins and passwords, lists of contacts, call logs, photographs, as well as video and audio recordings stored on the compromised device. The report states that compromised devices were found in over 20 countries, including Lebanon, France, Canada, the United States and Germany. The majority of those targeted by the virus were civilian and military officials of foreign governments, defense contractors, and employees of manufacturing companies, financial institutions and utility providers.

On Thursday, Reuters contacted Major General Abbas Ibrahim, who serves as director general of GDGS. He insisted that the GDGS is known for collecting intelligence using human sources, not cyber technologies. “General Security does not have these type[s] of capabilities. We wish we had these capabilities”, General Ibrahim told the news agency.

Author: Joseph Fitsanakis | Date: 19 January 2018 | Permalink

Western agencies warned Lebanese prime minister of assassination plot, say Saudis

Saad al-HaririWestern intelligence services warned Lebanon’s former Prime Minister Saad al-Hariri of an assassination plot against him, thus prompting him to resign on Sunday, according to Saudi news media. Hariri is a Saudi-born Lebanese politician, reputed to be one of the world’s wealthiest people. He is the second son of the late Rafiq Hariri, who ruled Lebanon for much of the 1990s but was assassinated in 2005. Saad al-Hariri spent most of his life in Saudi Arabia, the United States and France, but returned to Lebanon in 2014 to lead the Future Movement, a center-right political party supported by Sunni Muslims and some Christians. He became prime minister in 2016.

On Friday, Hariri flew from Beirut to Riyadh for a scheduled high-level visit. But on Sunday he shocked the Arab world by announcing his resignation from the post of prime minister. He did so in a surprise television address from the Saudi capital, which was broadcast live in Lebanon. Hariri told stunned Lebanese audiences that he was resigning in order to protect himself from a plot that was underway to assassinate him. He added that the political climate in Lebanon was intolerably tense and reminded him of the conditions that led to the assassination of his father 12 years ago. He also accused Iran and Hezbollah of acting as the primary destabilizing factors in Lebanon and much of the Middle East. Hariri and his supporters believe that Hezbollah was behind his father’s assassination in 2005. There was intense speculation in Lebanon on Monday that Hariri would remain in Saudi Arabia for the foreseeable future, fearing for his life if he returned to Lebanon.

On Sunday, the Saudi-based newspaper Asharq al-Awsat claimed that Hariri decided to resign after he “received warnings from Western governments” that there would be an assassination plot against him. The newspaper did not name the Western governments, nor did it identify those who are allegedly trying to kill Hariri. Later on Sunday, Saudi television station al-Arabiya al-Hadath alleged that an assassination attempt against Hariri had been stopped at the last minute in the Lebanese capital Beirut earlier in the week. Both news media cited “sources close” to the Lebanese leader, but did not provide specific information, nor did they give details of the alleged plot or plots. It is worth noting, however, that Lebanese security officials denied these reports from Riyadh. Lebanese media quoted senior security official Major General Abbas Ibrahim as saying that no information about assassination plots had been uncovered. Major Ibrahim, who heads Lebanon’s General Directorate of General Security, said that his agency had no information about attempts to kill Hariri or other Lebanese political figures.

This could mean that the information about a possible assassination plot against Hariri was given directly to him by Western intelligence agencies, probably because the latter fear that Lebanese security agencies are infiltrated by Hezbollah sympathizers. Or it could mean that the Saudi media reports are inaccurate. Lebanon is now awaiting further details by Hariri regarding the alleged assassination plot against him. In the meantime, the already fragile political life of Lebanon appears to be entering a period of prolonged uncertainty.

Author: Joseph Fitsanakis | Date: 07 November 2017 | Permalink | Research Credit: B.M.

Alleged Israeli spying device concealed inside fake rock found in Lebanon

Cyprus, Israel, Syria, LebanonA sophisticated spying device disguised as a rock, which was allegedly planted by Israeli intelligence, was found by Lebanese Army troops on a hill located a few miles from the Lebanese-Israeli border. The discovery was reported early on Saturday by several Lebanese news websites, including Al-Mayadeen and Al-Manar, which are closely affiliated with Hezbollah. Al-Manar said that the spy device had been found in the outskirts of Kfarchouba, a predominantly Shiite Lebanese village, located in Arkoub, 100 miles southeast of Lebanon’s capital, Beirut. Kfarchouba’s location is extremely strategic, as the village overlooks northern Israel on the south and the Golan Heights on the east. It has been bombed by Israel several dimes between the 1970s and today, and is remains heavily militarized.

Reports from Lebanon said that a Lebanese Army patrol found the device hidden inside a fake rock, which had been placed on a hill outside Kfarchouba. The device had been placed in direct view of a major Lebanese military outpost, known as Rawisat. As soon as the device was detected, the patrol reportedly called in the Lebanese Army’s intelligence corps for support. Technical experts soon examined the discovery and determined that it contained a sophisticated thermographic camera. Also known as infrared or thermal imaging cameras, thermographic cameras capture images using infrared radiation, instead of using visible light, as is the case with commonly used cameras. This allows them to capture relatively clear images in the darkness, and are thus used for military operations that require night vision. Some Lebanese websites published photographs showing parts of the alleged spy device, which appear to bear writing in Hebrew.

This is not the first time that alleged Israeli spy devices have been found in southern Lebanon. In September of 2014, one person was killed when a mysterious device found near the Lebanese village of Adloun suddenly exploded as Hezbollah troops were examining it. It was later suggested that the device had been attached by Israeli troops to the Hezbollah-owned telecommunications network that spans southern Lebanon. Hezbollah said that the device had been remotely detonated by an Israeli drone in order to prevent it from being reverse-engineered. Two other devices found by a Lebanese Army patrol in the same region in October of 2009 suddenly exploded, as Lebanese security personnel were approaching. A Lebanese Army official said on Sunday that the device found in Kfarchouba will be dismantled by Lebanese Army engineers.

Author: Joseph Fitsanakis | Date: 11 September 2017 | Permalink

Israel’s chief of staff says Hezbollah killed its own commander in Syria

Mustafa Amine BadreddineAn Israeli military official has repeated claims in the Arab media that the Lebanese Shiite group Hezbollah killed its own military commander in Syria, following a dispute with Iran. Mustafa Amine Badreddine, 55, an expert in explosives and former bomb-maker, was a senior military commander in the military wing of Hezbollah. He rose through the ranks of the organization to become a trusted adviser to Hezbollah’s Secretary General, Hassan Nasrallah. In 2011, the Special Tribunal for Lebanon, set up by the United Nations, charged Badreddine with organizing the assassination of Lebanese Prime Minister Rafik Hariri. Hariri was killed with over 20 other people in a massive bomb blast in Beirut, in February of 2005.

Soon after the outbreak of the Syrian Civil War, the leadership of Hezbollah dispatched Badreddine to the Syrian capital Damascus. His stated mission was to command thousands of Hezbollah troops, who fought under Iranian guidance in support of the Syrian President Bashar al-Assad. But on May 13, 2016, Badreddine was reportedly killed in Damascus, causing observers to describe his death as the biggest setback for the Shiite militant group since the 2008 assassination of its leading commander, Imad Mughniyeh. Initial reports in Hezbollah-controlled Lebanese media suggested that Badreddine might have been killed in an Israeli air attack. But a press statement issued later by Hezbollah said the commander had been killed as a result of an armed attack by Sunni rebels. However, on March 8 of this year, the Saudi-owned pan-Arab television network al-Arabiya said it had conducted its own investigation into Badreddine’s death, and had concluded that he was killed by Hezbollah itself. The network claimed that Hezbollah’s Secretary General Nasrallah had ordered Badreddine’s killing, after the Iranians demanded it. Apparently the Iranians wanted him killed because he disputed the authority of Major General Qasem Soleimani, commander of Iran’s Revolutionary Guard Corps, who is often credited with having saved the Syrian government from demise during the Civil War.

The claim that Badreddine was killed by Hezbollah was echoed on Tuesday by Lieutenant General Gadi Eisenkot, Chief of the General Staff of the Israel Defense Forces. Speaking to the Associated Press, Lt Gen Eisenkot said that reports from Arab media that Badreddine was killed by his own forces agreed “with intelligence we have”, referring to the Israeli military. It is worth noting that Israeli officials rarely comment on intelligence operations, including assassination operations, choosing instead to adhere to a “refuse to confirm or deny” policy.

Author: Joseph Fitsanakis | Date: 22 March 2017 | Permalink

Lebanon claims arrests of five Israeli spies holding third country passports

GDGS LebanonThe security services of Lebanon announced on Wednesday that they had arrested five foreign nationals who were allegedly spying of Israel. A brief statement issued by Lebanon’s General Directorate of General Security (GDGS, also known as the General Security Directorate) said the five individuals were members of a “spy ring” set up by the Mossad, Israel’s external intelligence agency. The five —three men and two women— are accused of contacting Israeli embassies in countries in the Middle East, Europe and Asia, with the aim of passing information about domestic Lebanese affairs.

The statement from the GDGS said the alleged spy ring consisted of two male holders of Lebanese passports, a Palestinian Arab man (passport not specified), and two women with Nepalese passports. It said that the five foreigners were interrogated and “confessed to the charges”, which include “spying for Israeli embassies abroad”. According to articles in the Lebanese media, the members of the alleged spy ring admitted that they had dialed telephone numbers that were operated by the embassies of Israel in: Amman, Jordan; Ankara, Turkey; London, United Kingdom; and Kathmandu, Nepal. The reports state that the five foreigners said the reason they contacted the Israeli embassies was to “pass on information”, but no specifics were offered.

According to An Nahar, Lebanon’s leading daily newspaper, the two Nepalese women had been tasked with recruiting other Nepalese women working in Israel as maids or nannies. The recruits were allegedly instructed to call telephone numbers belonging to Israel’s embassy in Nepal and share information about their employers’ activities. No information has been given about the identity and occupation of those who employed the domestic workers. The GDGS statement said that the agency was seeking to arrest “the rest of the culprits”, but did not specify whether these were members of the same alleged spy ring.

Author: Ian Allen | Date: 26 January 2017 | Permalink

Lebanese president says Israel is behind businessman’s murder in Angola

Michel AounThe president of Lebanon said on Wednesday that Israeli intelligence was behind the killing of a Lebanese businessman who was shot dead by a team of assailants last weekend in southwestern Africa. Amine Bakri, 54, who was from southern Lebanon, had lived and worked in Angola since his mid-20s. He was a well-known businessman in the Angola capital Luanda, where he owned a number of factories that make furniture and various medical equipment. On Sunday, Bakri was driving on an unpaved road in the Angolan capital, when his vehicle was ambushed by a group of three armed assailants. According to media reports, one of the men shot the windshield of Bakri’s car and then proceeded to shoot him in the head at close range. The men fled the scene and Bakri was transported to a local hospital, where he soon died from his wounds.

Initial reports stated that Bakri’s killing resulted from a botched robbery by a local gang of youths. But the murdered man’s nephew and business partner, Mohammad Maatuk, told Lebanese media that the men who ambushed his uncle were not interested in money. Maatuk told the Lebanese news website an-Nahar that the men did not give Bakri an opportunity to offer them money or other valuables. Instead they opened fire almost immediately and fled the scene in a calm, pre-arranged, professional manner, said Maatuk.

On Wednesday, the newly elected President of Lebanon, Michel Aoun, opened the weekly meeting of the Lebanese government by announcing that there was “information that the [Israeli intelligence agency] Mossad was behind this operation” to kill Bakri in Lebanon. He added that the Lebanese Ministry of Foreign Affairs and Immigration was “collecting information” in light of new evidence about Israel’s alleged involvement. According to media reports, Aoun did not provide details about the evidence that the Mossad was behind Bakri’s murder. Nor is there any information about the reasons why Israel might want Bakri dead.

Angola is home to a sizeable Lebanese community, whose members concentrate mostly in Luanda. As of this morning there has been no information about whether Amine Bakri was in any way related to Imad Bakri. Bakri, a Shiite Lebanese merchant in Luanda, has been identified in several intelligence reports as a link between the Shiite Lebanese militant group Hezbollah and UNITA, the Western-supported right-wing rebel group that lost in the Angolan Civil War and today is the country’s second-largest political party. Bakri’s body is expected to arrive in Lebanon today. It will be transported to the Iraqi Shiite city of Najaf, where he will be buried.

Author: Joseph Fitsanakis | Date: 05 January 2017 | Permalink

Israel silent after assassination of key Hezbollah figure in Damascus

Samir Kuntar Israel has refused comment following the death of a senior official of Lebanese militant group Hezbollah, who was killed on Saturday in a missile strike in Syria. Samir Kuntar (also spelled Qantar) was a Druze who joined the Syrian-backed, Lebanese-based, Palestine Liberation Front (later Popular Front for the Liberation of Palestine – General Command) at a young age. In 1979, Kuntar was jailed for an attack on an apartment block in Israel’s northern coastal town of Nahariya, which resulted in the death of four Israeli civilians and two of the attackers. However, he was freed after nearly three decades in prison in exchange for the bodies of two Israel Defense Force soldiers, who had been captured and executed by Hezbollah in 2006.

Since his high-profile release, Kuntar was believed to have risen in the ranks of Hezbollah, and to have become a major operational figure in the Lebanese militant group. In September of this year, the United States Department of State officially designated Kuntar a Specially Designated Global Terrorist. This designation, under US Executive Order 13224, denoted that Kuntar posed a significant and immediate terrorist threat to American interests. A statement issued by the US State Department at the time described Kuntar as one of Hezbollah’s “most visible and popular spokesmen”, and said he also had an operational role in the organization.

Kuntar was reportedly killed alongside eight other people when a barrage of missiles hit a residential building in the Damascus suburb of Jaramana. A statement by Hezbollah-controlled television station Al-Manar said four long-range missiles were fired by two “Israeli warplanes” that appeared to target the residential building. Based on footage aired by Al-Manar, the multi-story building appears completely destroyed. Moreover, at least one other Hezbollah senior commander, Farhan al-Shaalan, is said to have died in the strike.

Although Hezbollah officially accused “the Zionist entity” for the missile strikes, Israel has refused comment on Kuntar’s killing. When asked for a response by reporters on Sunday morning, Israeli Minister for Construction and Housing Yoav Gallant said he was happy that Kuntar was dead, but stopped short of confirming that Israel was behind the killing.

Author: Joseph Fitsanakis | Date: 21 December 2015 | Permalink

Israel charges Swedish citizen with spying for Hezbollah

HezbollahIsraeli authorities have charged a Swedish citizen with working as an intelligence officer for the Lebanese militant group Hezbollah. It is believed that Hassan Khalil Hizran, 55, was born to Palestinian refugees in Lebanon, from where he emigrated to Sweden many years ago. But he was arrested in Tel Aviv on July 21 while disembarking a flight at Israel’s Ben Gurion International Airport and was taken into custody by the Shin Bet, Israel’s counterterrorism and counterintelligence agency. A spokesman for the agency said Hizran had confessed during interrogation to being an intelligence operative for Hezbollah, a primarily Shiite organization that controls much of Lebanon’s territory. He is said to have told his interrogators that he was recruited by the group in the summer of 2009 while visiting Lebanon from Sweden with his wife and children.

Shin Bet said that Hizran had been asked by his Hezbollah handlers to gather intelligence relating to Israeli military installations and that he visited Israel several times in order to fulfil his missions. He would then return to Lebanon after visiting a third country in order to provide his Hezbollah handlers with the information he had collected while in Israel. Sources in Tel Aviv said Hizran visited Lebanon at least twice since his 2009 recruitment, specifically in 2011 and 2013. He returned to Sweden with monetary sums given to him by Hezbollah as payment for his services, which amounted to several thousand dollars, according to Shin Bet. The Israeli security agency said the Swede was helping Hezbollah identify military targets for a future war, which it interpreted as “proof that Hezbollah is preparing for the net war with Israel by compiling a target bank”.

According to the Israelis, Hizran had also been tasked by Hezbollah with recruiting Arabs with ties to Israeli Jews, but that he was either unable or unwilling to do so. However, on Sunday he was charged with three criminal counts including contacting an agent of a foreign government and communicating sensitive information. The Swedish man’s Israeli lawyer, Leah Tsemel, denied that her client was guilty of espionage and claimed that he had “refused repeated requests to inflict harm on the national security of Israel”. The Swedish and Lebanese governments have not commented on Hizran’s arrest.

Author: Ian Allen | Date: 10 August 2015 | Permalink

Hezbollah likely behind malware that attacked Israeli servers

Malware program codeBy JOSEPH FITSANAKIS | intelNews.org
A report by a major Israeli computer security firm claims that “a Lebanese entity”, possibly Hezbollah, was behind a cyberespionage operation that targeted companies connected to the Israeli military. In late March, Israeli computer security experts announced they had uncovered an extensive cyberespionage operation that targeted computers in Israel, and to a lesser extent in the United States, Britain, Turkey and Canada. The cyberespionage operation, dubbed VOLATILE CEDAR by Israeli computer security experts, was allegedly launched in 2012. It employed a sophisticated malicious software, also known as malware, codenamed EXPLOSIVE. One Israeli security expert, Yaniv Balmas, said the malware was not particularly sophisticated, but it was advanced enough to perform its mission undetected for over three years.

It is worth noting that, during the period of operation, the EXPLOSIVE malware kept surreptitiously updating itself with at least four different versions, which periodically supplemented the original malware code. Additionally, once the discovery of the malware was publicized in the media, security experts recorded several incoming messages sent to the installed malware asking it to self-destruct. These clues point to a level of programming and operational sophistication that exceeds those usually found in criminal cyberattacks.

According to Israeli computer security firm CheckPoint, there is little doubt that the source of the malware was in Lebanon, while a number of programming clues point to Lebanese Shiite group Hezbollah as “a major player” in the operation. In a report published this week, CheckPoint reveals that most of the Israeli targets infected with the malware belong to data-storage and communications firms that provide services to the Israel Defense Forces. According to one expert in the firm, the malware designers took great care to avoid “a frontal attack on the IDF network”, preferring instead to target private entities that are connected to the Israeli military. More specifically, the web shells used to control compromised servers after successful penetration attempts were of Iranian origin. Additionally, the initial command and control servers that handled EXPLOSIVE appear to belong to a Lebanese company.

The head of CheckPoint’s security and vulnerability research unit, Shahar Tal, told Ha’aretz newspaper: “We are not experts on international relations and do not pretend to analyze the geopolitical situation in Lebanon”. But these attacks originated from there, and were specifically designed to infiltrate “systems that are connected to the IDF”, he added.

News you may have missed #891

Edward SnowdenBy IAN ALLEN | intelNews.org
►►Sophisticated malware found in 10 countries ‘came from Lebanon’. An Israeli-based computer security firm has discovered a computer spying campaign that it said “likely” originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world’s top powers. Researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. The campaign dates back at least three years and allegedly deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage.
►►Canada’s spy watchdog struggles to keep tabs on agencies. The Security Intelligence Review Committee (SIRC), which monitors Canada’s intelligence agencies, said continued vacancies on its board, the inability to investigate spy operations with other agencies, and delays in intelligence agencies providing required information are “key risks” to its mandate. As a result, SIRC said it can review only a “small number” of intelligence operations each year.
►►Analysis: After Snowden NSA faces recruitment challenge. This year, the NSA needs to find 1,600 recruits. Hundreds of them must come from highly specialized fields like computer science and mathematics. So far the agency has been successful. But with its popularity down, and pay from wealthy Silicon Valley companies way up, Agency officials concede that recruitment is a worry.

Israelis dispute CIA was behind Hezbollah strongman’s killing

Imad MughniyahBy JOSEPH FITSANAKIS | intelNews.org
Sources in Israel are disputing reports from January that the United States’ Central Intelligence Agency was behind the assassination of one of Hezbollah’s most senior officials. On January 31 of this year, two US-based publications, The Washington Post and Newsweek, claimed that it was the CIA, not Israel’s Mossad intelligence agency as previously thought, who led the 2008 assassination of Imad Mughniyah. Mughniyah, who was among the founders of Hezbollah, the Shiite militant group that today controls large parts of Lebanon, was killed when a car laden with explosives blew up at a central parking lot in Syrian capital Damascus, where he had been living in secret.

According to the reports, the Mossad alerted the CIA after uncovering Mughniyah’s whereabouts in 2007, and suggested a joint operation to kill the Hezbollah strongman. The American covert-action agency proceeded to have a bomb designed by technicians from its Science & Technology Directorate, who carried out dozens of tests at a CIA facility in North Carolina. It was, according to the Post and Newsweek reports, the very bomb that killed Mughniyah on the evening of February 12 near his home in the Syrian capital.

But Dan Raviv, the Washington-based national correspondent for CBS News, said on Sunday that Israeli intelligence insiders are disputing claims that the CIA was the leading force in the operation. In a report published on Sunday, Raviv cited “Israelis close to their country’s services” as saying that the operation against Mughniyah was “almost all blue-and-white, and just a little bit red-white-and-blue” —a direct reference to the colors in the Israeli and American flags. The CBS correspondent said Israelis had been “miffed that the Americans were taking too much credit” for the strike against Mughniyah, and were actively “speaking with Western officials and diplomats to offer corrections”.

According to Raviv, it was the Mossad and Aman (Israel’s primary military-intelligence agency) that discovered Mughniyah’s whereabouts in 2007, and proceeded to design a bomb after the US declined Israel’s invitation to help organize a joint strike. Eventually, claims Raviv, Israel’s then-Prime Minister, Ehud Olmert, convinced then-US President George W. Bush to approve a strike against Mughniyah, by showing him videos of the custom-made car bomb being tested in Israel. An impressed President Bush then authorized the CIA to participate in the operation. But by that time, says Raviv, the Israelis were firmly in command of the project and remained so until its final execution. Neither the CIA nor the Mossad have commented on the allegations regarding Mughniyah’s assassination.