U.S. charges Greek businessman with smuggling military and dual-use goods to Russia

May 22, 2023 by Leave a comment

Rijen NetherlandsThe United States Department of Justice has charged a Greek national with wire fraud and smuggling sensitive military-grade and dual-use goods from the United States to Russia. The suspect, Dr. Nikolaos “Nikos” Bogonikolos, 59, was arrested in Paris, France, on May 9, at the request of the United States, and is currently in custody pending extradition proceedings.

Bogonikolos is a mathematician and self-described “serial entrepreneur”, with business activities dating back to 1987. He has authored and co-authored academic articles, holds a number of patents, and has published a book entitled Total Process Security Reengineering. Following the ECHELON revelations in the late 1990’s, he authored a report (.pdf) entitled “The Perception of Economic Risks Arising from the Potential Vulnerability of Electronic Commercial Media to Interception” as part of a study for the European Parliament.

In 2005, Bogonikolos received his PhD from the Kharkov National Economic University in Ukraine, focusing on applications of artificial intelligence in the field of economics. According to his own claims, he has been active as an entrepreneur or researcher in some 40 countries, including Russia. Bogonikolos is the founder of a Greek-based company called Aratos Group. In 2016, Aratos Systems BV was registered as legal entity in The Netherlands. Since 2020, the company has been located in the town of Rijen, which is also home to the main operational military helicopter base of the Royal Netherlands Air Force.

Aratos Systems BV describes itself on its website (currently offline) as an “independent and leading member of the Greek Aratos Group”. Its activities, as declared to the Netherlands chamber of commerce, are “the collection, processing, protecting, and selling of earth observation data to public and private parties”. Aratos Systems also “owns and runs a fully equipped Satellite Ground Station constantly connected with EUMETSAT” —the latter being the European operational satellite agency for monitoring weather, climate and the environment from space.

Last week, the Netherlands Public Prosecution Service and the Fiscal Information and Investigation Service raided the Aratos Systems offices in Rijen. According to the unsealed complaint (.pdf) it is believed that Bogonikolos was contacted in December 2017 by representatives of an illicit Russian procurement network that acquires sensitive military-grade and dual-use technologies, under the direction of Russia’s Foreign Intelligence Service (SVR). Elements of that network are often referred to by Western government officials as “the Serniya Network” or “Sertal”, among other names. In December 2022 the United States charged five Russian nationals, including a suspected intelligence officer, believed to be part of that network, as well as two United States nationals.

In December 2017, Bogonikolos allegedly accepted an invitation to travel to Moscow alone for a meeting. The complaint cites an email exchange between senior members of Sertal and Serniya Network, including Yevgeniy Grinin and Aleksey Ippolitov, who are both wanted by the FBI. In the email exchange, it is suggested that Bogonikolos is a “supporter of the Orthodoxy” and that he sees it as “the basis of friendship with Russia”.

Read more of this post

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , ,

Russia covertly mapping key energy infrastructure for sabotage, Dutch report warns

February 21, 2023 by 2 Comments

AIVD HollandTHE RUSSIAN INTELLIGENCE SERVICES are “covertly mapping” the energy infrastructure of the North Sea, in preparation for acts of disruption and sabotage, according to a new report form the Dutch government. The 32-page report was published this week, ahead of the one-year anniversary of the 2022 Russian invasion of Ukraine. It was authored collaboratively by the two main intelligence agencies of the Netherlands, the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).

The report notes that Russian spy ships, drones, satellites and human agents are engaged in an unprecedented effort to chart the energy and other “vital marine infrastructure” of the North Sea. The purpose of this effort is to understand how the energy and other key infrastructure works in the North Sea. The term North Sea refers to the maritime region that lies between France, Belgium, the Netherlands, Germany, Denmark, Norway and the United Kingdom. It hosts key energy infrastructure, including oil, natural gas, wind and wave power installations, which supply energy to much of northern Europe.

According to the report, Russian intelligence and espionage activities in the North Sea “indicate preparatory acts of disruption and sabotage. These appear to be aimed at energy systems, but also other vital infrastructure, such as undersea power and communication cables, and even drinking water facilities. Consequently, physical threats toward any and all of these facilities should be viewed as conceivable, the report warns.

On Saturday, the Dutch government said it would expel an undisclosed number (believed to be at least ten) of Russian diplomats. It also accused Moscow of engaging in constant efforts to staff its diplomat facilities in the Netherlands with undercover intelligence officers. On the same day, the Dutch government said it would shut down its consulate in Russia’s second-largest city, St. Petersburg, and ordered Russia to shut down its trade mission in the port city of Amsterdam.

Author: Joseph Fitsanakis | Date: 21 February 2023 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , ,

Dutch intelligence disrupt large-scale botnet belonging to Russian spy agency

March 7, 2022 by Leave a comment

GRU KtON MARCH 3, 2022, Dutch newspaper Volkskrant reported that the Dutch Military Intelligence and Security Service (MIVD) took action in response to abuse of SOHO-grade network devices in the Netherlands. The attacks are believed to have been perpetrated by the Main Intelligence Directorate of the General Staff of the Russian Armed Forces (GRU) Unit 74455. The unit, which is also known as Sandworm or BlackEnergy, is linked to numerous instances of influence operations and sabotage around the world.

The devices had reportedly been compromised and made part of a large-scale botnet consisting of thousands of devices around the globe, which the GRU has been using to carry out digital attacks. The MIVD traced affected devices in the Netherlands and informed their owners, MIVD chief Jan Swillens told Volkskrant. The MIVD’s discovery came after American and British [pdf] services warned in late February that Russian operatives were using a formerly undisclosed kind of malware, dubbed Cyclops Blink. According to authorities, the botnet in which the compromised devices were incorporated has been active since at least June 2019.

Cyclops Blink leverages a vulnerability in WatchGuard Firebox appliances that can be exploited if the device is configured to allow unrestricted remote management. This feature is disabled by default. The malware has persistence, in that it can survive device reboots and firmware updates. The United Kingdom’s National Cyber Security Centre describes Cyclops Blink as a “highly sophisticated piece of malware”.

Some owners of affected devices in the Netherlands were asked by the MIVD to (voluntarily) hand over infected devices. They were advised to replace the router, and in a few cases given a “coupon” for an alternative router, according to the Volkskrant. The precise number of devices compromised in the Netherlands is unclear, but is reportedly in the order of dozens. Swillens said the public disclosure is aimed at raising public awareness. “The threat is sometimes closer than you think. We want to make citizens aware of this. Consumer and SOHO devices, used by the grocery around the corner, so to speak, are leveraged by foreign state actors”, he added.

The disclosure can also be said to fit in the strategy of public attribution that was first mentioned in the Netherlands’ Defense Cyber Strategy of 2018. Published shortly after the disclosure of the disruption by MIVD of an attempted GRU attack against the computer network of the OPCW, the new strategy included the development of attribution capabilities, as well as the development of offensive capabilities in support of attribution. It advocates the view that state actors “that are [publicly] held accountable for their actions will make a different assessment than attackers who can operate in complete anonymity”.

Author: Matthijs Koot | Date: 07 March 2022 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , ,

Western spy agencies thwarted alleged Russian plot to hack Swiss chemical lab

September 17, 2018 by Leave a comment

OPCW HagueWestern intelligence agencies thwarted a plot involving two Russians intending to travel to a Swiss government laboratory that investigates nuclear, biological and chemical weapons, and hack its computer systems. According to two separate reports by Dutch newspaper NRC Handelsblad and Swiss newspaper Tages-Anzeiger, the two were apprehended in The Hague in early 2018. The reports also said that the Russians were found in possession of equipment that could be used to compromise computer networks. They are believed to work for the Main Intelligence Directorate, known as GRU, Russia’s foremost military intelligence agency. The apprehension was the result of cooperation between various European intelligence services, reportedly including the Dutch Military Intelligence and Security Organization (MIVD).

The laboratory, located in the western Swiss city of Spiez, has been commissioned by the Netherlands-based Organization for the Prohibition of Chemical Weapons (OPCW) to carry out investigations related to the poisoning of Russian double agent Sergei Skripal and his daughter Yulia in March of this year. It has also carried out probes on the alleged use of chemical weapons by the Russian-backed government of President Bashar al-Assad in Syria. In the case of the Skripals, the laboratory said it was able to duplicate findings made earlier by a British laboratory.

Switzerland’s Federal Intelligence Service (NDB) reportedly confirmed the arrest and subsequent expulsion of the two Russians. The Swiss agency said it “cooperated actively with Dutch and British partners” and thus “contributed to preventing illegal actions against a sensitive Swiss infrastructure”. The office of the Public Prosecutor in the Swiss capital Bern said that the two Russians had been the subject of a criminal investigation that began as early as March 2017. They were allegedly suspected of hacking the computer network of the regional office of the World Anti-Doping Agency in Lausanne. The Spiez laboratory was a target of hacking attempts earlier this year, according to a laboratory spokesperson. “We defended ourselves against that. No data was lost”, the spokesperson stated.

On April 14, Russian Minister of Foreign Affairs Sergei Lavrov stated that he had obtained the confidential Spiez lab report about the Skripal case “from a confidential source”. That report confirmed earlier findings made by a British laboratory. But the OPCW, of which Russia is a member, states that its protocols do not involve dissemination of scientific reports to OPCW member states. Hence, the question is how Foreign Minister Lavrov got hold of the document.

As intelNews reported in March, in the aftermath of the Skripals’ poisoning the Dutch government expelled two employees of the Russian embassy in The Hague. In a letter [.pdf] sent to the Dutch parliament on March 26 —the day when a large number of countries announced punitive measures against Russia— Holland’s foreign and internal affairs ministers stated that they had decided to expel the two Russian diplomats “in close consultation with allies and partners”. The Russians were ordered to leave the Netherlands within two weeks. It is unknown whether the two expelled Russian diplomats are the same two who were apprehended in The Hague, since none have been publicly named.

A November 2017 parliamentary letter from Dutch minister of internal affairs Kajsa Ollongren, states[4] that Russian intelligence officers are “structurally present” in the Netherlands in various sectors of society to covertly collect intelligence. The letter added that, in addition to traditional human intelligence (HUMINT) methods, Russia deploys digital means to influence decision-making processes and public opinion in Holland.

Author: Matthijs Koot | Date: 17 September 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

Analysis: New Dutch spy bill proposes changes in approval, oversight

July 7, 2015 by 1 Comment

AIVD HollandOn July 2, 2015, the Dutch government released for public consultation a long-awaited bill that overhauls the Dutch Intelligence and Security Act of 2002. Known also as Wiv2002, the Act is the legal framework for the operations of the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). The bill is a complete rewrite of the present law, and includes expansions of power, as well as changes to the approval regime and oversight. The below provides a brief overview focused on the interception and hacking powers.

The services’ special powers, such as interception and hacking, can only be used for a subset of their legal tasks. That subset includes national security,
foreign intelligence and military intelligence. The government annually determines the intelligence needs of itself and other intelligence consumers; the outcome is used to focus and prioritize strategic and operational plans and activities.

The services have and hold a specific interception power, i.e., interception of communication of a specified person, organization and/or technical characteristic (e.g. IMEI, phone number, IP address, email address). This requires approval from the minister in charge. The services also have and hold a non-specific interception power —i.e., ‘bulk’ interception— but the bill expands that power from ether-only to “any form of telecommunications or data transfer”, thus including cable networks. Furthermore, the bill no longer limits the non-specific power to communication that has a foreign source and/or foreign destination, meaning that domestic communication is in scope. Like the specific power, the non-specific power requires approval from the minister in charge. The services can retain raw bulk intercepts not just for one year, as is presently the case, but for three years. Encrypted raw intercepts can be stored indefinitely, as is presently the case; the three year retention period is triggered when bulk-intercepted encrypted data is decrypted.

Certain categories of “providers of communication services” will be required, in consultation with the services, to provide access to their networks, if so requested by the services on the basis of approval from the minister. Those categories will be determined by governmental decree. The term “provider of a communication service” is derived from the term “service provider” in the Budapest Convention on Cybercrime of 2001, and is defined so as to include public telecommunication networks, non-public telecommunications networks, hosting providers and website operators. The services have and hold the right to, under certain conditions and after approval from the Minister, compel “anyone” to decrypt data or hand over keys. The approval request for that must include an indication of the conversations, telecommunications or data transfers that are targeted.

Read more of this post

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , ,

Former spy sues Dutch state for ‘abandoning’ him in Afghanistan

March 24, 2015 by 1 Comment

MIVDBy JOSEPH FITSANAKIS | intelNews.org
A former agent for Holland’s military intelligence agency has sued the Dutch state, alleging that it abandoned him in Afghanistan, after he had spent years providing support services to Dutch operatives there. Dutch newspaper De Telegraaf reported last week that the former agent, identified only as I.A., is a former police officer who relocated to Afghanistan while working for a Western contractor. He then stayed on in the Afghan capital Kabul, where he imported and sold cars. According to I.A., he was eventually approached by Holland’s Military Intelligence and Security Service (MIVD) and secretly hired as an agent.

Dutch researcher Dr. Matthijs Koot, who translated De Telegraaf’s article into English, reports that I.A. claims he was tasked by the MIVD to acquire local cars with forged license plates, as well as provide forged travel documentation, for Dutch Special Forces in Afghanistan. He also says he supplied Dutch intelligence officers with weapons that “fit what was usually seen on the streets” of Kabul, thus helping them blend in with the local population.

According to De Teelgraaf, I.A. is now suing the Dutch government, alleging that the MIVD “left him to his fate” in Afghanistan, a move that allegedly cost him extensive financial damage. He wants the MIVD to acknowledge that he worked for them and furthermore that he should not have been abruptly fired when his services were no longer needed. According to the paper, I.A. threatened to release to the media details of his work for MIVD, including recorded conversations with MIVD officers. This prompted the agency to give him €500,000 ($700,000) in an attempt to unofficially settle his case. This was allegedly confirmed in a court in The Hague by Marc Gazenbeek, legal affairs director for the Dutch Ministry of Defense. However, I.A. claims the money he was given is insufficient and is suing for millions in damages. The Telegraaf says that Pieter Cobelens, who was director of MIVD at the time of I.A.’s employment, denies he was aware of his employment as a spy. The case continues.

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

News you may have missed #486

March 26, 2011 by Leave a comment

  • Hundreds of US officials to leave Pakistan in Davis deal [unconfirmed]. Pakistani newspaper The Express Tribune claims that 331 US officials in Pakistan have been identified by Islamabad as spies and are “to leave the country”, under a secret deal between Pakistan and the United States. The alleged deal was reportedly struck between the two sides as part of the release of Raymond Davis, a CIA operative who shot dead two people in Lahore.
  • Australian government unveils new spy legislation. The Intelligence Services Legislation Amendment Bill, which has been unveiled by the Australian government, contains changes to the intelligence services and criminal code legislation designed to “improve the operational capabilities of key spy agencies“, according to the country’s Attorney-General.
  • Dutch military intelligence: closed on Sundays. A Dutch government-commissioned report has revealed that the country’s military intelligence service, the MIVD, played no role in the decision, earlier this month, to attempt an evacuation operation by helicopter near the Libyan city of Sirte. The reason is because the evacuation took place on a Sunday, and requests for intelligence went unnoticed at MIVD headquarters.

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , , , , , , , , , , , ,