Tip by confidential human source guided FBI search of Trump’s home, reports claim

Mar-a-Lago MULTIPLE NEWS OUTLETS CLAIMED on Wednesday that Monday’s search by authorities of a Florida residential compound belonging to former United States President Donald Trump was based on information provided to the Federal Bureau of Investigation by a confidential human source. The source reportedly gave the FBI details about a number of classified documents that were allegedly hidden in Trump’s Florida estate, as well as their precise location.

America’s troubled political waters turned stormy once again on Monday morning, when around 35 FBI special agents and technical support personnel arrived at Trump’s Mar-a-Lago estate in a convoy of unmarked vehicles. The FBI team proceeded to execute a search warrant, which authorized them to confiscate government files that were allegedly in storage at the luxury estate. According to the 1978 Presidential Records Act, these files belong to the state and should have been deposited to the National Archives upon Trump’s departure from the White House in January of 2021.

On Monday afternoon, the FBI staff reportedly left Trump’s residence with between 10 and 15 boxes of documents. In the ensuing hours, a number of commentators pointed out that, as per Trump’s attorney Lindsey Halligan, who observed the search in person, the FBI focused on just three rooms, ignoring the rest of the sprawling mansion —namely Trump’s office, a bedroom and a storage room. That, according to some, points to the strong possibility that the FBI special agents had prior information about the location of the files.

On Wednesday morning, Newsweek said it could confirm that the FBI had prior information about the precise location of the files. The news outlet cited two senior government officials, including “an intelligence source” who had “direct knowledge of the FBI’s deliberations” in the days leading up to the search. According to the sources, during the first week of August the government prosecutor in charge of the case was able to secure a search warrant by a West Palm Beach judge. The prosecutor reportedly did so by providing the judge with “abundant and persuasive detail” about the files, which “proved that those records were contained at Mar-a-Lago […] in a specific safe in a specific room”.

On Wednesday evening, The Wall Street Journal also reported that the FBI had been approached by “someone familiar with stored papers”. The source allegedly provided government investigators with information about the precise location of “classified documents” at Mar-a-Lago. The paper added that the FBI confidential source had direct access to the documents.

The US attorney general’s guidelines [PDF] define FBI confidential human sources as individuals who are “believed to be providing useful and credible information to the FBI for any authorized information collection activity”. They further stipulates that the FBI expects or intends to obtain “additional useful and credible information” from confidential human sources in the future, thus it usually builds a long-term relationship with these individuals. The guidelines also note that, given the sensitivity of the role of confidential human sources, their “identity, information or relationship with the FBI warrants confidential handling”.

Author: Ian Allen | Date: 11 August 2022 | Permalink

Ukraine war prompts European Union to overhaul counter-surveillance practices

European Commission buildingTHE POLITICAL FALLOUT OF the Russian invasion of Ukraine is prompting the European Union (EU) to radically upgrade the security of its facilities, according to a series of internal memoranda. On July 14, the EUObserver, an EU-focused news agency based in Brussels, said it had seen an internal EU document that describes the creation of a new anti-surveillance unit. The unit’s mission will reportedly center on providing security for closed-door EU meetings, using counter-measures standards employed by the North Atlantic Treaty Organization (NATO).

According to EUObserver, EU member states have agreed to establish a so-called “CSC-TSCM Expert Group,” which will spearhead the formation of this new unit. In security parlance, TSCM stands for technical security counter-measures, a method of counter-surveillance. In their most basic form, TSCM operations are carried out by teams of technical experts trained in the use of anti-bugging equipment. These are able to detect radio emissions, which are generated by most surveillance devices —commonly referred to as ‘bugs’.

The internal memorandum stipulates that the “CSC-TSCM Expert Group” will be officially set up after July 25. It will consist of experts from several EU states. The resulting unit’s mission will be to “prevent, detect and potentially neutralise eavesdropping of information in any physical or electronic form,” the memorandum states. Counter-measures operations will include regular inspections of “facilities and vehicles and the protection of classified meetings” in buildings that house the EU Council, EU Parliament, and the European Commission.

The forthcoming formation of the “CSC-TSCM Expert Group” appears to be closely linked to news, published earlier this month, relating to the construction of a new facility. The new facility is described in the media as an EU “secure bunker.” According to the EUObserver, the €8 million ($8.07 million) enclosed space will operate as a designated EU sensitive compartmented information facility (SCIF). The term denotes a secure area within a larger building, which is used to discuss sensitive topics and process classified information. Read more of this post

Newspaper discloses names of Russian alleged spies expelled from Belgium

Russian embassy in BelgiumA BRUSSELS-BASED NEWSPAPER has publicized the names and backgrounds of nearly two dozen Russian diplomats, who were recently expelled by the Belgian government on suspicion of espionage. A total of 21 Russian diplomats were expelled from Belgium in April, in co-ordination with dozens of European governments. The move was part of a broader European wave of diplomatic expulsions of Russian diplomatic personnel, in response to the Russian invasion of Ukraine.

Like other governments in Europe, the Belgians carried out the expulsions of Russian diplomats in secret, and employed a “no comment” policy in response to media requests. Such an approach is customary when it comes to diplomatic expulsions. It allows the government ordering the expulsions to expect a similar level of discretion if and when its own diplomats are expelled in a possible tit-for-tat move by an adversary. It is therefore highly unusual for information concerning expelled diplomatic personnel to be made public. And yet that is precisely what happened earlier this week, when the EUObserver, an English language newspaper based in Brussels, published information about the names and backgrounds [PDF] of the 21 expelled Russian diplomats. The paper said the information was leaked by a source, but did not elaborate.

According to the newspaper, all 21 expelled diplomats were men. It further alleged that 10 of them were intelligence personnel of the Main Directorate of the Russian Armed Forces’ General Staff. A further nine diplomats worked for the Foreign Intelligence Service (SVR, Russia’s equivalent to the United States Central Intelligence Agency), while two were employees of the external service of the Russian Federal Security Service (FSB). Most were in their 40s, though at least one was in his early 60s and one was in his late 20s. The EUObserver said that some of the information about the alleged spies was unearthed by The Dossier Center, a British-based open-source information outlet, which is similar to Bellingcat. The Dossier Center is funded by the oligarch Mikhail Khodorkovsky, who is a critic of the Russian President Vladimir Putin. Read more of this post

Dutch intelligence disrupts Russian effort to infiltrate International Criminal Court

International Criminal CourtON JUNE 16, THE Dutch General Intelligence and Security Service (AIVD) announced that it prevented a Russian military intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The ICC is of interest to the GRU because it investigates possible war crimes committed by Russia in the Russo-Georgian War of 2008 and more recently in Ukraine.

The GRU officer reportedly traveled from Brazil to Schiphol Airport in Amsterdam in April 2022, using a Brazilian cover identity, making him a so-called “illegal”. This means the intelligence operative was not formally associated with a Russian diplomatic facility. He allegedly planned to start an internship with the ICC, which would have given him access to the ICC’s building and systems. This could have enabled the GRU to collect intelligence, spot and recruit sources, and possibly influence criminal proceedings inside the ICC.

On his arrival at Schiphol, the AIVD informed the Dutch Immigration and Naturalization Service (IND), after which the officer was refused entry to the Netherlands and put on the first plane back to Brazil as persona non grata. The AIVD assessed the officer as a “potentially very serious” threat to both national security and the security of the ICC and Holland’s international allies, due to his access to the organization.

In a first-ever for the AIVD, the agency also released the contents of a partially redacted 4-page document that describes the “extensive and complex” cover identity of the officer. It was originally written in Portuguese, “probably created around mid-2010” and “likely written” by the officer himself. According to the AIVD, the information provides valuable insight into his modus operandi. The cover identity hid any and all links between him and Russia. According to the AIVD, the construction of this kind of cover identity “generally takes years to complete”.

In the note accompanying the document, the AIVD says that Russian intelligence services “spend years” on the construction of cover identities for illegals, using “information on how other countries register and store personal data”. Alternatively, they illegally procure or forge identity documents. Information in the cover identity “can therefore be traceable to one or more actual persons, living or dead” as well as to forged identities of individuals “who only exist on paper or in registries of local authorities”.

AuthorMatthijs Koot | Date: 17 June 2022 | Permalink

Many see Israel behind May 22 killing of Iranian paramilitary leader in Tehran

IRGC IranA GROWING NUMBER OF security observers point to Israel as the most likely culprit behind the assassination of a leading member of the Islamic Revolutionary Guard Corps (IRGC), Iran’s powerful paramilitary force. Brigadier General Hassan Sayyad Khodaei, who was killed in broad daylight in Tehran on May 22, served as deputy director of the Quds Force, a major branch of the IRGC. The mission of the Quds Force is to carry out unconventional warfare, especially in support of IRGC operations against adversaries abroad.

Observers regularly describe the IRGC as a ‘praetorian guard’ that operates inside Iran’s governing apparatus. Today the IRGC is a military force with a command structure that is distinct from Iran’s regular Armed Forces. It maintains its own army, navy and air force, has its own paramilitary and political protection units, and oversees Iran’s nuclear program. The IRGC’s weapons development falls under the duties of the Quds Force, in which Khodaei was a leading figure. He was also known to have been closely mentored by IRGC Commander Qasem Soleimani, who was assassinated by the United States in 2020.

Kodaei was assassinated in broad daylight on May 22, as he was heading home from his office in downtown Tehran, located a few blocks from the main building of Iran’s Consultative Assembly. According to eyewitness reports, Kodaei’s vehicle was rapidly approached by two individuals riding on a motorbike. They sped away seconds after shooting Kodaei five times, killing him almost instantly. The entrance to the street where Kodaei was attacked was allegedly blocked by a white van, which also sped away following the shooting.

Israel is known for carrying out assassinations of Iranian officials using motorbikes, which can move with relative ease in the congested streets of Tehran. IntelNews regulars will recall that Israeli intelligence claimed last month to have detained and interrogated an alleged Iranian assassin named Mansour Rasouli. A video of his alleged testimony emerged, which was reportedly filmed at a Mossad safehouse somewhere in Iran. Meanwhile, Kodaei’s assassins remain at large.

Author: Joseph Fitsanakis | Date: 25 May 2022 | Permalink

In rare move, Israel identifies special operations officer killed in Gaza Strip raid

IDF Gaza Strip HamasIN A RARE MOVE, Israel released the identity last weekend of a special operations officer who was killed by Islamic Hamas during a 2018 covert mission in the Gaza Strip. As intelNews reported at the time, an undercover team of Israeli operatives was exfiltrated by helicopter from Gaza on November 11, 2018. The exfiltration took place after the Israelis were spotted by members of the Izz ad-Din al-Qassam Brigades, which is part of Hamas’ armed wing.

The incident was followed by a barrage of nearly 500 rockets and mortars fired from the Gaza Strip into Israel. The Israelis responded by firing more than 160 missiles that fell throughout the Palestinian enclave. Hostilities were halted on November 13, when Hamas declared a unilateral ceasefire brokered by Egypt. The incident prompted the resignation of Israel’s Defense Minister, Avigdor Liberman. At the time, the Israel Defense Forces, which were behind the botched operation, refused to comment on the team’s mission, admitting only that its troops “operated […] in the Gaza Strip”.

It was said at the time that the members of the undercover team were dressed in civilian clothes and that at least two of them were disguised as women. After entering Gaza in a civilian Volkswagen vehicle, they drove to Khan Yunis, a city in the south of the Strip, near the Egyptian border. It was there that they were discovered by the al-Qassam Brigades, who stopped them at a checkpoint, asking for identification. The Israeli team opened fire using a silenced gun. Following a high-speed car chase, the Israelis left via helicopter. Their abandoned Volkswagen car was then blown up by an Israeli fighter jet.

On Sunday, the IDF declassified the name of the fallen officer. It also released a photograph of the man, who has been identified as Lt. Col. Mahmoud Kheir el-Din, 41, from Galilee. A member of Israel’s Druze community, el-Din served in the Mista’arvim, a counter-terrorism unit of the IDF’s Special Operations division that is trained to capture or assassinate targets in enemy territory. El-Din joined the IDF’s Special Operations division in 2002, after having served as a platoon commander.

The IDF also provided limited details about the botched operation that led to el-Din’s death. It claims that el-Din “physically confronted” one of the Hamas operatives, thus giving another one of the Israeli soldiers the opportunity to open fire and kill seven Hamas members. El-Din was killed during the shootout, according to the IDF. The Israeli government said the decision to release el-Din’s identity was coordinated with his family. It added, however, that it does not plan to release further details about the botched operation.

Author: Ian Alen | Date: 17 May 2022 | Permalink

West German intelligence infiltrated Adolf Eichmann trial in Israel, documents show

BND GermanyWEST GERMAN SPIES INFILTRATED the trial of Adolf Eichmann, one of the architects of the Holocaust, in order to limit its damage on the reputation of senior West German politicians who had a Nazi past. Eichmann was the lead author of the system of mass deportation of Jews from ghettos in Nazi-occupied Europe to extermination camps, where millions of them were brutally killed. In 1960, after years of hiding, he was captured in Argentina by agents of the Mossad, Israel’s covert-action agency, and secretly transported to Israel, where he was put to trial and eventually hanged.

Since 2011, new files on the West German response to Eichmann’s abduction and trial have been uncovered by the Independent Commission of Historians to Research the History of the Federal Intelligence Service, 1945-1968. The Independent Commission consists of professional historians, who have been granted near-complete access into the archives of Germany’s Federal Intelligence Service (BND). Known as Bundesnachrichtendienst, the BND conducts foreign intelligence, making it Germany’s equivalent of the United States Central Intelligence Agency. The project has been praised as a rare case of openness and transparency in historical research into the activities and operations of a still-functioning intelligence agency.

Led by Professor Klaus-Dietmar Henke, the Independent Commission has published 15 volumes of research on the BND. The latest release concerns (among other things) Hans Globke, a senior official in Germany’s Nazi-era Ministry of the Interior, who was eventually appointed to the Office for Jewish Affairs. From that post, Globke helped draft the legislation, known as the Nuremberg Race Laws of 1935. These laws gave legal sanctuary to the exclusion of Germany’s Jewish population from political, commercial and other social activity. The same laws were eventually used to confiscate assets belonging to Jewish German citizens.

After the war, Globke closely aligned himself with the British forces and became testified as a witness in the prosecution of senior Nazi war criminals. He rebuilt his political career, initially on the local level, and eventually as Chief of Staff to the Office of the Chancellor of West Germany. He also served as West Germany’s Secretary of State, promoting a pro-Atlanticist foreign policy that closely aligned Western Germany with the United States.

According to the latest release by the Independent Commission, Globke tasked the BND with infiltrating Eichmann’s trial, in order to limit the details exposed about the Nazi government during the trial proceedings. The primary goal of the operation, according to the new information, was to prevent even the mention of Globke’s name during Eichmann’s trial. If that was not achieved, the aim was to protect Globke’s reputation and shield the public from details about his Nazi past, especially relating to the Holocaust.

When asked about the revelation, a spokesperson for the BND refused to comment on it, saying only that “the draft results of the independent historical commission speak for themselves”. A spokesperson for the German federal government appeared to reject a call to withdraw a number of civilian medals and other honors that Globke was bestowed prior to his death. According to the spokesperson, German law does not have provisions for “posthumous withdrawal” of awards.

Author: Joseph Fitsanakis | Date: 16 May 2022 | Permalink

Mystery blasts, fires, prompt rumors of sabotage campaign inside Russia (updated)

Kremlin, RussiaA SERIES OF LARGE-scale incidents of destruction, which have been occurring across Russia in recent days, are prompting speculation that the county may be experiencing a wave of attacks against its strategic infrastructure. The incidents include enormous fires at power plants, munition depots and state-owned storage facilities. The collapse of at least one railway bridge has also been reported. There are additional reports of massive wildfires raging across Siberia, which are imposing heavy demands on Russia’s emergency response infrastructure.

On April 21, a massive blaze engulfed the Central Research Institute for Air and Space Defense of the Russian Defense Ministry in Tver, a city located around 120 miles northwest of Moscow. According to Associated Press, which reported the news about the fire, the institute “was involved in the development of some of the state-of-the-art Russian weapons systems, reportedly including the Iskander missile”. By next morning, at least 17 people were believed to have died as a result of the fire.

Late last week, the Sakhalinskaya GRES-2 power station, a vast 120-megawatt coal-fired power plant in Russia’s far-eastern Sakhalin province, went up in flames, giving rise to persistent rumors of sabotage. On May 1, Russian state-owned news agencies reported that a railway bridge in the western province of Kursk, 70 miles from the Ukrainian border, had been destroyed. Analysts at the Washington-based Atlantic Council think tank claimed that the bridge had been used extensively by the Russian military to transport equipment to eastern Ukraine. Later on the same day, a cluster of fuel-oil tanks in Mytishchi, a mid-size city located northeast of Moscow, were completely destroyed by a fast-spreading fire.

On May 2, a munitions factory in Perm, a major urban center in western Siberia, was hit by a “powerful” explosion. Ukrainian government officials hinted at sabotage in social media posts, though no proof has been provided, and the Kremlin has not commented on the matter. On the following day, the Prosveshchenie publishing house warehouse in Bogorodskoye, northeast of Moscow, was destroyed by a massive fire. The warehouse belongs to Russia’s state-owned publisher of school textbooks. The fire occurred almost simultaneously as another fire engulfed a polyethylene waste storage facility in the central Siberian city of Krasnoyarsk.

Meanwhile, the sprawling forests that surround Krasnoyarsk and other Siberian urban centers are experiencing seasonal wildfires of near-unprecedented scale. Some early reports claimed that the Russian government was finding it difficult to contain these fires, because the country’s emergency response personnel has been sent to the frontlines of the war in Ukraine. But these reports were denied by Russia’s Ministry of Emergency Situations, which claimed earlier this week that the fires were mostly under control.

Author: Joseph Fitsanakis | Updated: 09 May 2022 | Research credit: M.R. | Permalink

Newly discovered cyber-espionage group spies for money using state-actor methods

Computer hackingA NEWLY DISCOVERED CYBER-espionage group appears to target the senior leadership of private corporations involved in large-scale financial transactions, but employs skills and methods that are usually associated with state-sponsored threat actors. The group has been termed “UNC3524” by the American cybersecurity firm Mandiant, which says it discovered it in December of 2019. In a detailed blog post published earlier this week, a team of cyber-security researchers at Mandiant say they have been studying the group for over two years, and have been surprised by their findings.

Given its targets, as well as the information it goes after, there is little doubt that UNC3524 is interested in financial gain. However, its operational profile differs markedly from those of other financially oriented hacker groups, according to Mandiant. Its sophisticated approach to espionage demonstrates aspects that are typically associated with government-sponsored intelligence operations. Notably, UNC3524 operatives take their time to get to know their targets, and are not in a hurry to exploit the online environments they penetrate. Mandiant reported that UNC3524 attacks can take up to 18 months to conclude. In contrast, the average financially-motivated cyber-espionage attack rarely lasts longer than three weeks.

Additionally, UNC3524 operatives make a point of maintaining an extremely stealthy and low-key online profile, and have even developed a series of novel exploitation techniques, which Mandiant has termed “QuietExit”. The latter appear to focus on exploiting Internet of Things (IoT) devices that are typically found in corporate settings, but are not protected by traditional anti-virus systems. Once they penetrate the digital environment of their target, UNC3524 operatives meticulously build sophisticated back-doors into the system, and are known to return sometimes within hours after they are detected and repelled.

Interestingly, UNC3524 operatives do not waste time on low-level employees of targeted corporations. Once inside, they go straight for executive-level targets, including those in corporate strategy and development, mergers and acquisitions, and even information security. Mandiant says a few other actors, notably Russian-linked groups like Cozy Bear, Fancy Bear, APT28 or APT29, are also known to operate with such high-level targets in mind. However, there is little other operational overlap between them and UNC3524, the blog post claims.

Author: Joseph Fitsanakis | Date: 04 May 2022 | Permalink

Russia targeted by unprecedented wave of cyber-attacks, experts say

Computer hackers AnonymousRUSSIAN STATE COMPANIES, BUSINESSES and individuals are being targeted in an unprecedented wave of attacks by digital assailants, according to observers, who say they are surprised by its ferocity. Since February of this year, hackers have accessed the personal financial data of pro-Kremlin oligarchs, stolen millions of internal emails stored on Russian government severs, and defaced high-profile websites across the nation. The Washington Post, which summarized the wave of attacks last Sunday, said they are being waged by hacker collectives, as well as common criminals. The paper claimed that the assailants are not connected to foreign governments.

According to observers, Russia currently tops the global list of targeted attacks by hackers for the first time since records began. Major targets include Russia’s media regulator, the Federal Service for Supervision of Communications, Information Technology and Mass Media, which anti-government activists blame for implementing Soviet-style censorship. Hackers have also attacked Russia’s state-owned broadcaster, known as VGTRK, as well the Russian intelligence and defense establishments. Tens of thousands of emails exchanged by senior VGTRK officials since 2013 were recently stolen and leaked in a massive data dump. Additionally, lengthy lists containing the names of alleged Russian intelligence officers, as well as of soldiers, have been leaked online by unknown hackers.

The attacks are led by political hacker collectives, including Network Battalion 65 (NB65), which announced its existence on Twitter just hours after Russian troops began to march toward Kyiv. The group is believed to have links to the international hacktivist collective Anonymous, and claims to have no ties to governments. Another hacker collective that is behind the attacks on Russia is a group calling itself AgainstTheWest. Despite its name, it is led by a group of pro-Western, “English-speaking hackers […] with intelligence backgrounds”, according to The Post. Attacks are also being perpetrated by smaller groups of hackers, some of them based in Ukraine, and by criminal groups, whose members are motivated by profit and are attacking Russian state targets at a time when the Kremlin appears vulnerable.

According to the paper, the Ukrainian government is not directly involved in these cyber-attacks. However, it has repeatedly endorsed attacks by hackers aimed at weakening the Russian state. Back in February, Ukraine’s Deputy Prime Minister and Digital Transformation Minister issued an open call for the formation of a “volunteer cyber army” to fight for Ukraine. As intelNews reported at the time, the Ukrainian government claimed that nearly 200,000 people had shown interest in joining the initiative. However, little has been mentioned since. The government of Ukraine maintains an “IT Army” channel on Telegram, where it frequently suggests Russian targets that pro-Ukrainian hackers should attack. However, any evidence of links between it and the wave of cyber-attacks that Russia has been experiencing remains speculative.

Author: Ian Allen | Date: 03 May 2022 | Permalink

Mossad allegedly uncovered Iranian plot to kill Israeli, American officials abroad

Israeli consulate Istanbul TurkeyISRAEL’S MOSSAD INTELLIGENCE AGENCY allegedly foiled a plot by Iranian intelligence to send assassins abroad and kill an Israeli diplomat, an American military official and a French reporter, according to reports. The information about the alleged plot first surfaced late last week in the Iran International News Channel, a British-based Iranian news agency, which is opposed to the government in Tehran. The news agency claimed that the plot had been organized by the Quds Force, the paramilitary wing of the Islamic Revolutionary Guards Corps.

Shortly after news of the alleged plot emerged, Israeli media reported the existence of a video of an Iranian man who identifies himself as Mansour Rasouli (or Rassouli). In the video, the man claims to be a member of Unit 840, the part of the Quds Force that plans and executes operations overseas. He also claims that he was paid $150,000 to plan the assassination of an Israeli consular official in Istanbul, Turkey, as well as an American military general stationed in Turkey. A third target for assassination was a Jewish French journalist. The names of the alleged targets are not known. He adds that he had planned to carry out the assassinations with the use of networks of drug smugglers.

Rasouli then claims that the Quds Force had promised to pay him an additional $1 million following the successful conclusion of the assassinations. Toward the end of his statement, Rasouli says he had made an “error of judgment” in agreeing to participate in the operation, and promises to refrain from targeting individuals for assassination in the future. According to Iran International, Rasouli’s interview was filmed by officers of the Mossad in Turkey, where he was allegedly captured before he was able to execute the first of the planned assassinations. However, Israeli media later claimed that the Mossad officers filmed the interview in Iran, during a covert operation that resulted in the capture and interrogation of Rasouli.

IntelNews readers will recall that, in October of last year, Israel accused Iran of being behind a plot to kill Israeli citizens in Cyprus. The accusation came after the arrest of an Azeri national, who was reportedly found carrying a gun fitted with a silencer in the Cypriot capital Nicosia. A year earlier, it was reported that American intelligence agencies had uncovered an Iranian plot to kill the United States’ ambassador to South Africa, in an effort to avenge the assassination of General Qassem Soleimani by the United States in January of 2020.

Author: Joseph Fitsanakis | Date: 02 May 2022 | Permalink

South Korea busts alleged North Korean spy ring, handler remains at large

North and South KoreaSOUTH KOREAN AUTHORITIES HAVE busted an alleed spy ring run by a North Korean handler, who remains at large. Two men have been arrested so far in connection with the ring. One of them, identified only as “Lee”, is reportedly the chief executive of a South Korean cryptocurrency exchange. The other man, a Republic of Korea Army officer, is identified as “Captain B.” in court documents.

Lee was arrested on April 2, while Captain B. was arrested on April 15. They are facing charges of violating South Korea’s 1948 National Security Act. Prosecutors alleged that the two men divulged to their North Korean handler the log-in credentials to the online command-and-control portal of the Republic of Korea Armed Forces. The men are accused of having received substantial financial compensation in return for their services.

According to the prosecution, Lee was approached in July 2021 by a North Korean intelligence officer, who recruited him to work for North Korean intelligence. In August of the same year, Lee approached Captain B., and recruited as a subcontractor, with the promise of substantial financial compensation in the form of bitcoin. Captain B. then began giving military secrets to Lee, who passed them on to the North Koreans.

Eventually, Lee’s handler allegedly provided him with a miniature camera hidden inside an electronic watch. Lee gave this spy device to Captain B., along with a hacking device hidden inside a flash drive, which is commonly known as a “poison tap”. This device gave the North Korean handler access to the laptop used by the men to access the South Korean military’s command-and-control portal. The two alleged spies were compensated with nearly $600,000 in bitcoin for their services.

South Korean authorities claim that the North Korean handler of the spy ring, as well as a man who worked as a courier between the handler and the two agents, remain at large. Public court documents do not specify the kind of information that was allegedly accessed by the North Koreans as a result of this breach.

Author: Ian Allen | Date: 29 April 2022 | Permalink

Russia orders 175,000 diplomatic passports, prompting speculation about their use

Russian foreign affairs ministryTHE RUSSIAN FEDERATION HAS reportedly ordered 175,000 new diplomatic passports to be printed, prompting speculation about their possible use at a time when Western sanctions are affecting Russia’s governing elite. Diplomatic passports are travel documents that are issued to accredited diplomats and government officials, such as foreign ministry envoys and others. Pursuant to the Vienna Convention of Diplomatic Relations, holders of diplomatic passports enjoy diplomatic immunity and are typically subjected to very limited inspections by security personnel when crossing international borders.

On Wednesday, SOTA Vision, a Russian alternative news website and social media network, claimed in a report that the Ministry of Foreign Affairs of the Russian Federation had ordered nearly 175,000 diplomatic passports to be printed, at the cost of over 300 million rubles ($4 million). The report, which was translated into English by the British newspaper The Daily Mail, questioned the need for so many diplomatic passports to be printed. It noted that the Ministry of Foreign Affairs employs no more than 15,000 people, of whom only about a third spend any time abroad, and thus require diplomatic passports.

So what is the reason for the use of so many diplomatic passports? According to SOTA Vision, these may be used by members of the Russian governing and economic elite, as well as their families, to evade Western sanctions on international travel and to avoid arrest when traveling abroad. Since Russia’s invasion of Ukraine in February of this year, Russia has been subjected to the harshest sanctions by Western countries since the end of the Cold War. Additionally, employees of Russian intelligence agencies may use several thousands of these diplomatic passports for their employees to operate abroad under what is known as “official cover”. Such agencies include the Foreign Intelligence Service (SVR), the Federal Security Service (FSB) and the Federal Protective Service (FSO), SOTA Vision noted.

Author: Joseph Fitsanakis | Date: 28 April 2022 | Permalink

Australian spies helped expose secret pact between China and Solomon Islands

Honiara Solomon IslandsAUSTRALIAN INTELLIGENCE HAD A role in the mysterious disclosure of a secret memorandum about a controversial defense pact between China and the Solomon Islands, which is causing consternation in the West. Western leaders claim that the pact will turn the tiny Melanesian nation into a logistical hub for Chinese warships in a strategic region of the Pacific Ocean. The pact also stipulates a training role for Chinese police and military personnel, who are called to “assist […] in maintaining social order” in the island nation.

The Solomon Islands is an archipelago consisting of nearly 1,000 islands of various sizes in an area northwest of Vanuatu and east of Papua New Guinea. It gained its independence from Britain in the mid-1970s. Australia has historically provided security for this island nation of 700,000 inhabitants, which has no standing military. However, China has become a dominant player in Solomon Islands politics in recent years. In 2019, the government of the island nation abruptly withdrew its diplomatic recognition of Taiwan and aligned itself with Beijing.

The move sparked concerns in Malaita, the Solomons’ largest island, which is home to a sizeable Chinese community. There were demonstrations against Prime Minister Manasseh Sogavare in the capital of the Solomon Islands, Honiara (pictured). Eventually, the demonstrators attempted to storm the Parliament and depose Sogavare’s administration by force. There were also attacks on Chinese-owned businesses in the capital, as well as on a number of police stations, which were set on fire. Eventually, Australian, New Zealander, Papuan and Fijian troops restored order in downtown Honiara.

In late March, the text of a defense pact between the Solomon Islands and China appeared online. The pact centers on law enforcement and military cooperation, involving training programs and joint exercises between the two nations. Some Western nations, including New Zealand, Australia and the United States, are concerned about the possibility that China could use the agreement to build a military base in the Solomon Islands. The island nation is strategically located near Australia and New Zealand, as well as near the island of Guam, which hosts a large American military base.

On Sunday, several Australian newspapers, including The Sydney Morning Herald and The Age reported that intelligence agencies in Australia were aware of plans by the governments of China and the Solomon Islands to sign the pact. According to “[m]ultiple government and security sources”, Australian spies had known about the pact “for months”. In March, they decided to “encourage a leak from within the Solomons” in an effort to sabotage the planned deal. According to reports, the hope was that the revelation would “build domestic and international pressure to get the Solomons to change course”.

It appears, however, that the leak of the secret document was not sufficient to dissuade the government of the Solomon Islands to back away from the agreement. Solomons Prime Minister Manasseh Sogavare eventually signed the agreement with China, arguing that it would “improve the quality of lives” of his people and would “address soft and hard security threats facing the country”.

Author: Joseph Fitsanakis | Date: 25 April 2022 | Permalink

British government phones were hacked with Pegasus spy software, group claims

NSO GroupTELEPHONE SYSTEMS BELONGING TO the British government were compromised by the Pegasus surveillance software, according to a Canadian research group. The allegation was made on Monday in an investigative report by The New Yorker, which focuses on NSO Group Technologies, an Israeli digital surveillance company based near Tel Aviv. The company is behind the development of Pegasus, which is arguably the most powerful telecommunications surveillance software available in the private sector.

As intelNews and others have previously reported, Pegasus is able to install itself on targeted telephones without requiring their users to click a link or download an application. Upon installation, the software provides the spying party with near-complete control of a targeted telephone. This includes the ability to browse through the device’s contents, such as photographs and videos, record conversations, as well as activate the telephone’s built-in microphone and camera at any time, without its user’s consent or knowledge.

According to The New Yorker, the information about the use of Pegasus software against British government telephone networks was disclosed by the Citizen Lab, a research unit of the University of Toronto’s Munk School of Global Affairs and Public Policy, which focuses on information technology, international security and human rights. The research unit said it notified the British government in 2020 and 2021 that a number of its telephone networks had been infected with the Pegasus software. The compromised networks were allegedly being used by officials in the Foreign and Commonwealth Office, as well as in 10 Downing Street, which houses the office of the prime minister.

The article claims that the compromise originated from users in the United Arab Emirates, as well as users in India, Cyprus and Jordan. This does not necessarily mean that malicious actors from these countries penetrated the British government’s telephone systems. These could be spies of third countries operating abroad; alternatively, there could be a link to unsuspecting British diplomats, whose government-issue cell phones were compromised by Pegasus in foreign countries. The Citizen Lab said it could not be sure about what kind of data may have been compromised as a result of the penetration.

NSO Group Technologies was among two Israeli firms that the US Department of Commerce placed on a sanctions list in November of 2021. According to a statement issued by the US government, the two firms engaged “in activities that [were] contrary to the national security or foreign policy interests of the United States”.

Author: Joseph Fitsanakis | Date: 19 April 2022 | Permalink

%d bloggers like this: